How to collect diagnostic information using the Endpoint Protection for Linux sadiag script
NOTE: This article is only for SEP for Linux versions 14.3 MP1 (build 14.3.1169) or older.
How to collect diagnostic information for the SEP Linux client
The SEP Linux installation includes a diagnostic script, to be run with administrative privileges:
sudo bash ./sadiag.sh (sudo bash ./sadiag.sh)*
# to collect additional debugging information for Java LiveUpdate issues. There will be a delay while LiveUpdate runs:
sudo bash ./sadiag.sh -j (sudo bash ./sadiag.sh -j)*
[[email protected] symantec_antivirus]$ cd /opt/Symantec/symantec_antivirus/ [[email protected] symantec_antivirus]$ sudo ./sadiag.sh [sudo] password for admin: sadiag.sh - Shell Antivirus DIAGnostic script v.0.066 - 2007-FEB-20 Please wait while your data is gathered... 11:05:33 Detecting operating system... 11:05:33 Detecting system resources... 11:05:33 Detecting network resources... 11:05:33 Detecting software environment... 11:05:34 Detecting Symantec shared resources... 11:05:41 Performing JavaLiveUpdate diagnostics... 11:05:41 Detecting Symantec security products... 11:05:47 Gathering bulk data... Collecting install logs for SAVFL... cp: cannot stat `/root/sav*.log': No such file or directory cp: cannot stat `/root/sav*.log.*': No such file or directory Collecting debug logs for SAVFL... Collecting liveupdate logs for SAVFL... Collecting configuration files for SAVFL... generate core file for smcd ./ ./sadiag.txt ./dmesg.txt ./bin/ ./bin/smcd_6491 ./logs/ ./logs/debug/ ./logs/debug/debug.log ./logs/debug/seclog.log ./logs/debug/syslog.log ./logs/debug/liveupdt.log ./logs/debug/04302015.log ./logs/debug/AVMan.log ./logs/debug/LUMan.log ./logs/install/ ./logs/install/sepfl-install.log ./logs/install/sepap-install.log.4929 ./logs/install/sepui-install.log ./logs/install/sep-install.log ./logs/install/sepjlu-install.log ./logs/install/sepap-install.log ./conf/ ./conf/liveupdate.conf ./conf/serdef.dat ./conf/VPREGDB.DAT ./conf/dec3.cfg ./conf/setup.ini ./conf/VPREGDB.BAK ./conf/registrationInfo.xml ./conf/symcfg.list ./conf/Symantec.conf ./conf/communicationData.xml ./conf/sylink.xml ./conf/sep.slf ./conf/commandStatus.xml ./conf/VPREGDB.SAV ./conf/setAid.ini Execution of sadiag is complete. Please send For_Symantec_wyvern.galaxy.test_2015-Apr-30_11_05_54.tar.bz2 to your technician.
A report file (
For_Symantec_hostname.domain_YYYY-Month-dd_HH_mm_ss.tar.bz2) is generated in the same directory where sadiag is run, and this report can be sent to Symantec as part of a support request.
You may receive "cannot stat" error messages for files that are not present (e.g. log filenames for previous versions of the Symantec product)---this is normal.
The "All running processes" listed in the sadiag.txt is rather limited; you can obtain a more detailed report by running the Linux ps command seperately. For example, to obtain a detailed list of all running processes by precentage CPU usage sorted in descending order:
sudo ps aux --sort=-pcpu
If sadiag fails to run or does not gather all of the desired files, see Overview of log and configuration files in Symantec Endpoint Protection for Linux to manually gather the log and configuration files that may be necessary for technical support.
Note: Symantec also provides a symdiag utility for gathering SEP for Linux troubleshooting data. For more information, see the related articles.
*sadiag is designed to be run under the bash shell; unexpected behavior may result with non-bash shells. See sadiag displays warning or fails to run.