In the interest of security, Symantec employs Secure FTP servers for file uploads. This is to provide evidence for support personnel to review in determining the cause of an issue.
Starting with Advanced Threat Protection (ATP) version 2.2.0, the gather_evidence command will allow the uploading of logs using the credentials provided by technical support.
To Upload Log Evidence:
Log in as the 'admin' user to the ATP or SEDR where the logs are located that need to be uploaded, be it for a scanner, manager, or all-in-one appliance.
Run the command gather_evidence while providing the following parameters:
Required parameters:
-u | --username={ mft_user } (password will be prompted)
-c | --case-number={ mft_case_number }
Optional parameters:
--proxy-tunnel (used for HTTP tunnels)
--proxy-uri={ftp_proxy_uri:ftp_proxy_port}
--proxy-user={ ftp_proxy_user } (password will be prompted)
--connect-timeout={timeout-in-seconds}
-v | --verbose
Examples:
gather_evidence -u [email protected] -c 10542214 -v
gather_evidence -u [email protected] -c 10542214 -v --proxy-tunnel --proxy-uri='10.147.22.213:3128'
gather_evidence -u [email protected] -c 10542214 -v --proxy-tunnel --proxy-uri='10.147.22.213:3129' --proxy-user='user'
The mft_user and mft_case_number values are provided in an email from [email protected] Please note that these values are case sensitive.
It is not recommended to copy/paste directly from this document, as the hyphen ( - ) character is often mistranslated when pasting into an SSH session.