Procedure to configure logging parameters in Symantec Protection Engine environment to capture Stargate, CSAPI and SPE required for troubleshooting of any issue.
1. Stop SPE service.
2. Enable SPE detail logging by Modifying configuration.xml from the SPE installation directory, turn ON the local logs to details <LogLocal logfilestokeep="0" loglevel="5"/>
3. Enable CSAPI detail logging by following steps mentioned in article
If For Windows:
4. Enable Stargate detail level logging by following the below steps on windows
4.1. Extract attached Symantec_Protection_Engine_Tools_X.X.X.XX_IN.zip
4.2 Browse and locate inside extracted files SPE_Tools\Tools\Log_Config\Stargate\Win64 make note of file full path.
4.3. Run TraceView.exe. Traceview is part of Windows Driver Kit (WDK). It can be obtained from http://www.microsoft.com/en-au/download/details.aspx?id=11800.
4.4. Configure "traceview" to capture stargate logs.
a. Click "File" ->> "Create New Log Session"
b. Click "Add Provider"
c. Select "CTL (Control GUID) File
d. Browse to the location of SPE_Tools\Tools\Log_Config\Stargate\Win64 and choose all *.ctl files then click "Open"
e. Choose "Select TMF Files" then click "OK"
f. Click "Add" and choose all *.tmf files then click "Open"
g. Click "Done"
i. Click "Next" to configure the "Log SessionOptions", choose "Real Time Display" and "Log Trace Event Data to File", Change Log File Name to a location with plenty of drive space.
j. Click "Finish"
If For Linux:
4. Enable Stargate detail level logging by following the below steps on Linux
a. In addition to steps mentioned in Point (3) add below parameter to symcscan.sh file
5. Start the Symantec Protection engine service and replicate the problem.
6. Provide copies of session1.etl (or filename from step i), CSAPI Debug log (csapi*.log) defined in step 3, and a copy of the SPE logs from the day of testing from /log inside the SPE installation folder
There will be plenty of traceview logs generated during the session, However the default setting of traceview limits the capture to 65K lines, so there are likely chances we may miss out on actually required logs.
To avoid this configure please follow steps @ https://docs.microsoft.com/en-us/windows-hardware/drivers/devtest/log-session-parameter-options under section "Virtual File Size"