search cancel

Logs collection for cases where sisamddaemon CPU usage is high

book

Article ID: 240455

calendar_today

Updated On:

Products

Endpoint Security Endpoint Protection Data Center Security Server

Issue/Introduction

Logs collection for cases where sisamddaemon CPU usage is high

Environment

Symantec Endpoint Protection - Symantec Linux Agent (SEP Linux)

Data Center Security Server (DCS)

Resolution

For this additional profile log needs to be enabled and collected from affected machine. Please note down the time of high CPU usage and capture corresponding AMD trace logs along with profile log file and cafagent debug logs. From root command line:

 

Enabling profile logging:

su - sisips -c "/opt/Symantec/sdcssagent/IPS/sisipsconfig.sh -approfile 10"

This will generate debug logging to /var/log/sdcsslog/amdlog/profile.log

 

Enabling AMD trace logging:

service sisamdagent stop

Then edit: /opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini, and set:

amdmanagement.antimalware.trace.level=trace
service sisamdagent start

 

Enabling cafagent debug logging:

service cafagent stop

Then edit: /opt/Symantec/cafagent/bin/cafservicemain.properties, and set:

logging.loggers.root.level = debug
service cafagent start

Additional Information

For command line options available to the sisipsconfig tool please see: Command line options for the sisipsconfig tool