search cancel

Scheduled scan logs are not sent to Endpoint Protection Manager from Linux Endpoint Protection clients

book

Article ID: 256288

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

Scheduled scan logs are not sent to Symantec Endpoint Protection Manager (SEPM) from Linux Symantec Endpoint Protection (SEP) clients. These logs are visible on the client side AV logs.

cafagent.log will show PostingFailed events

[|] 2022-08-11 05:56:34 | cvehandler.CommunicationContext | Debug | 3894 : 140189186516736 : LogUploadStatusCB:211 | LogUploadStatus callback status= 0 Application log uploaded = 0
[|] 2022-08-11 05:56:34 | cvehandler.ClientLogProvider | Debug | 3894 : 140189186516736 : PostingFailed:108 | Log PostingFailed for id= 79070854-766c-4669-b3a5-a9ed4f3394c8
[|] 2022-08-11 05:56:34 | cvehandler.LogsPacker | Debug | 3894 : 140189186516736 : PostUpload:1190 | result of upload: 0
[|] 2022-08-11 05:56:34 | cvehandler.LogsPacker | Debug | 3894 : 140189186516736 : PostUpload:437 | SysLogPacker::PostUpload()
[|] 2022-08-11 05:56:34 | cvehandler.LogsPacker | Debug | 3894 : 140189186516736 : IsEnabled:313 | SysLogPacker::Init()
[|] 2022-08-11 05:56:34 | cvehandler.LogsPacker | Debug | 3894 : 140189186516736 : PostUpload:890 | ExtLogPacker::PostUpload()
[|] 2022-08-11 05:56:34 | cvehandler.CommunicationContext | Debug | 3894 : 140189186516736 : StatusCB:180 | Client Status connected:0  state:2 lastServer:   lastTime: 
[|] 2022-08-11 05:56:34 | cvehandler.ClientManager | Debug | 3894 : 140189186516736 : UpdateConnectionStatus:186 | Connection State with SEPM: 1, HB State :2
[|] 2022-08-11 05:56:34 | cvehandler.CommunicationContext | Debug | 3894 : 140189186516736 : StatusCB:194 | Updated connection status successfully
[|] 2022-08-11 05:56:34 | cvehandler.CommunicationContext | Debug | 3894 : 140189186516736 : StatusCB:180 | Client Status connected:0  state:1 lastServer: <sepmip> lastTime: 2022-08-11T05:56:34.855387Z
[|] 2022-08-11 05:56:34 | cvehandler.ClientManager | Debug | 3894 : 140189186516736 : UpdateConnectionStatus:186 | Connection State with SEPM: 1, HB State :1

Environment

SEP 14.3x Linux agent

Cause

Issue is observed if connectivity between SEPM and Agent is lost or not available while sending scan result data.
We have implemented retry logic with new code which will attempt to resend the scan result if it fails in the first attempt.

Resolution

The issue is fixed and will be available in the SEP for Linux 14.3 RU6 version.