SEP Linux Client Generates 0-Byte Log Files in /opt/Symantec/sdcssagent/AMD/sef/appdata/databases directories
search cancel

SEP Linux Client Generates 0-Byte Log Files in /opt/Symantec/sdcssagent/AMD/sef/appdata/databases directories

book

Article ID: 379702

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article addresses an issue with the SEP Linux client, where 0-byte .log files are generated in the following directories:

  • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/file_reputation/
  • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/scheduler/
  • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/EDR/

These empty log files can cause unnecessary clutter and potentially raise concerns during system checks.

Environment

SEP Linux 14.3

Cause

The 0-byte .log files are created when no data is written to the database, resulting in the log files remaining empty and not being deleted.

Resolution

Workaround:

To manually remove the 0-byte log files, follow these steps:

  1. Stop the SEP agent using the appropriate system command.

  2. Delete the following directories:

    • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/file_reputation/
    • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/scheduler/
    • /opt/Symantec/sdcssagent/AMD/sef/appdata/databases/EDR/
      • Note: Do not delete the /EDR/ directory if the endpoint has EDR (Endpoint Detection and Response) enabled.

  3. Restart the SEP agent to reinitialize the service.

Permanent Fix

This issue has been addressed in the SEP Linux Agent version 14.3 RU9. It is recommended to upgrade to this version for a permanent resolution.

Powered by Wolken Software