search cancel

Enabling Sylink logging for the Symantec Endpoint Protection client for Linux


Article ID: 161228


Updated On:


Endpoint Protection


You want to know how to log client-server Sylink communications on the Symantec Endpoint Protection (SEP) client for Linux.


Please be aware of the two path differences, noted below, depending on SEP version.

  1. Create a new text file named /etc/symantec/sep/
    NOTE: In SEP 12.1 this path is /etc/symantec/
  2. Open the file in a text editor and add the following lines:
    # NOTE: in SEP 12.1 change path above to /var/symantec/Logs/debug.log
    log4j.appender.A1.layout.ConversionPattern=%d{%Y-%m-%dT%H:%M:%S.%l%Z} %t %p %c{2.EN_US} %m%n
    log4j.rootCategory=DEBUG, A1
  3. Restart the smc daemon: sudo service smcd restart
  4. Sylink communications data is now written the log file path as configured in above.
    • Once enabled, entries in the debug.log should appear with the [DEBUG] designator.

Note: Debug logging is for troubleshooting purpose and is recommended to disable is after the log collection is completed.

In order to disable debug logging, simply rename or delete the file and restart the smc daemon.


See also How to collect diagnostic information for the Symantec Endpoint Protection Linux client after debug logging has run.

Attachments get_app