Enabling Tomcat server debugging for the Endpoint Protection Manager

book

Article ID: 161894

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

The Symantec Endpoint Protectoin Manager (SEPM) tomcat server only writes SEVERE events to its log files by default. Errors contained in these logs are often missing the context necessary to determine why they are occurring. Lower severity errors may not be written to the Tomcat logs at the default log level.

Use these steps to enable detailed debug logging for the SEPM tomcat server. This is useful with troubleshooting SEPM errors or crashes, or for tracing functionality issues with the tomcat server.

Resolution

The SEPM tomcat server logs are stored in the C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs folder by default. Events from individual tasks are written to logs named after their owning task (for example, the main SEPM task is called scm-server. Events related to this task are written to the scm-server-0.log and scm-server-1.log by default). The default maximum size for all SEPM tomcat logs is 10 million bytes (about 9.5 MB). The SEPM tomcat server keeps a maximum of two copies of each log by default (the active log, and 1 backup copy). When the current active log reaches 10 million bytes, the tomcat server deletes the backup log (if it exists), and creates a new active log.

You can increase the granularity of the events written to the Tomcat logs as well as overwrite the default size and number of logs when the default settings do not provide enough information.
 

    1. In a text editor, open the following file:

      C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\etc\conf.properties
       
    2. Change the following line:

      scm.log.loglevel=WARNING

      to:

      scm.log.loglevel=FINEST

  1. Save the changes to conf.properties.
  2. Restart the Symantec Endpoint Protection Manager service.
  3. Detailed log files will now be saved in the folder: C:\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\tomcat\logs.

Note: To enable additional debug output for reports, notifications or proxy authentication see the Additional conf.properties log settings section below.
 


Additional conf.properties log settings

 

These additional lines can be added to the conf.properties when you need to debug specific components in the product that do not normally generate log data, or need to increase the number and size of the log files generated for debugging components that generate a significant amount of log data (for example, replication and content publishing issues).

 

line

Purpose/Description

scm.log.logcount=10

By default two log files of each type are kept; the current ending -0.log, and the previous ending -1.log. The scm.log.logcount setting can increase the number of previous logs kept. This is useful when the issue you're trying to debug generates significant amounts of log data.

scm.log.logsize=100000000

The default size limit for all SEPM Tomcat logs is 10 million bytes (9.5 MB), after which it moves the current log to *-1.log and begins a new empty *-0.log file. The scm.log.logsize setting can increase the size of each log file. It is specified in bytes, ie. 100000000 increases the maximum size of each log to 100 MB.

scm.log.troubleshoot=<log folder>;<log folder>...

Configures the SEPM to archive copies of all client .dat files in the folders specified. Used to troubleshoot client log and Operational State (OpState) forwarding or processing problems.

Add a semicolon-separated list of the folders you want to archive. The SEPM can archive .dat files from all of the following folders:

/inbox/agentinfo
/inbox/enflog/client
/inbox/enflog/enforcer
/inbox/enflog/system
/inbox/enflog/traffic
/inbox/enforcerinfo
/inbox/learnedapp/apps
/inbox/learnedapp/computerapp
/inbox/log/behavior
/inbox/log/client
/inbox/log/lansensor
/inbox/log/packets
/inbox/log/security
/inbox/log/system
/inbox/log/tex/AVMan
/inbox/log/tex/CAVMan
/inbox/log/tex/GUProxy
/inbox/log/tex/legacy
/inbox/log/tex/LUMan
/inbox/log/traffic

scm.sr.troubleshoot=1

Used for troubleshooting scheduled reports - a copy of any scheduled reports that run will be saved in the tomcat\temp folder in .mht format.

scm.mail.troubleshoot=1

This setting will cause additional email debug output to be saved to the "tomcat/logs/stdout-0.log" log file.

scm.proxy.debug=1

Enable additional debug output related to proxy authentications.

scm.content.localtroubleshooting=1

(12.1 RU5+) Enable additional debug output related to definition delta creation.