Configuring Endpoint Protection Communication Module Logging in 14.2

book

Article ID: 171445

calendar_today

Updated On:

Products

Endpoint Protection

Issue/Introduction

This article describes steps for configuring the Communication Module logging in Symantec Endpoint Protection (SEP) 14.2. This logging is used to troubleshoot communication issues between the SEP client and the Symantec Endpoint Protection Manager (SEPM). Communication module logging replaces Sylink logging.

Environment

SEP 14.2 and later.

Resolution

This article is for SEP on Windows. See otherwise How to enable SymDaemon debug logging for SEP for Mac and Overview of log and configuration files in SEP for Linux (sylink debugging).

Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.

Note: Tamper protection must be disabled before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection

To configure Communication Module logging:

1. To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.

Alternately, click Start > Run, enter regedit, and then click OK.

2. Navigate to the following registry subkey

HKLM\SOFTWARE\WOW6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

3. Find or create the CVELogLevel (REG_DWORD) value and edit it to set the desired logging level. Supported values are:

  • 1 = Debug
  • 2 = Info
  • 3 = Warn
  • 4 = Error
  • 5 = Fatal

Note: When troubleshooting communication issues, a value of 1 is strongly recommended to ensure that all pertinent data is collected. If this value is not present or is configured to use an invalid value, the product will default to a logging level of 4.

4. To adjust the maximum size of the logs, locate or create the CVELogSizeMB (REG_DWORD) value and edit it to set the maximum size of the logs in MB. The default size is 250 MB. When size is reached, log file name is appended with _yyyymmdd_hhmmss and new logging is started, so nothing is lost due to the limit.

A service restart is not required for the new settings to take effect.

Note: For Mac specific instructions please see TECH132983

Log and Data Location:

1. Communication logging will be found under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\Logs in the following two files:

  • cve.log
  • cve-actions.log

2. Additionally, opstate data will be written in the following files under C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data\

  • Registrationinfo.xml
  • Registration.xml
  • State.xml