You want to know how to use the Symantec Enterprise Security Module (ESM) command, "modinput."
"Modinput" is an ESM command that manually creates the module input file (.mif) that an ESM Manager sends to an ESM agent or CCS Agent. This input file specifies the checks and templates enabled for a specific module in a specific policy. The input file that is created is then used to create a module output file that shows the various activities of the module as it does it's work on the agent system. The information in this output file can be used to diagnose various issues that might be occurring with a module on a particular agent.
NOTE: Modinput is only good for diagnosing Message Based data collection problems on the agent itself. It is not used for Raw Based data collection.
Many modules have templates that are used to perform checks. If the module that you are going to be calling with the modinput command uses a template(s) in one of the active checks, then the template files will need to be copied over to the ESM agent prior to running the modinput command. In the ESM console examine the policy and the module that is to be used with the modinput command. Determine which template files are enabled for that module and take note of their exact names
The template files are located in the ESM manager's /esm/template folder (UNIX) OR in the
From the ESM manager, copy the needed templates over to the ESM agent's /esm/bin/<os_type>
NOTE: On ESM versions 6.5.3 SP2 and earlier Windows agents the path is:
Running the modinput command: