Endpoint Detection and Response (EDR)

 View Only
  • 1.  EDR log collector configuration failed

    Posted Oct 17, 2019 04:36 AM

    Hi Team,

    We are using Symantec EDR 4.2.1-8 version. We have configured Log collector in three SEPM sites succesffully.

    But when we configure log collector in fourth site we are facing configuration issue. 

    We have followed all the articles in the Symantec support but still no luck.

    Below is the error.

    2019-10-15 16:00:28,202 INFO main (LogColConfigUtilities.java:getHostIPv4Address:197) function getHostIPv4Address 
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Software Loopback Interface 1
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 127.0.0.1
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 0:0:0:0:0:0:0:1
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (L2TP)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (SSTP)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IKEv2)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (PPTP)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (PPPOE)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft Kernel Debug Network Adapter
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface RAS Async Adapter
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 172.29.254.50
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:947a:a78:6c3:e848%eth5
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft ISATAP Adapter #2
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:0:5efe:a9fe:e848%net4
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft ISATAP Adapter #3
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:0:5efe:ac1d:fe32%net5
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,280 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)-QoS Packet Scheduler-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)-QoS Packet Scheduler-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-QoS Packet Scheduler-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-QoS Packet Scheduler-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-WFP 802.3 MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-WFP 802.3 MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:28,296 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
    2019-10-15 16:00:28,296 WARN main (LogColConfigUtilities.java:retrieveSANFromCertStore:544) Exception in retrieveSANFromCertStore: C:\Program Files (x86)\Symantec\Log Collector\WEB-INF\classes\mssdbconnector.p12 (The system cannot find the file specified)
    2019-10-15 16:00:59,801 INFO main (LogColConfigUtilities.java:getHostIPv4Address:197) function getHostIPv4Address 
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Software Loopback Interface 1
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 127.0.0.1
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 0:0:0:0:0:0:0:1
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (L2TP)
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (SSTP)
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IKEv2)
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (PPTP)
    2019-10-15 16:00:59,863 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (PPPOE)
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft Kernel Debug Network Adapter
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface RAS Async Adapter
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: 172.29.254.50
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:947a:a78:6c3:e848%eth5
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft ISATAP Adapter #2
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:0:5efe:a9fe:e848%net4
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Microsoft ISATAP Adapter #3
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:208) net address: fe80:0:0:0:0:5efe:ac1d:fe32%net5
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IP)-QoS Packet Scheduler-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (IPv6)-QoS Packet Scheduler-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-QoS Packet Scheduler-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-QoS Packet Scheduler-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #39-WFP 802.3 MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface Broadcom BCM5708C NetXtreme II GigE (NDIS VBD Client) #40-WFP 802.3 MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)-WFP Native MAC Layer LightWeight Filter-0000
    2019-10-15 16:00:59,879 INFO main (LogColConfigUtilities.java:getHostIPv4Address:205) net interface WAN Miniport (Network Monitor)-QoS Packet Scheduler-0000
    2019-10-15 16:00:59,879 WARN main (LogColConfigUtilities.java:retrieveSANFromCertStore:544) Exception in retrieveSANFromCertStore: C:\Program Files (x86)\Symantec\Log Collector\WEB-INF\classes\mssdbconnector.p12 (The system cannot find the file specified)
    2019-10-15 16:01:41,984 INFO AWT-EventQueue-0 (LogColConfigApp.java:actionPerformed:509) All input fields have been verified, now performing clean up
    2019-10-15 16:01:42,000 INFO SwingWorker-pool-3-thread-1 (LogColConfigApp.java:resetService:316) Try to stop log collector service and uninstall it just in case it exists and running.
    2019-10-15 16:01:42,000 INFO SwingWorker-pool-3-thread-1 (LogColConfigApp.java:resetService:317) Ignore the not found warnings for fresh installation below:
    2019-10-15 16:01:42,000 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:357) function ExecuteCmd
    2019-10-15 16:01:42,031 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:376) executed C:\Program Files (x86)\Symantec\Log Collector\commons-daemon\prunsrv.exe //SS/mssdbconnector
    2019-10-15 16:01:42,031 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:377)  returned error: 
    [2019-10-15 16:01:42] [error] [ 4064] Load configuration failed
    [2019-10-15 16:01:42] [error] [ 4064] The system cannot find the file specified.
    [2019-10-15 16:01:42] [error] [ 4064] Commons Daemon procrun failed with exit value: 2 (Failed to load configuration)
    [2019-10-15 16:01:42] [error] [ 4064] The system cannot find the file specified.

    2019-10-15 16:01:42,031 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:386) Execute command with error exit code: 2 C:\Program Files (x86)\Symantec\Log Collector\commons-daemon\prunsrv.exe
    2019-10-15 16:01:42,031 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:357) function ExecuteCmd
    2019-10-15 16:01:42,500 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:376) executed C:\Program Files (x86)\Symantec\Log Collector\commons-daemon\prunsrv.exe //DS/mssdbconnector
    2019-10-15 16:01:42,500 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:377)  returned error: 

    Unable to delete 'mssdbconnector' serviceThe specified service does not exist as an installed service.

    Failed to delete service

    2019-10-15 16:01:42,500 WARN SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ExecuteCmd:386) Execute command with error exit code: 9 C:\Program Files (x86)\Symantec\Log Collector\commons-daemon\prunsrv.exe
    2019-10-15 16:01:45,500 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:cleanupOldConfigFiles:618) deleting C:\Program Files (x86)\Symantec\Log Collector\WEB-INF\classes\mssdbconnector.p12
    2019-10-15 16:01:47,000 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ConstructLogColSrvCertificateCmdWithIP:267) function ConstructLogColSrvCertificateCmdWithIP installDir=C:\Program Files (x86)\Symantec\Log Collector
    2019-10-15 16:01:47,000 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:CreateBatchAndExecute:307) function CreateBatchAndExecute
    2019-10-15 16:01:55,275 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:CreateBatchAndExecute:341) Execute command succeed 
    2019-10-15 16:01:56,791 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:ConstructLogColSrvInstallCmd:241) function ConstructLogColSrvInstallCmd installDir=C:\Program Files (x86)\Symantec\Log Collector
    2019-10-15 16:01:56,791 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:CreateBatchAndExecute:307) function CreateBatchAndExecute
    2019-10-15 16:01:57,182 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:CreateBatchAndExecute:341) Execute command succeed 
    2019-10-15 16:01:58,682 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:createSGSUserDBKey:228) SGS keystore file or user database file missing, cleanup both files and start fresh
    2019-10-15 16:01:58,682 INFO SwingWorker-pool-3-thread-1 (LogColConfigUtilities.java:createSGSUserDBKey:231) Created new SGS keystore file
    2019-10-15 16:01:58,744 ERROR SwingWorker-pool-3-thread-1 (LogColConfigApp.java:doInBackground:411) Exception in doInBackground: null
     



  • 2.  RE: EDR log collector configuration failed

    Broadcom Employee
    Posted Dec 15, 2021 01:56 PM
    for reference for anyone who runs into this same issue this is a write permissions problem for log collector config. there's 2 things to check for this:
    • install directory is read-only
    • log collector config needs to run with elevated privileges
    if there is a log file present then it is likely not a read-only issue. However if log collector config is unable to create a log file you can diagnose this problem by checking if mssdbconnector.p12 is present in the install directory under /WEB-INF/classes/


  • 3.  RE: EDR log collector configuration failed

    Posted Dec 27, 2021 12:38 PM
    I facing the same problem
    I run administrator log collect Ultility then the proplem has been resolve