Endpoint Protection

 View Only

How to capture SEP-SEPM communication logs with SylinkMonitor for MR3 onwards for troubleshooting communication issues 

May 06, 2009 07:19 PM

Problem: You do not see any communication logs in SylinkMonitor utility while troubleshooting communication issues.

Symtoms: You do not see any logs in SylinkMonitor after clicking on "update policy"

Solution: Since the release of SylinkMonitor utility, it has played a crucial role in helping users to capture the communication messages between SEP client and SEPM. But since the release of MR3 version, when you run the utility, you do not get any output.

Thats because you need to enable the debug logging manually in the SEP clients only then the traffic can be captured.

In order to achieve this perform the steps below:

1. Open registry
2. Locate the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_debuglog_on
3. Make the value of this key to 1 if its 0.
4. Close the registry. Close the SEP client if its opened.
5. Go to Start->Run and type "smc -stop"
6. Now you will notice that the shield icon in the system tray has disappeared
7. Go to Start->Run and type "smc -start"
8. The shield icon should re-appear in the system tray now.

Now, run the sylinkmonitor tool. Right click on the shield icon and click on update policy. You should be able to see the logs starting to flow real-time in the tool
Now you have the ability to stop the tool, and analyze the logs.

You can look for the keyword 'error' in the logs.

Please contact technical support if you need further assistance with troubleshooting.

Statistics
0 Favorited
0 Views
1 Files
0 Shares
0 Downloads
Attachment(s)
zip file
SylinkMonitor_6733.zip   112 KB   1 version
Uploaded - Feb 25, 2020

Tags and Keywords

Comments

May 12, 2009 06:21 AM

hi,
adding to Aniket's tips, we can look at the SMS messages in the log file, messages like 200 successfull connection, 400 bad request. You can narrow down the reason for failure.

these are http request status code available on MS site.
http://support.microsoft.com/kb/318380

Pete!
 

May 06, 2009 07:22 PM

Hi folks,

As you can tell, there are a number of Symantec employees, Technical Support Staff, and Trusted Advisors on the communty these days.  We're reviewing issues we see, and creating content/articles that can help solve many of the same re-occurring issues presented on the community.  If you have a suggestion for a technical article, written by one of our own internal subject matter experts, please let us know!

Eric

Related Entries and Links

No Related Resource entered.