Endpoint Protection

  • Private Community
 View Only

  • 1.  Requesting information on log and dump files external logging

    Posted Mar 14, 2018 03:11 PM

    We are moving off of Splunk and over to Elastic using filebeat to transfer we have it setup and working. I see the tmp files being updated every five minutes in teh data\dump directory  which I think corresponds to the hearbeat setting but the log files are not being updated that frequently. How often should data be moved from tmp to log? I there any documentation on this I have looked at the admin guide and have not found any specifics on it.

    our version on both SEPM and the Clients is 14 MP2 14.0.2415.0200

    Thanks

     

    Stan

     



  • 2.  RE: Requesting information on log and dump files external logging

    Posted Mar 14, 2018 03:29 PM

    This is it:

    http://www.symantec.com/docs/HOWTO81168

    Generally, this should be a fairly quick process. How long is it taking?



  • 3.  RE: Requesting information on log and dump files external logging
    Best Answer

    Broadcom Employee
    Posted Mar 14, 2018 03:42 PM

    tmp to .log file conversion will happen in case there is any change in SEPM’s external logging settings OR SEPM services get restarted. As it create new ExternalLogginerWorker, and this is by design.

    Data will be send to external logging server independent of .tmp/.log



  • 4.  RE: Requesting information on log and dump files external logging

    Broadcom Employee
    Posted Mar 14, 2018 04:19 PM

    Please remember to mark a solution if this answers your question.



  • 5.  RE: Requesting information on log and dump files external logging

    Posted Mar 15, 2018 11:00 AM

    we are not using Enable Transmission of logs to syslog server native settings we are grabbing the files from c$\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump using Filebeat



  • 6.  RE: Requesting information on log and dump files external logging

    Posted Mar 15, 2018 11:02 AM
      |   view attached

    screen shot attached



  • 7.  RE: Requesting information on log and dump files external logging

    Broadcom Employee
    Posted Mar 15, 2018 11:05 AM
    You'll want to grab the tmp file then as it's only rolled over to. Log if SEPM service is restarted..


  • 8.  RE: Requesting information on log and dump files external logging

    Broadcom Employee
    Posted Mar 15, 2018 11:06 AM
    You'll want to grab the tmp file then as it's only rolled over to. Log if SEPM service is restarted..


  • 9.  RE: Requesting information on log and dump files external logging

    Posted May 30, 2022 02:53 AM
    Hi John, for the setting: Limit Dump File record, will it limit the size of .tmp or .log?  I understand that Data will be send to external logging server independent of .tmp/.log. We use splunk to monitor .tmp, but we still want to limit the file size of .tmp. thanks. 
    Original Message


  • 10.  RE: Requesting information on log and dump files external logging

    Posted Mar 15, 2018 11:09 AM
      |   view attached

    We are not using the Native Symantec Transmission of logs to syslog server due some issues it had with our Elastic server so we are grabbing the files from c$\Program Files (x86)\Symantec\Symantec Endpoint Protection Manager\data\dump using Filebeat



  • 11.  RE: Requesting information on log and dump files external logging

    Posted Mar 15, 2018 11:33 AM

    Thanks

    John