SylinkWatcher and SylinkMonitor real-time debugging tools

Article:TECH103369  |  Created: 2007-01-16  |  Updated: 2014-11-24  |  Article URL http://www.symantec.com/docs/TECH103369
Article Type
Technical Solution

Product(s)

Issue



This article provides information on SylinkWatcher and SylinkMonitor, real-time debugging tools for Sygate/Symantec Protection Agent (SPA) 5.x or Symantec Endpoint Protection (SEP) 11.x.


Solution



SylinkWatcher and SylinkMonitor are tools that show Symantec Endpoint Protection (SEP) 11.x and  Sygate Protection Agent 5.x debugging information in real-time. The information it shows is not exactly the same as what is saved to the debug.log file in the agent directory. Particularly for agent upgrade issues it often gives more helpful information than just debug.log by itself.

  • SylinkWatcher works with the Sygate / Symantec Protection Agent 5.x before the MR4 release and the Symantec Endpoint Protection 11.x agent before the MR2 release.
  • SylinkMonitor is the tool to use for SPA 5.1 MR4 and later and SEP 11 MR2 and later.

See Attachments to download these tools.

Note: The behavior of Sylink debug logging and SylinkMonitor tool has changed as of SEP 11 MR3 and later versions. With MR3 and later versions, a debug value has to be manually set in the registry.

  1. Stop SMC: START > RUN > smc –stop
  2. Set registry key: HKLM\Software\Symantec\Symantec Endpoint Protection\SMC - smc_debuglog_on = 1
  3. Start SMC: START > RUN > smc –start
  4. Run SylinkMonitor





Example of a failed agent upgrade from debug.log

01/26 10:40:46 [456:1104] <DownloadNow:>SSA Version on server=101063035, SSA Version on client=101062916,HIAUpdate = 151,ServerBuild = 5.1.5.2864
01/26 10:40:46 [456:1104] CDownloadManager::StopDownload is done
01/26 10:40:49 [456:1196] <HttpDownload>C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi checksum error
01/26 10:40:53 [456:1196] <HttpDownload>C:\Program Files\Symantec\SPA\Download\Readme.txt checksum error

The same failed agent upgrade from SylinkWatcher

01/26 10:40:46 <DownloadNow:>SsaBuildOnServer=5.1.6523
01/26 10:40:46 <DownloadNow:>ForceDeploy=1
01/26 10:40:46 <DownloadNow:>ClientType=105 NewClientType=105
01/26 10:40:46 <DownloadNow:>SSA Version on server=101063035, SSA version on client=101062916,HIAUpdate = 151,ServerBuild = 5.1.5.2864
01/26 10:40:46 <DownloadNow:>Set download URL=http://192.168.20.1/spa/
01/26 10:40:46 <DownloadNow:>Set storage path=C:\Program Files\Symantec\SPA\Download
01/26 10:40:46 <PostEvent>going to post event=EVENT_SERVER_CONNECTING
01/26 10:40:46 <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
01/26 10:40:46 <DownloadNow:>DOWNLOADing new client package
01/26 10:40:47 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:47 <HttpDownload>http://192.168.20.1/spa/packlist.xml to C:\Program Files\Symantec\SPA\Download\packlist.xml
01/26 10:40:47 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:48 C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi filesize unmatched 0
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\Readme.txt
01/26 10:40:48 <IsPackageComplete>Package is not complete on the download path, count = 5
01/26 10:40:48 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <DownloadProc>5 files to download
01/26 10:40:49 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:49 <DownloadProc>FILE=SymantecProtectionAgent.msi, DATE=01-10-2007 17:50:28, CHECKSUM=4c05658f
01/26 10:40:49 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:49 <HttpDownload>http://192.168.20.1/spa/SymantecProtectionAgent.msi to C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi
01/26 10:40:49 <HttpDownload>C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi checksum error
01/26 10:40:49 <HttpDownload>Download server returns code=206
01/26 10:40:50 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:50 <DownloadProc>FILE=SyLink.xml, DATE=, CHECKSUM=
01/26 10:40:50 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:50 <HttpDownload>http://192.168.20.1/spa/SyLink.xml to C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:51 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:51 <DownloadProc>FILE=setAid.ini, DATE=, CHECKSUM=
01/26 10:40:51 <HttpDownload>http://192.168.20.1/spa/setAid.ini to C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:52 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:52 <DownloadProc>FILE=serdef.dat, DATE=, CHECKSUM=
01/26 10:40:52 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:52 <HttpDownload>http://192.168.20.1/spa/serdef.dat to C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:53 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:53 <DownloadProc>FILE=Readme.txt, DATE=01-10-2007 17:14:01, CHECKSUM=c2a33062
01/26 10:40:53 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:53 <HttpDownload>http://192.168.20.1/spa/Readme.txt to C:\Program Files\Symantec\SPA\Download\Readme.txt
01/26 10:40:53 <HttpDownload>C:\Program Files\Symantec\SPA\Download\Readme.txt checksum error
01/26 10:40:53 <SetLastModified>Failed to get C:\Program Files\Symantec\SPA\Download\Readme.txt DATA STATUS, ERROR=2

 

See Related Articles for more information.


Technical Information
You can also generate a SyLink log without using the tool:

Inside HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink, set DumpSyLink (a REG_SZ value) to the file path where the log should go (e.g. c:\sylink.log). You must restart the service smc.exe after the change.


Attachments

SylinkMonitor for SPA 5.1 MR4 and later and SEP 11 MR2 and later
SylinkMonitor_6733.exe (236 kBytes)
SylinkWatcher for SPA 5.1 before MR4 and SEP 11 before MR2
SylinkWatcher.exe (36 kBytes)






Legacy ID



2007456519454798


Article URL http://www.symantec.com/docs/TECH103369


Terms of use for this information are found in Legal Notices