Enable sylink debugging for Endpoint Protection clients

Article:TECH104758  |  Created: 2008-01-18  |  Updated: 2014-12-16  |  Article URL http://www.symantec.com/docs/TECH104758
Article Type
Technical Solution


Issue



This article describes the steps for enabling Sylink debug logging using the Windows Registry. Sylink debugging is used for troubleshooting communication issues between Symantec Endpoint Protection (SEP) 11.x and 12.1 clients and Symantec Endpoint Protection Manager (SEPM).


Solution



The following is an alternative to running Sylink Watcher or Sylink Monitor.

Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.

Note: On a Symantec Endpoint Protection 12.1.x client, you must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article:
How to disable Tamper Protection in Symantec Endpoint Protection 12.1

You do not need to disable Tamper Protection on a Symantec Endpoint Protection 11 client.
 

To enable Sylink debug logging via the Windows Registry

I. Enable SMC debug logging

  1. To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results.
    Alternately, click Start > Run, enter regedit, and then click OK.
     
  2. Navigate to the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\

    Note: For 64-bit systems running a version of Symantec Endpoint Protection earlier than 12.1.5 (12.1 RU5), including Symantec Endpoint Protection 11, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC
     
  3. Double-click smc_debuglog_on.
     
  4. Change the Value data to 1 and click OK.
     

II. Enable Sylink debug logging and define Sylink log location

  1. While still in the Windows Registry Editor, navigate to the following registry subkey:
    HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink

    Note:
    For 64-bit systems running a version of Symantec Endpoint Protection earlier than 12.1.5 (12.1 RU5), including Symantec Endpoint Protection 11, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
     
  2. Click Edit > New > String Value.
     
  3. Name the new value DumpSylink.
     
  4. Double-click DumpSylink.
     
  5. In the Value data field, specify the name and location for the log file. For example, C:\Sylink.log would place the file Sylink.log at the root of the C: drive.
     
  6. Click OK, and then close the Registry Editor.
     

III. Restart the Symantec Management Client (SMC)

  1. Click Start, and in the Search programs and files field, enter the following command:
    smc -stop
    Alternately, click Start > Run, enter the command and then click OK.
     
  2. After the Symantec Endpoint Protection icon disappears from the notification area, repeat Step 1, but instead use the following command:
    smc -start

Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
 

To disable Sylink debug logging via the Windows Registry

After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:

  • Delete the DumpSylink string that you created.
  • Change the Value data of smc_debug_log back to 0.
  • Restart the Symantec Management Client.
  • For any version of Symantec Endpoint Protection 12.1.x, reenable Tamper Protection.

If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.
 




Legacy ID



2008041812561948


Article URL http://www.symantec.com/docs/TECH104758


Terms of use for this information are found in Legal Notices