Configuring logging levels for Symantec ManHunt and Symantec Network Security

Article:TECH111894  |  Created: 2003-01-10  |  Updated: 2005-01-08  |  Article URL http://www.symantec.com/docs/TECH111894
Article Type
Technical Solution


Environment

Issue



This document describes how to set the level of detail that is written to the log files for ManHunt 2.2, Symantec ManHunt 3.x, Symantec Network Security 7100 Series, and Symantec Network Security 4.0.


Solution



The logging level determines the level of detail that is recorded in the ManHunt and Symantec Network Security log files. The default logging level is 5. The available logging levels are from 0 to 10.

To change the logging level in ManHunt 2.2 and Symantec ManHunt 3.x, change the value of the global_logLevel= entry that is in the /etc/manhunt.conf file.

To change the logging level in Symantec Network Security
  1. Start the Network Security console.
  2. Click Configuration > Node > Network Security Parameters.
  3. In the Select Node box, choose the node and click OK.
  4. In the left pane, click Operational Logging Level.
  5. In the right pane, type a log level.
  6. Click Apply.


Configuring verbose mode for troubleshooting purposes
ManHunt and Symantec Network Security have an additional logging level that is called verbose mode. Verbose mode records significantly more activity than the Debug level records. The following steps configure ManHunt and Symantec Network Security to use verbose mode for logging.

Use verbose mode only for troubleshooting purposes. After you collect sufficient log data, change the logging level back to the default setting. If left in verbose mode, the log files quickly become large. Large log files trigger a log rotation, which may overwrite older log files. Make sure you set the log rotation size to an appropriate size for your available disk space.

To enable verbose mode
  1. Open the /etc/manhunt.conf file in a text editor.
  2. Change the value of the global_logLevel= entry to 35. The line will look like this: global_logLevel=35
  3. Add the following line to the end of the manhunt.conf file: global_babel=on
  4. Save your changes and close the manhunt.conf file.
  5. At a command prompt, change to the installation directory for Symantec ManHunt or Symantec Network Security.
    The default installation directories are /usr/manhunt and /usr/SNS, respectively.
  6. Type: touch verbose
    This step creates a file that is named verbose.
  7. If Symantec ManHunt 3.x is installed, then in the ManHunt Console on the Configuration menu, click Local Node Parameter. In the Maximum Operational Log Size box, type: 250
  8. Restart ManHunt or Symantec Network Security.

To disable verbose mode
  1. Open /etc/manhunt.conf in a text editor.
  2. Change the value of the global_logLevel= entry to 5. The line will look like this: global_logLevel=5
  3. Save your changes and close the manhunt.conf file.
  4. Restart ManHunt or Symantec Network Security.




Technical Information
Normal logging levels for Symantec ManHunt and Symantec Network Security range from 0 to 10. The following list defines selected levels.


Logging levels

  • 0 = Critical messages.
  • 1 = Error messages and critical messages.
  • 2 = Warning messages. May also log error messages and critical messages.
  • 3 = Critical, error, warning, and informational messages. Also logs all changes that are made to the node configuration. Does not log the detailed request message.
  • 5 = Critical, error, warning, and informational messages. Also logs all changes that are made to the node configuration. Does not log the detailed request message.
  • 10 = Debug logging level. Logs all changes and search requests that are made in the ManHunt console or Network Security console to the node. Logs the contents of the request message.




Legacy ID



2003031010550753


Article URL http://www.symantec.com/docs/TECH111894


Terms of use for this information are found in Legal Notices