Debugging Sylink communications with Symantec Endpoint Protection for Macintosh (SEP for Mac)

Article:TECH132983  |  Created: 2010-01-07  |  Updated: 2013-10-15  |  Article URL http://www.symantec.com/docs/TECH132983
Article Type
Technical Solution

Product(s)


Issue



SEP for Mac client does not appear in the Symantec Endpoint Protection Manager (SEPM) after installing with a package exported from the SEPM, and you want to know how to troubleshoot heartbeat communication using a method similar to Sylink debug logging on Windows.

Symptoms

- SEP for Mac client does not appear in the SEPM after installing with package exported from the SEPM.

- Connection Status reads: Disconnected

Note: Since Mac clients can only get content via LiveUpdate, Sylink debug logging can't be used to troubleshoot content delivery, only the connection (heartbeat) to the SEPM.


Solution



To enable Sylink debugging on 12.1 RU2 and earlier, continue below. For 12.1 RU4 and later, skip down to the 12.1 RU4 section.

          For 12.1 RU2 and earlier:

  • Within a Terminal window, enter:
    sudo /Library/StartupItems/SMC/smclient --debuglevel=engineer

  • Authenticate when prompted. The Terminal window will not echo password input.
     
  • Restart the smclient. This is not required to change the debug level but it is a good idea on a managed client to force a check-in and retrieve updated policy settings:
    sudo /Library/StartupItems/SMC/smclient --stop
    sudo /Library/StartupItems/SMC/smclient --start
     
  • Allow it to run for 10-15 minutes, then reverse changes (authenticating again when prompted) by entering:
    sudo /Library/StartupItems/SMC/smclient --debuglevel=none

  • When ready to collect logs, see the 'Gathering SEP for Mac logs' section below.


    For 12.1 RU4 and later:

  • Within a Terminal window, enter: 
    sudo '/Library/Application Support/Symantec/SMC/tools/SetSettings' -lengineer

  • Authenticate when prompted. The Terminal window will not echo password input.
     
  • Restart the smclient. This is not required to change the debug level but it is a good idea on a managed client to force a check-in and retrieve updated policy settings:
    sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.plist
    sudo launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.plist 
  • Allow it to run for 10-15 minutes, then reverse changes (authenticating again when prompted) by entering: 
    sudo '/Library/Application Support/Symantec/SMC/tools/SetSettings' -lnone

  • When ready to collect logs, see the 'Gathering SEP for Mac logs' section below.

    Gathering SEP for Mac logs:
     
  • For all SEP for Mac versions, run the GatherSymantecInfo tool and email the results to technical support. This report will include the debug log as well as lots of other useful information. The debug log is otherwise located at:
    /Library/Application Support/Symantec/SMC/debug/smc_debug.log
    Permissions on this file is rw-r--r-- (chmod 644) -- should be allowed to copy it to desktop or attach to email.


Indication of a successful communication status will appear in the Symantec Quick Menu:




References
Title: 'Installing Symantec Endpoint Protection 11 for Macintosh'
http://www.symantec.com/docs/TECH131675

Title: 'How to convert an unmanaged SEP for Macintosh client to managed'
http://www.symantec.com/docs/TECH131585
 

Title: 'The SEP for Macintosh SMC service (smcdaemon)'
http://www.symantec.com/docs/TECH131582


Technical Information
There are three levels to set for debugging: none, support, and engineer. The output for engineer resembles Windows Sylink logging, with some extra information about scan policy values. Note for 12.1 RU4 and later, the three debugging levels are input as lnonelsupport, and lengineer. l is the letter L and not the number one.




Legacy ID



2010060712094148


Article URL http://www.symantec.com/docs/TECH132983


Terms of use for this information are found in Legal Notices