Symantec Scan Engine 5.x Log Analysis Tool
|Article:TECH134905|||||Created: 2010-01-14|||||Updated: 2012-02-27|||||Article URL http://www.symantec.com/docs/TECH134905|
Are there any tools that can be used to help Analyze the Symantec Scan Engine log files?
Symantec Scan Engine 5.0/5.1/5.2
Attached is a Java executable jar file that can be used to analyze the Symantec Scan Engine .log and .dat log file. Given the Scan Engine .dat and .log files this tool will convert the .log file into readable format, report on the number of Infections Found, Container Violations, SSE hung or overloaded Warnings, Critical Errors, Queue Overflow Warnings, Scan Errors. The tool will also break down which specific errors were thrown and how many. It will report on the average scans per second, average scan requests per second, average scan time, and the average file size in MB for that day. Also the tool will report every time Scan Engine handled more then 12MB of data per second for a period longer then three minutes and for that period it will output the timestamp and what the average MB/second for each sixty second period.
sse.jar <logfile> <datfile> [options] [outputfile] [logfile_output]
<logfile> == Scan Engine .log file to analyze.
<datfile> == Matching Scan Engine .dat file.
[outputfile] == File to output results to. If left blank the results will be output to a file called 'ScanEnginelog.txt' in the local directory.
[logfile_output] == Enter a file path if you want the tool to convert and output the .log file to human readable form. If no path is provided it will be output to 'ConvertedSSELog.txt' in the local directory.
Note: Use of this tool requires java 1.6 or above. From a command prompt, type java -version to determine the current version of java. If the working version of Java is less then 1.6, confirm that there are no newer version. On Windows check \Program Files\Java, and confirm there are no folders there for Java 1.6 (ex. jre6, jdk1.6xxx). If there are, type out the path to the 1.6 java executable. For example,
"c:\Program Files\java\jre6"\bin\java -jar sse.jar <name of log file>"
If not, you will have to try from another machine that has Java 1.6 installed.
Also note: Allow the tool time to process the files. The larger the file, the longer the tool will take. The tool will process the ".log" file first.
You can monitor the working of the tool by watching the process "javaw.exe" in the WindowsTask Manager
Once the tool has finished (javaw.exe" has returned to "zero"), refresh the view of the local directory to see the new files "ConvertedSSELog.txt" and "ScanEnginelog.txt"
Article URL http://www.symantec.com/docs/TECH134905