Symantec Scan Engine 5.x Log Analysis Tool

Article:TECH134905  |  Created: 2010-01-14  |  Updated: 2014-06-26  |  Article URL http://www.symantec.com/docs/TECH134905
Article Type
Technical Solution


Issue



Are there any tools that can be used to help Analyze the Symantec Scan Engine log files?

 


Environment



Symantec Scan Engine 5.0/5.1/5.2


Solution



Attached is a Java executable jar file that can be used to analyze the Symantec Scan Engine .log and .dat log file. Given the Scan Engine .dat and .log files this tool will convert the .log file into readable format, report on the number of Infections Found, Container Violations, SSE hung or overloaded Warnings, Critical Errors, Queue Overflow Warnings, Scan Errors. The tool will also break down which specific errors were thrown and how many. It will report on the average scans per second, average scan requests per second, average scan time, and the average file size in MB for that day. Also the tool will report every time Scan Engine handled more then 12MB of data per second for a period longer then three minutes and for that period it will output the timestamp and what the average MB/second for each sixty second period.


sse.jar <logfile> <datfile> [options] [outputfile] [logfile_output]
<logfile> == Scan Engine .log file to analyze.
<datfile> ==  Matching Scan Engine .dat file.
[outputfile] == File to output results to. If left blank the results will be output to a file called 'ScanEnginelog.txt' in the local directory.
[logfile_output] == Enter a file path if you want the tool to convert and output the .log file to human readable form. If no path is provided it will be output to 'ConvertedSSELog.txt' in the local directory.

Note: Use of this tool requires java 1.6 or above.  From a command prompt, type java -version to determine the current version of java.  If the working version of Java is less then 1.6, confirm that there are no newer version.  On Windows check \Program Files\Java, and confirm there are no folders there for Java 1.6 (ex. jre6, jdk1.6xxx).  If there are, type out the path to the 1.6 java executable.  For example,

"c:\Program Files\java\jre6"\bin\java -jar sse.jar <name of log file>"

If not, you will have to try from another machine that has Java 1.6 installed. 

 

Also note: Allow the tool time to process the files. The larger the file, the longer the tool will take. The tool will process the ".log" file first.

You can monitor the working of the tool  by watching the process "javaw.exe" in the WindowsTask Manager  

Once the tool has finished (javaw.exe" has returned to "zero"), refresh the view of the local directory to see the new files "ConvertedSSELog.txt" and "ScanEnginelog.txt"

Drag-N-Drop_addon.jar is a drag and drop GUI (executable jar) for SSE.jar (must be present in the same folder as SSE.jar and Java must be pathed to function).  Simply drag as many ".dat" +".log" files into the window as you want to convert.

  • ".dat" and ".log" pairs should be located in the same directory.
  • A new SSE.jar is instanced for every ".dat" + ".log" pair.
  • This can be system intensive if too many log pairs are passed at one time.
  • Drag-N-Drop_addon.jar must be present in the same folder as SSE.jar and Java must be pathed to function.

Attachments

SSE.jar (13 kBytes)

Legacy ID



2010071422150654


Article URL http://www.symantec.com/docs/TECH134905


Terms of use for this information are found in Legal Notices