Symantec Encryption Desktop log files for Linux

Article:TECH201500  |  Created: 2013-01-09  |  Updated: 2013-01-09  |  Article URL http://www.symantec.com/docs/TECH201500
Article Type
Technical Solution


Issue



Where are the log files stored for Symantec Encryption Desktop (SED) for Linux?

 


Solution



The Symantec Encryption Desktop uses the typical system files for Linux.  The logging does not log as detailed as the Windows or Mac clients, however the following log files are used to write to when events such as policy updates take place:

 

1. /var/log/messages 

When policy updates take place, this log file gets populated with information pertaining to encryption.  This log file will log details about IOCTL events and partition events.

 

2. /var/log/dmesg

Because SED has encrypted the drives, "pgpwde" entries will show up in this log upon encrypting the Linux client.

 

3. /var/log/secure

When certain events such as adding or removing SED Whole Disk users, these events will take place and will be logged in the following way:

User Bob added WDE user Chalie to DiskGroup [uuid here]

 

4. When the command "pgpenroll --check-enroll" is run, which will update policy from the Symantec Encryption Management Server (SEMS), check the SEMS client logging for events to ensure the client is communicating with the server.  There will be logging events such as the following when succcessful:

 

CLIENT-000111: connection from 192.168.1.159
CLIENT-000111: authenticated internal Encryption Desktop 10.3.0.8741 user bob from [192.168.1.159]
CLIENT-000111: client request [internal user bob]: <GetVersion>
CLIENT-000111: client request [internal user bob]: <GetPrefs>
CLIENT-000111: client request [internal user bob]: <GetEchoPrefs>
CLIENT-000111: client request [internal user bob]: <GetKeyByKeyID>
CLIENT-000111: client request [internal user bob]: <GetUpdatedTimes>
CLIENT-000111: client request [internal user bob]: <GetCustomizationData>
CLIENT-000111: connection from 192.168.1.159
CLIENT-000111: authenticated internal Encryption Desktop 10.3.0.8741 user bob from [192.168.1.159]
CLIENT-000111: client request [internal user bob]: <CheckWDRTExists>
CLIENT-000111: client request {internal user bob]: <SendEvent>
CLIENT-000111: WDE Event [time Wed 09 Jan 2013
 
This is what a successful communication event will look like in the SEMS client logs.

Tip: To get increased logging, try adding --verbose to the end of the pgpwde commands and more information will be displayed.  This does not work for all commands.




Article URL http://www.symantec.com/docs/TECH201500


Terms of use for this information are found in Legal Notices