How to Obtain Debug Logs for Symantec Mail Security for Microsoft Exchange (SMSMSE)

Article:TECH86063  |  Created: 2007-01-18  |  Updated: 2014-11-01  |  Article URL http://www.symantec.com/docs/TECH86063
Article Type
Technical Solution


Issue



This article describes how to collect debug logging information from the SMSMSE product.


Solution



To obtain a DebugView log file you must perform the following actions:

1. Setup DebugView
2. Enable the logging appropriate to your issue
3. Capture the DebugView data

 

For all issues, Setup DebugView first

DebugView is a monitoring program that allows you to monitor debug output on your local computer. You can download DebugView from this Microsoft Web site. Symantec does not support or warranty this program. Symantec makes no guarantee or promise of suitability or compatibility of DebugView with your computer. 

 

1. Download and install DebugView.
2. Open DebugView.
3. Click Options. Check Clock Time and Show Milliseconds.
4. Click File. Click Log to File.
5. In the Log File text box, type c:\dbgview.log
6. Click Limit Log Size.
7. In the Max Log Size (MB) text box, type the desired maximum size for your log file.
8. Click OK.
9. If the operating system is a 64 bit operating system click Capture. Check Capture Global Win32

 

To enable the proper logging elements; you must make some changes in your Windows registry:

A. To enable logging for Service related issues

B. To enable logging for Real-Time Virus Scanning and Content Filtering(Auto Protect) scanning issues

C. To enable logging for transport scanning issues on Exchange 2007 or 2010 (including AntiSpam issues)

D .To enable logging for Manual or Scheduled scanning issues

 

A. To enable logging for Service related issues

1. Open the Registry Editor.
2. Browse to the following registry key:  

32 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\<version>\Server

64 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server

NOTE: The <version> part of the key path is dependent on the version of SMSMSE installed.

3. Create the following registry entries as DWORD entries and set the value to one (1):

CMDDebugEnabled

LogAllFailures 

4. Restart the following Windows Services:

Symantec Mail Security for Microsoft Exchange

Symantec Mail Security Utility Service

5. Reproduce the issue you are attempting to debug.
6. Revert the registry changes you made previously by changing the DWORD values from one (1) to zero (0).

B. To enable logging for Real-Time Virus Scanning and Content Filtering(Auto Protect) scanning issues

1. Open the Registry Editor.
2. Browse to the following registry key:  

32 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\<version>\Server

64 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server

NOTE: The <version> part of the key path is dependent on the version of SMSMSE installed.

3. Create the following registry entries as DWORD entries and set the value to one (1):

CMDDebugEnabled

LogAllFailures 

4.Turn on Exchange VSAPI logging by changing the following registry key:

HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MSExchangeIS\VirusScan

a. In the right pane double-click the Parameters value.

b. In the Value Data text box, add the following string to the beginning of the data:

debuglevel 1

NOTE: Do not delete the existing data. Insert the string before the existing data.

c. In the right pane double-click the ReloadNow value.

d. In the Value Data text box set the value to 1.

e. Close the Registry Editor.

5. Restart the following Windows Services:

Symantec Mail Security for Microsoft Exchange

Symantec Mail Security Utility Service

6. Reproduce the issue you are attempting to debug.
7. Revert the registry changes you made previously by changing the DWORD values from one (1) to zero (0).

 

C . To enable logging for transport scanning issues on Exchange 2007, 2010 and 2013 (including AntiSpam issues)

1. Open the Registry Editor.
2. Browse to the following registry key:  

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server

NOTE: The <version> part of the key path is dependent on the version of SMSMSE installed. 

3. Create the following registry entries as DWORD entries and set the value to one (1):

CMDDebugEnabled

LogAllFailures 

4. Browse to the following registry key:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\SMTP

5. Create the following registry entry as a DWORD entry and set the value to one (1):

TransportAgentDebugOutput

5. Restart the following Windows Services:

Symantec Mail Security for Microsoft Exchange

Symantec Mail Security Utility Service

Microsoft Exchange Transport

5. Reproduce the issue you are attempting to debug.
6. Revert the registry changes you made previously by changing the DWORD values from one (1) to zero (0).

 

D. To enable logging for Manual or Scheduled scanning issues

        1. Open the Registry Editor.
2. Browse to the following registry key:  

32 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\<version>\Server

64 Bit Operating System: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server

NOTE: The <version> part of the key path is dependent on the version of SMSMSE installed.

3. Create the following registry entries as DWORD entries and set the value to one (1):

CMDDebugEnabled

LogAllFailures

LogAllSerialScanData

If the issue you are troubleshooting is occurring on an Exchange 2010 or 2013 server, add the following additional DWORD entries, and set the value to one (1):

LogEWSFailures

EWSTraceEnabled

4. Restart the following Windows Services:

Symantec Mail Security for Microsoft Exchange

Symantec Mail Security Utility Service

5. Reproduce the issue you are attempting to debug.
6. Revert the registry changes you made previously by changing the DWORD values from one (1) to zero (0)

 

To submit the data

1. Save the Windows application log and system event log in .EVT format.
2. Save the VSAPI log (if requested) and the DebugView file to the same folder in which you saved the application log and the system event log.
3. Use a zip utility to compress the log files.
4. Provide the zipped log files to your support agent.

Notes

The VSAPI log file is named SAVFMSE.log. The default path to the log file is the following:

Exchange 2003: C:\Program Files\Exchsrvr\MDBDATA
Exchange 2007/2010: C:\Program Files\Microsoft\Exchange Server\V14\Mailbox\MDBTEMP
Exchange 2013C:\Program Files\Microsoft\Exchange Server\V15\Mailbox\MDBTEMP

The DebugView log file is the full path that you specified in DebugView.

 


Supplemental Materials

SourceETrack
Value2354875

Legacy ID



2007121816205254


Article URL http://www.symantec.com/docs/TECH86063


Terms of use for this information are found in Legal Notices