How to turn on debug logs for SSIM collectors
| Article:TECH86437 | | | Created: 2007-01-10 | | | Updated: 2011-10-13 | | | Article URL http://www.symantec.com/docs/TECH86437 |
Problem
Instructions on turning on debug logging for Symantec Security Information Manager (SSIM) collectors
Symptoms
Events are either missing or not showing correctly in the SSIM console.
Solution
The best way to enable collector debug mode is using esdiag.
To download and use esdiag, use article: http://www.symantec.com/docs/TECH88921
To turn on debug logging for the collector without using esdiag, browse to the directory where the collector is installed on machine.
- Windows 32bit default path is C:\Program Files\Symantec\Event Agent\collectors\<collector>
- Windows 64bit default path is C:\Program Files (x86)\Symantec\Event Agent\collectors\<collector>
- Unix the default path is /opt/Symantec/sesa/Agent/collectors/<collector>
Note: "<collector>
- Stop the Symantec Event Agent.
- Navigate to the directory of the collector that needs to be set to Debug logging.
- Open the log4j.properties file using a text editor.
- Edit the line log4j.level=INFO to log4j.level=DEBUG
- Change the log file size line log4j.maxfilesize=100KB to log4j.maxfilesize=10000KB
- Change the number of backups line log4j.maxbackups=5 to log4j.maxbackups=10
- Start the Symantec Event Agent.
To turn off debug logging for the collector, change the settings in the log4.properties file back to the original settings following the same steps.
|
|
Legacy ID
2007362906962698
Article URL http://www.symantec.com/docs/TECH86437
Terms of use for this information are found in Legal Notices
Thank you.