Video Screencast Help

How to capture SEP-SEPM communication logs with SylinkMonitor for MR3 onwards for troubleshooting communication issues

Created: 06 May 2009 | 2 comments
Language Translations
Aniket Amdekar's picture
+9 9 Votes
Login to vote

Problem: You do not see any communication logs in SylinkMonitor utility while troubleshooting communication issues.

Symtoms: You do not see any logs in SylinkMonitor after clicking on "update policy"

Solution: Since the release of SylinkMonitor utility, it has played a crucial role in helping users to capture the communication messages between SEP client and SEPM. But since the release of MR3 version, when you run the utility, you do not get any output.

Thats because you need to enable the debug logging manually in the SEP clients only then the traffic can be captured.

In order to achieve this perform the steps below:

1. Open registry
2. Locate the following key:
HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\smc_debuglog_on
3. Make the value of this key to 1 if its 0.
4. Close the registry. Close the SEP client if its opened.
5. Go to Start->Run and type "smc -stop"
6. Now you will notice that the shield icon in the system tray has disappeared
7. Go to Start->Run and type "smc -start"
8. The shield icon should re-appear in the system tray now.

Now, run the sylinkmonitor tool. Right click on the shield icon and click on update policy. You should be able to see the logs starting to flow real-time in the tool
Now you have the ability to stop the tool, and analyze the logs.

You can look for the keyword 'error' in the logs.

Please contact technical support if you need further assistance with troubleshooting.

Comments 2 CommentsJump to latest comment

Hear4U's picture

Hi folks,

As you can tell, there are a number of Symantec employees, Technical Support Staff, and Trusted Advisors on the communty these days.  We're reviewing issues we see, and creating content/articles that can help solve many of the same re-occurring issues presented on the community.  If you have a suggestion for a technical article, written by one of our own internal subject matter experts, please let us know!

Eric

check out the community at www.infoblox.com/community

+2
Login to vote
pete_4u2002's picture

hi,
adding to Aniket's tips, we can look at the SMS messages in the log file, messages like 200 successfull connection, 400 bad request. You can narrow down the reason for failure.

these are http request status code available on MS site.
http://support.microsoft.com/kb/318380

Pete!
 

+2
Login to vote