Hello,

We have installed the managed SEP Client 12.1.5 Client on Linux Servers and they report to the SEPM.

Some Linux servers have reported slowness issues. Though the TOPS command does not show SEP Client related processes consuming resources, we are curious to know the following so that possible issues in future can be dealt with.

1. Where do log files that help troubleshoot slowness issues get generated?

2. What are the locations on the Linux Systems?

3. How do we ascertain that files / processes that have not excluded from scan indeed do not get scanned?

Thanks,
Jimmy

=-=-=

 I can't find anything that mentions a specific scan log.  According to the SAV_Linux_Impl.pdf guide:

P 16: All events that are generated are logged to the standard system log via syslog.

P 24: /var/symantec [contains] alert logs and quarantined files.

this is for windows, i'm not sure if this applies to Linux as well

How to log all files and directories scanned during On-Demand / Scheduled Scan with Symantec Endpoint Protection 11.x and 12.1

http://www.symantec.com/business/support/index?page=content&id=TECH103126

When are they slow, all the time?

Hi Brian,

The servers are not slow at all times; 2 servers were reported slow in the morning. Referring to TOPS command output, JAVA processes held by JBoss was consuming the most CPU resource.

Killing the Java processes brought down the CPU usage to normal levels - still OK.

It has been understood that Symantec SEP Client is not causing any slowness. However, assuming that, in future, if some servers report slowness due to the SEP Client, it would be nice to know which logs to look into.

Also, the same can be used in this case too.

Hence, this query was posted.

Thanks,
Jimmy

=-=-=

Hi Rafeeq,

• As per the 2nd link, vpdebug logging needs to be enabled using the GUI.
  Can the same be done using the command line?
• Is vpdebug applicable for Linux?
   

Thanks,
Jimmy

=-=-=

Haven't seen any document for that Jimmy, I'm hoping that someone from Symantec tech team would comment on this..

Hi,

Thank you for for posting in Symantec community.

I would be glad to answer your query

SEP will utilize resources only during scan process like Autoprotect scan or scheduled scan. You can refer scan logs. You can refer scan logs if any slowness issue observed during scan. For Linux box slowness refer linux tools. 

Scan logs can be found under /var/log folder.

Hi Chetan,

Thanks for the response!

Of late, it has been reported that users were not able to login to a few Linux servers; instead, after keying in the password, the server went to a hung state.

Unfortunately, it took place just after a successful liveupdate.

Will the logs within /var/log folder help in analysing such issues or is there another set of logs that needs to be looked into?

Thanks,
Jimmy

=-=-=

Hi Jimmy,

Sorry to know that system hung after live update. After reboot did it work? & yes,Logs within /var'log folder can give you helpful info.

Hi Chetan,

Yes - it did work after reboot.

Thanks for the response!

-Jimmy

=-=-=

Hi Chetan,

We logged into some servers, but found the folder /var/log/symantec to be empty.

What could that mean?

Regards,
Jimmy

=-=-=