Video Screencast Help

SEP12 & Dump

Created: 03 Oct 2012 | 4 comments

Hello everybody.

Just a question the way Dump files into \Symantec\Symantec Endpoint Protection Manager\data\dump on SEPM12 are created.

For two Dump logs we have *.tmp files instead of *.log.

agent_behavior.tmp that is loggin  Application & Device Control.

and

agt_system.tmp

For each one we have also a log file.

When does SEPM12  change the "tmp" file into "log" file ? Does it depend on the log retention ? On which criteria ? Number of entries or size of the log ?

Thanks a lot for your help & explanations.

Best regards.

JD.

 

 

 

 

 

 

 

Comments 4 CommentsJump to latest comment

Mithun Sanghavi's picture

Hello,

When you export to a text file, the number of exported records can differ from the number you set in the External Logging dialog box. This situation arises when you restart the management server. After you restart the management server, the log entry count resets to zero, but there may already be entries in the temporary log files. In this situation, the first *.log file of each type that is generated after the restart contains more entries than the specified value. Any log files that are subsequently exported contain the correct number of entries.

 

External Log Timer:

Task

Initial Delay

Frequency

Description

Type

Product

ExternalLoggingTask

10 seconds

1 minute

Sends logs to Syslog Server and export logs to a dump file

Fixed delay task

SEP11.x & SEP12.x

 

Check these Articles:

Exporting log data to a text file http://www.symantec.com/docs/HOWTO55416

Exporting data to a Syslog server http://www.symantec.com/docs/HOWTO55417

What happens every X minutes in Symantec Endpoint Protection Manager

http://www.symantec.com/docs/TECH172201

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

JDUM's picture

Thanks a lot for your quick reply.

I'm currently checking your links and will do a feedback after.

 

JDUM's picture

In this part

http://www.symantec.com/business/support/index?page=content&id=HOWTO55416

there is this sentence :

Entries are placed in a .tmp file until the records are transferred to the text file.

But which is the trigger that change the tmp file into text (.log) file ?

I only find in your last link this :

Task

Initial Delay

Frequency

Description

Type

Product

ExternalLoggingTask

10 seconds

1 minute

Sends logs to Syslog Server and export logs to a dump file

Fixed delay task

SEP11.x & SEP12.x

 

Mithun Sanghavi's picture

Hello,

There may be a Task Running which may be collecting all the information in the .tmp files and once done, these .tmp may be converted to the .txt / .log files.

More like a buffer getting created for giving you the end result.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.