How to enable debugging of the Symantec Enforcer Appliance
|Article:TECH103211|||||Created: 2007-01-19|||||Updated: 2012-04-26|||||Article URL http://www.symantec.com/docs/TECH103211|
With the Symantec Network Access Control (SNAC) product, how is debugging enabled on the Symantec Enforcer Appliance?
The Enforcer Appliance has a debug and a capture command built-in.
Type debug at the CLI to change the prompt to Enforcer(debug)#. You can then use the following commands:
- Destination : Configure where Enforcer should store the debug files. The options are: disk, memory and both. Disk means to store the debug files on the hard disk, Memory means to store debug files in memory. Both is the default and means to store debug files in both memory and disk.
- Level : Used to set what kind of debug information the Enforcer should store. There are six levels: disable, fatal, error, information, support and engineer. Disable stops all debug logging while the other options set the debug level. "Engineer" is the most detailed and "Error" is the default.
- Show files : List the debug files that have been saved. Usually kernel.log and user.log. You can use the commands show kernel, show user or show file filename.log to see the log files at the console. The live keyword can be appended to the command line for user and kernel to see updates in realtime. Example: show kernel live
- Upload : Upload debug files to a TFTP server. The command is available in version 5.1.5 and later of the Enforcer software, and the syntax depends on the version:
- In version 5.1.5 and later the syntax is upload kernel.log tftp://10.0.0.12
- In SNAC 11.x MR3 and later the syntax is upload tftp 10.0.0.12 filename kernel.log
Type capture at the CLI to change the prompt to Enforcer(capture)#. You can then use the following commands:
- Filter: Set the filter for the packet capture. The options are: auth, spm, failover, all and client. Auth means to capture authentication packets among Agent, Enforcer and SPM. SPM means to capture enforcer and SPM communicate packets. Failover means capture Enforcer failover packets. All means capture Auth, SPM and Failover packets. Client is used to set the client IP-Range for authentication packets. IP-Range format can contain IP address, IP range and subnet.
- Verbose: Used to turn On/Off the displaying of packet details in the console while the capture is running. Enabled by default.
- Start: Start packet capture. You must use the "ESC" key to stop the capture ("Ctrl-C" does not work).
- Show files : List the packet capture files that have been saved. The file-names are based on the date and time, for example Jun-07-2007-11-03-28.cap.
- Upload : Upload packet capture files to a TFTP server. The command is available in version 5.1.5 and later of the Enforcer software, and the syntax depends on the version:
- In version 5.1.5 and later the syntax is upload Jun-07-2009-11-03-28.cap tftp://10.0.0.12
- In SNAC 11.x MR3 and later the syntax is upload tftp 10.0.0.12 filename Jun-07-2009-11-03-28.cap
In addition: For versions of the Enforcer software before SNAC 11.x MR3 there is a terminal command available for both debug and capture. If the Enforcer appliance is connected to a hyper terminal on the serial port you can also use the following commands for uploading files:
- Compress: Turn on/off file compression before sending a file to the client. File compression is turned on by default.
- Xmodem, Ymodem, Kermit: These commands are used to transfer files to the terminal machine. The transfer speed is correlation with Baud-rate, the min Baud-rate we support is 4800.
- Xmodem: Contains two child commands: option and send. Option is used to choose a protocol to send file, consist of 1k/checksum/crc modem, if you want to use checksum modem, you need use a tool ttermp on terminal machine, others can’t support checksum. Send is used to send files, must use full file name, the debug file exist on /opt/GatewayEnforcer/debug/debug.log.
- Ymodem: Contains three child commands: option, batch, send. Option is used to choose a protocol to send file, consist of 1k/g/crc modem. Send and batch is used to send files, Send must use full file name, Batch can send all the files match a name, so “Send” can only transfer one file, but “batch” can transfer multiply files.
- Kermit: Contains 2 child commands: Send and Batch. Kermit only has one protocol to send file, it haven’t option selection. Like Ymodem, Send command must use full file name and only send one file each time, “Batch” can transfer multiply files which match a name.
- TECH102413 - How to: Debug the Symantec Endpoint Protection Manager (SEPM) console
TECH105599 - How to: Enable debugging of the Symantec Integrated Enforcer Plugin
TECH102412 - How to debug the Symantec Endpoint Protection client
Article URL http://www.symantec.com/docs/TECH103211