Symantec Encryption Management Server Debug Logging

Article:TECH149337  |  Created: 2009-03-18  |  Updated: 2013-07-23  |  Article URL http://www.symantec.com/docs/TECH149337
Article Type
Technical Solution


Issue



This article details how to configure additional logging and debugging on the Symantec Encryption Management Server (formerly PGP Universal Server) to assist in troubleshooting issues on the server.

 


Environment



Symantec Encryption Management Sever 3.3.x

PGP Universal Server 3.2.x


Solution



Debug Logging Concerns

Although debug logging is very useful when troubleshooting issues or gaining a better understanding of the system, PGP Corporation does not recommend running debug logging all the time. Concerns about debug logging include:

  • Data privacy. Unencrypted mail content may get written to disk or private keys may be shown.
  • Performance. Debug logging slows the server down, especially when the global options are used.
  • Log size. Information can be more difficult to find, or the logs can fill the entire disk.

Note: Be sure to delete the log files once they are no longer needed. This preserves space and restores privacy.

debug.xml is a configuration file that controls all PGP-related logging. This file is divided into different sections, one per log, as well as a section, <global> , that overrides all other sections when implemented.

The debug.xml file is located in the /etc/ovid/ directory, which is accessible by typing the URL https://<servername_or_IP_address>:9000/omc/EditDebugPrefs.event in your browser's address bar. This is a hidden page in the PGP Universal Server administrative interface.

The debug.xml file contains the following sections:
 

  • <global> section so that the pasted setting is applied to all of the log files (to which the setting is relevant).
  • <pgpproxyd>: Controls the proxyd log file, which corresponds to the Email log available in the interface on the Reporting>Logs page.
  • <pgpsyncd>: Controls the syncd log file.  Historically, setting these parameters would correspond with the clustering log available in the interface on the Reporting>Logs page.  Enabling debug here will also put the Client logging into debug and is useful when troubleshooting client issues (such as Symantec Encryption Desktop Enrollment). 
  • <pgpupdate>: Controls the update log file, which corresponds to the Update log available in the interface on the Reporting>Logs page.
  • <pgpbackup>: Controls the backup log file, which corresponds to the Backup log available in the interface on the Reporting>Logs page.
  • <pgptcpwrapper>: Controls the tcpwrapper log file, which logs communication with the directory server. This log file is not available through the product user interface.
  • <pgptokend>: Controls the tokend log file, which logs events involving ignition keys. This log file is not available through the product user interface.

To assist in troubleshooting issues, change the <log-level> value in the related section to debug.

To Turn Debug Logging On:

  1. Type https://<servername>:9000/omc/EditDebugPrefs.event in your browser address bar
  2. Enter username and password of administrative account that currently configured on the Symantec Encryption Management Server
  3. Set the <log-level> value to debug in the section you wish to troubleshoot.

    Note: If you want to enable a setting across all the log files, copy the setting and paste it in the section.
     
  4. Click Save to update the debug settings.

If you changed settings in either the <proxyd> or <syncd> sections of the file, then restart the pgpuniversal service.

To restart the service:

  1. Click the System card then select General tab.
  2. Scroll down and click the Restart Services button.

 

To Turn Debug Logging Off:

  1. Type https://<servername>:9000/omc/EditDebugPrefs.event in your browser address bar.
  2. Enter username and password of administrative account that currently configured on the Symantec Encryption Management Server
  3. Set the <log-level> value to info for the section section where you want disable debug logging.
  4. Click Save to update the debug settings.

If you changed settings in either the <proxyd> or <syncd> sections of the file, then restart the pgpuniversal service.

To restart the service:
 

  1. Click the System card then select General tab.
  2. Scroll down and click the Restart Services button.

Note:To put PGP Universal Server into debug mode using the debug URL listed above, the Administrator role must be a SuperUser.

Below is an example of section configuration used by Technical Support for the most informative logging used for troubleshooting. Please use this kind of settings with caution as debug logging with such options require a lot of empty disk space and may result in performance degradation on highly loaded systems.

    <coredumps>true</coredumps>
    <log-level>debug</log-level>
    <proxylib-log-level>debug</proxylib-log-level>
    <log-raw-lines>true</log-raw-lines>
    <log-sql>true</log-sql>
    <log-xml>true</log-xml>
    <log-tls>true</log-tls>
    <log-thread-pool>false</log-thread-pool>
    <log-db-pool>false</log-db-pool>
    <log-reads-and-writes>false</log-reads-and-writes>
 



Legacy ID



1272


Article URL http://www.symantec.com/docs/TECH149337


Terms of use for this information are found in Legal Notices