Use the Collection tab of the Logs screen (System > Servers > Logs) to collect log files and configuration files from one or more Symantec Data Loss Prevention servers. You can collect files from a single detection server or from all detection servers, as well as from the Enforce Server computer. You can limit the collected files to only those files that were last updated in a specified range of dates.
The Enforce Server administration console stores all log and configuration files that you collect in a single ZIP file on the Enforce Server computer. If you retrieve files from multiple Symantec Data Loss Prevention servers, each server's files are stored in a separate subdirectory of the ZIP file.
Operational, debug, trace log files are stored in the server_identifier/logs subdirectory of the ZIP file. server_identifier identifies the server that generated the log files, and it corresponds to one of the following values:
If you collect log files from the Enforce Server, Symantec Data Loss Prevention replaces server_identifier with the string Enforce. Note that Symantec Data Loss Prevention does not use the localized name of the Enforce Server.
If a detection server's name includes only ASCII characters, Symantec Data Loss Prevention uses the detection server name for the server_identifier value.
If a detection server's name contains non-ASCII characters, Symantec Data Loss Prevention uses the string DetectionServer-ID-id_number for the server_identifier value. id_number is a unique identification number for the detection server.
If you collect agent service log files or operational log files from an Endpoint Prevent server, the files are placed in the server_identifier/agentlogs subdirectory. Each agent log file uses the individual agent name as the log file prefix.
Follow this procedure to collect log files and log configuration files from Symantec Data Loss Prevention servers.
To collect log files from one or more servers
Click the Collection tab if it is not already selected.
Use the Date Range menu to select a range of dates for the files you want to collect. Note that the collection process does not truncate downloaded log files in any way. The date range limits collected files to those files that were last updated in the specified range.
To collect log files from the Enforce Server, select one or more of the checkboxes next to the Enforce Server entry to indicate the type of files you want to collect.
To collect log files from one or all detection servers, use the Select a Detection Server menu to select either the name of a detection server or the Collect Logs from All Detection Servers option. Then select one or more of the checkboxes next to the menu to indicate the type of files you want to collect.
Click Collect Logs to begin the log collection process.
The administration console adds a new entry for the log collection process in the Previous Log Collections list at the bottom of the screen. If you are retrieving many log files, you may need to refresh the screen periodically to determine when the log collection process has completed.
Note: You can run only one log collection process at a time.
To cancel an active log collection process, click Cancel next to the log collection entry. You may need to cancel log collection if one or more servers are offline and the collection process cannot complete. When you cancel the log collection, the ZIP file contains only those files that were successfully collected.
To download collected logs to your local computer, click Download next to the log collection entry.
To remove ZIP files stored on the Enforce Server, click Delete next to a log collection entry.