Endpoint SWAT: Protect the Endpoint Community

 View Only

  • 1.  ERR files keep coming back after cleaning

    Posted Oct 15, 2013 02:22 AM

    Noticed this morning that err files are being generated under the logs folder. After cleaning, the ERR files reappear again . What can I check or do to see why the ERR files are being generated.  I have this issue on 2 environments (11Ru7mp2 and 12ru3).

    What can I check with the DB Admin to troubleshoot - also could it be that the SEPM's cant handle the load? Running 2 SEPM's per version. SQL version= 2012 SQL database.



  • 2.  RE: ERR files keep coming back after cleaning

    Posted Oct 15, 2013 02:33 AM

    Hi,

    That issue are fixed in SEP 12.1.3

    Files with .err extension are not cleaned up

    Fix ID: 2767546

    Symptom: The Symantec Endpoint Protection Manager produces files with the .err extension but does not clean them up. This causes the Symantec Endpoint Protection Manager to miss the parsing of events.

    Solution: Fixed the code to bypass the error. Symantec Endpoint Protection Manager continues to process the log and record the error line

     

    New fixes and features in Symantec Endpoint Protection 12.1.3

     

    Article:TECH206828 | Created: 2013-06-03 | Updated: 2013-06-18 | Article URL http://www.symantec.com/docs/TECH206828

    If issue still present you can contact symantec support



  • 3.  RE: ERR files keep coming back after cleaning

    Posted Oct 15, 2013 03:22 AM

    So does this mean that the logs still get processed but I still have to manually remove the ERR files?

    Also, why is it happening on SEP 11 - ?



  • 4.  RE: ERR files keep coming back after cleaning

    Posted Oct 15, 2013 03:23 AM

    How do I know that the ERR files have been processed anyways and not losing vital AV data?



  • 5.  RE: ERR files keep coming back after cleaning
    Best Answer

    Posted Oct 15, 2013 07:47 AM

    Hi ThavenshinP,

    Basically the threads come up with an appropriate format (.tmp, .dat).

    It switch to .err when they failed to be processed at time by bcp.exe or due to lack of perform from your SQL server.


    It can also happen when they were queued and not processed after a while.

    They can be cleaned up once they get this .err format without stopping any services.

    How many managed clients you have so far ?

    As you're using a dedicated SQL Server for your SEPM database, I supposed you have a large quantity of managed clients.

    Ensure to optimize the communication settings for all your managed clients in consequence.

    Increase the HeartBeat interval and switch to Pull mode as well.

    If the Heartbeat Interval is too low it might be the reasons why bcp.exe and your SQL Server struggle to process of the SEP clients threads at time.

     

    Kind regards,

    A. Wesker