-
Symantec Articles
-
- Converting your LOB tables from BasicFiles to SecureFiles format in Symantec Data Loss Prevention 14.6 and 15.x:
- Error: "ORA-28000: the account is locked" in Symantec DLP Enforce
- How to change the "protect" user password in the Oracle database for Symantec DLP
- How to default to the local database when logging in from the command line
- How to Extend Oracle tablespace (LOB_TABLESPACE, USERS, etc.) when almost full
- How to Removing Oracle Database Client Software for symantec DLP
- Show all articles ( 1 ) Collapse Articles
-
- Best Practice for Endpoint Agents with Antivirus Protection
- Creating a new agent attribute in Symantec DLP
- Generating agent installation packages for Symantec DLP
- How to collect the Endpoint Agent logs
- How to install the Symantec DLP Agent (Windows)
- How to remove the Symantec DLP Endpoint Agent (Mac)
- How to remove the Symantec DLP Endpoint Agent (Windows)
- How to Speed up the incident traffic from endpoint to endpoint server
- How to start DLP Agents that run on Mac endpoints
- How to troubleshoot DLP Agent status not reporting as expected on Enforce
- Troubleshoot Agents not reporting into the Enforce Console
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 7 ) Collapse Articles
-
- Configuring LDAP Lookup Plugins in Symantec DLP 15.5+
- Creating a new agent attribute in Symantec DLP
- Default ports used by Symantec DLP
- Disable SSLv3, TLSv1.1, and TLSv1.0 on Data Loss Prevention components
- fixing Enforce Server migration fail for three-tier environments due to "DatabaseProcessCheck"
- Generating Syslog messages from Symantec Data Loss Prevention
- How To Access DLP incidents
- How to Configure AD User login Authentication in Enforce for Data Loss Prevention 15.x and above
- How to configure the LDAP Lookup Plug-In within Symantec DLP
- How to create a report in Symantec DLP
- How To create a user role in Symantec DLP
- How to create users in Symantec DLP
- How to create, sign, and import an SSL certificate signed by a Trusted Certificate Authority
- How to create, start & stop Discover scans in Symantec DLP
- How to enable Finest level logging on DLP agents
- How to enable Syslog Logging for Symantec Data Loss Prevention
- How to export incidents in Symantec DLP
- How to filter incidents and Summarise in Symatec DLP
- How to gather a process dump using the ProcDump Tool
- How to increase the max number of incidents exported within Symantec DLP
- How To Login to the Symantec DLP Console
- How to Obtain a Broadcom/Symantec Support Site ID
- How to obtain the Symantec DLP Server Log files: location and description
- How to restart Symantec DLP services (14.6-15.0)
- How to restart Symantec DLP Services for Oracle Patching
- How To Restore the DLP Enforce Server across platforms in three-tier deployments
- How to set incident status in Symantec DLP
- How to solve Error: "Error 1802: Corrupted incident received"
- The maximum number of Agents than can be allowed to export, print or mail from Agents Summary Report or Agents Legacy Summary Report.
- What Are the Differences Between the “same” and “any” Components in Symantec DLP Rules?
- Show all articles ( 25 ) Collapse Articles
-
- Best Practices for Scanning Files Larger Than 30MB Using Discover
- Default ports used by Symantec DLP
- How To Access DLP incidents
- How to filter incidents and Summarise in Symatec DLP
- How To troubleshoot DLP Network Discover scan common errors
- Symantec Network Detection is not working for DLP User Groups that index the Domain Users AD Security Group
- Troubleshooting Symantec File Reader Restarts
- Show all articles ( 2 ) Collapse Articles
-
-
Netskope Articles
- Articles coming soon
-
CloudKnox Articles
- Articles coming soon
-
O365
- Articles coming soon
-
DLP Programmes
-
How To Guides
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |
There are multiple methods of increasing the logging level on the clients. Use the one that best fits your needs.
Method 1: Enabling finest level logging through the console
- Browse to the Agent Overview. System > Agents > Overview. Click the number under the green checkbox to view the ok clients.
- Check the checkbox next to the agent you want to increase the logging level for.
- Click the Troubleshooting dropdown and select “Set Log Level”
- On the Log Level drop-down select “FINEST”. Leave the all agent logger components checked then click OK.
A Task Running icon (clipboard with a play button) will appear next to the agent. If the agent does not communicate with the server in the configured timeout window then the task will timeout and the logging level will not be increased. If that is the case then check the client communication or enable logging through a script or locally to the machine (as shown in the options below)
Method 2: Enable FINEST level logging using update configuration.exe (only available on DLP 15.0 and below)
This method is used if the agents are not communicating to the DLP Endpoint server.
Locate the agent install files .zip, that was used when generating the agent install package. (This .zip can also be obtained through https://mybroadcom.com) Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent folder. We specifically need the update_configuration.exe.
Once the tools are in the DLP Agent folder run the following commands:
update_configuration.exe -name=LoggerStatus -setting=IsDefaultLogLevelChanged -type=str -value=1
update_configuration.exe -name=LogLevel -setting=DefaultLevel -type=str -value=FINEST
update_configuration.exe -name=Logging -setting=MaxFileSizeBytes -type=int -value=10240000
update_configuration.exe -name=Logging -setting=MaxFiles -type=int -value=10
Now run the following commands to stop the service, remove the old log files then restart the service:
del edpa*.log
sc start edpa
The edpa*.log files will now be readable on the client side with increased logging level set to FINEST and increased number of files and log file size.
Method 3: Enable FINEST level using the Vontu_sqlite3 tool local to the client
This is the only local option for OSX Mac clients to increase the logging level because there is no update_configuration.exe equivalent tool for mac.
This method is used if the agents are not communicating to the DLP Endpoint server. The additional commands in this method also increase the size and number of log files in case the logs are too small for the increased logging level.
Locate the agent install files .zip, that was used when generating the agent install package. Extract and copy the tools folder appropriate for the client architecture to the client machine in the DLP Endpoint Agent folder. We specifically need the vontu_sqlite3 and service_shutdown tools.
For Reference the default agent locations are:
Mac OSX: /Library/Manufacturer/Endpoint\ Agent/
Windows: c:\Program Files\Manufacturer\Endpoint Agent\
Once the tools are in the DLP Agent folder run the following commands:
vontu_sqlite3 -db=cg.ead
Apply the tools password as needed. Then use the following commands in the vontu_sqllite3 tool to update the configuration (Note these are case sensitive):
Update CONFIGURATION set VALUE=”1″ where NAME=”LoggerStatus” and SETTING=”IsDefaultLogLevelChanged”;
Update CONFIGURATION set VALUE=”FINEST” where NAME=”LogLevel” and SETTING=”DefaultLevel”;
REPLACE INTO configuration VALUES(‘Logging’,’MaxFileSizeBytes’,’long’,’10240000′);
REPLACE INTO configuration VALUES(‘Logging’,’MaxFiles’,’int’,’10’);
.exit
Now run the following commands to stop the service, remove the old log files then restart the service:
Windows:
del edpa*.log
sc start edpa
Mac OSX:
sudo rm edpa*.log
sudo launchctl load /Library/LaunchDaemons/com.symantec.manufacturer.agent.plist
The edpa*.log files will now be readable on the client side with increased logging level set to FINEST and increased number of files and log file size.
Method 4: Enable FINEST level using the Vontu_sqlite3 via script
This method can be used to enable logging on many machines remotely via script similar to the functionality of update_configuration.exe by calling the Vontu_sqlite3.exe with the appropriate arguements and then echoing in the sql command. Note that this will expose the tools password in the script used. This method is valid in all current versions of DLP.
The following is an example windows script that can be used as a template:
REM Sets FINEST level logging with increased max files and max size and deobfuscates log
cd “program files\Manufacturer\Endpoint Agent\
Rem Copy version specific agent tools from the network
copy \\server\share\AgentTools15_0_MP1\vontu_sqlite3.exe
copy \\server\share\AgentTools15_0_MP1\service_shutdown.exe
copy /y \\server\share\AgentTools15_0_MP1\*.dll
echo Update CONFIGURATION set VALUE=0 where NAME=”Logging” and SETTING=”Obfuscate”; | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo Update CONFIGURATION set VALUE=”1″ where NAME=”LoggerStatus” and SETTING=”IsDefaultLogLevelChanged”; | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo Update CONFIGURATION set VALUE=”FINEST” where NAME=”LogLevel” and SETTING=”DefaultLevel”; | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo Update CONFIGURATION set VALUE=”10240000″ where NAME=”Logging” and SETTING=”MaxFileSizeBytes”; | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo Update CONFIGURATION set VALUE=”10″ where NAME=”Logging” and SETTING=”MaxFiles”; | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo INSERT INTO configuration VALUES(‘Logging’,’MaxFileSizeBytes’,’long’,’10240000′); | vontu_sqlite3.exe -db=cg.ead -p=protect4
echo INSERT INTO configuration VALUES(‘Logging’,’MaxFiles’,’long’,’10’); | vontu_sqlite3.exe -db=cg.ead -p=protect4
service_shutdown -p=protect4
net start edpa
0 out Of 5 Stars
5 Stars | 0% | |
4 Stars | 0% | |
3 Stars | 0% | |
2 Stars | 0% | |
1 Stars | 0% |