Troubleshooting Symantec Linux Agent

(For 14.3 RU1 and later)
Resources for troubleshooting the Symantec Linux Agent
Action
Description
Checking the status of the agent.
To check the version and connection status of the agent and to confirm that the modules are loaded and daemons are running, navigate to
/usr/lib/symantec
and run the following command:
./status.sh
Checking the versions of the agent packages.
Navigate to
/usr/lib/symantec
and run the following command:
./version.sh
Viewing the logs.
You find the Symantec Linux Agent logs at the following locations:
  • AMD log - provides information related to scanning.
    /var/log/sdcsslog/amd.log
  • CAF log - provides information related to agent activities such as communication with the server, enrollment, commands, events, policy version, content version, etc.
    /var/log/sdcss-caflog/sisamd_x.log
  • Agent log - provides some consolidated information related to agent activities (scan info, update info).
    /var/log/sdcsslog/SISIDSEvents*.csv
  • CVE log - provides information related to communication between
    Symantec Endpoint Protection Manager
    and the agent.
    /var/log/sdcss-caflog/cve.log
Collecting the logs into a zip file.
You can use
GetAgentInfo
script to collect all log files into a ZIP file that you can send to customer support.
  1. Login to Symantec Linux Agent system.
  2. Navigate to
    /opt/Symantec/sdcssagent/IPS/tools/
    .
  3. Run
    ./getagentinfo.sh
    as root.
  4. A ZIP file will be created in
    /tmp/
    directory.
    The name of the file will look similar to
    20201208_184935_0001_CU_mihsan-rhel8.zip
    -out <directory>
    lets you change the location and the name of the generated ZIP file.
Changing the CVE logging level.
By default, the CVE logging level is
info
.
You can change the logging level to
debug
in the
/opt/Symantec/cafagent/bin/log4j.properties
file.
After changing the file, you must restart the
cafagent
service.
Changing the AMD logging level.
By default, the AMD logging level is
info
.
You can change the logging level to
trace
, to
warning
, or to
error
in the
/opt/Symantec/sdcssagent/AMD/system/AntiMalware.ini
file.
Before you modify the AntiMalware.ini file, stop the sisamdagent:
service sisamdagent stop
After you modify the file, restart the service:
service sisamdagent start
More Information