Network Prevent for Web protocol debug log files

Network Prevent for Web
protocol debug log files

To enable ICAP trace logging, set the
Icap.EnableTrace
advanced setting to
true
and use the
Icap.TraceFolder
advanced setting to specify a directory to receive the traces.
Symantec Data Loss Prevention
service must be restarted for this change to take effect.
Trace files that are placed in the specified directory have file names in the format:
timestamp
-
conn_id
. The first line of a trace file provides information about the connecting host IP and port along with a timestamp. File data that is read from the socket is displayed in the format <<
timestamp number_of_bytes_read
. Data that is written to the socket is displayed in the format >>
timestamp number_of_bytes_written
. The last line should note that the connection has been closed.
Trace logging produces a large amount of data and therefore requires a large amount of free disk storage space. Trace logging should be used only for debugging an issue because the data that is written in the file is in clear text.