Operational log files

Operational log files

The Enforce Server and the detection servers store operational log files in the
c:\ProgramData\Symantec\DataLossPrevention\<
EnforceServer
or
DetectionServer
>logs\
directory on Windows installations and in the
/var/log/Symantec/DataLossPrevention/<
EnforceServer
or
DetectionServer
>/15.8.00000/
directory on Linux installations. A number at the end of the log file name indicates the count (shown as 0 in Operational log files).
Operational log files lists and describes the
Symantec Data Loss Prevention
operational log files.
Operational log files
Log file name
Description
Server
agentmanagement_webservices_access_0.log
Logs successful and failed attempts to access the Agent Management API web service.
Enforce Server
agentmanagement_webservices_soap_0.log
Logs the entire SOAP request and response for most requests to the Agent Management API web Service.
Enforce Server
boxmonitor_operational_0.log
The
BoxMonitor
process oversees the detection server processes that pertain to that particular server type.
For example, the processes that run on Network Monitor are file reader and packet capture.
The
BoxMonitor
log file is typically very small, and it shows how the application processes are running.
All detection servers
detection_operational_0.log
The detection operation log file provides details about how the detection server configuration and whether it is operating correctly.
All detection servers
detection_operational_trace_0.log
The detection trace log file provides details about each message that the detection server processes. The log file includes information such as:
  • The policies that were applied to the message
  • The policy rules that were matched in the message
  • The number of incidents the message generated.
All detection servers
machinelearning_training_operational_0.log
This log records information about the tasks, logs, and configuration files called on startup of the VML training process.
Enforce Server
manager_operational_0.log.
Logs information about the
Symantec Data Loss Prevention
manager process, which implements the Enforce Server administration console user interface.
Enforce Server
monitorcontroller_operational_0.log
Records a detailed log of the connections between the Enforce Server and all detection servers. It provides details about the information that is exchanged between these servers including whether policies have been pushed to the detection servers or not.
Enforce Server
SmtpPrevent_operational0.log
This operational log file pertains to SMTP Prevent only. It is the primary log for tracking the health and activity of a
Network Prevent for Email
system. Examine this file for information about the communication between the MTAs and the detection server.
SMTP Prevent detection servers
WebPrevent_Access0.log
This access log file contains information about the requests that are processed by
Network Prevent for Web
detection servers. It is similar to web access logs for a proxy server.
Network Prevent for Web detection servers
WebPrevent_Operational0.log
This operational log file reports on the operating condition of
Network Prevent for Web
, such as whether the system is up or down and connection management.
Network Prevent for Web detection servers