Operational log files
The Enforce Server and the detection servers store operational log files in the
c:\ProgramData\Symantec\DataLossPrevention\<
directory on Windows installations and in the EnforceServer
or DetectionServer
>logs\/var/log/Symantec/DataLossPrevention/<
directory on Linux installations. A number at the end of the log file name indicates the count (shown as 0 in Operational log files).EnforceServer
or DetectionServer
>/15.8.00000/Operational log files lists and describes the
Symantec Data Loss Prevention
operational log files.Log file name | Description | Server |
|---|---|---|
agentmanagement_webservices_access_0.log | Logs successful and failed attempts to access the Agent Management API web service. | Enforce Server |
agentmanagement_webservices_soap_0.log | Logs the entire SOAP request and response for most requests to the Agent Management API web Service. | Enforce Server |
boxmonitor_operational_0.log | The BoxMonitor process oversees the detection server processes that pertain to that particular server type. For example, the processes that run on Network Monitor are file reader and packet capture. The BoxMonitor log file is typically very small, and it shows how the application processes are running. | All detection servers |
detection_operational_0.log | The detection operation log file provides details about how the detection server configuration and whether it is operating correctly. | All detection servers |
detection_operational_trace_0.log | The detection trace log file provides details about each message that the detection server processes. The log file includes information such as:
| All detection servers |
machinelearning_training_operational_0.log | This log records information about the tasks, logs, and configuration files called on startup of the VML training process. | Enforce Server |
manager_operational_0.log. | Logs information about the Symantec Data Loss Prevention manager process, which implements the Enforce Server administration console user interface. | Enforce Server |
monitorcontroller_operational_0.log | Records a detailed log of the connections between the Enforce Server and all detection servers. It provides details about the information that is exchanged between these servers including whether policies have been pushed to the detection servers or not. | Enforce Server |
SmtpPrevent_operational0.log | This operational log file pertains to SMTP Prevent only. It is the primary log for tracking the health and activity of a Network Prevent for Email system. Examine this file for information about the communication between the MTAs and the detection server. | SMTP Prevent detection servers |
WebPrevent_Access0.log | This access log file contains information about the requests that are processed by Network Prevent for Web detection servers. It is similar to web access logs for a proxy server. | Network Prevent for Web detection servers |
WebPrevent_Operational0.log | This operational log file reports on the operating condition of Network Prevent for Web , such as whether the system is up or down and connection management. | Network Prevent for Web detection servers |