Beruflich Dokumente
Kultur Dokumente
5
Log Files
Reference Guide
COPYRIGHT
Copyright © 2009 McAfee, Inc. All Rights Reserved.
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form
or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.
TRADEMARK ATTRIBUTIONS
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE
EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN,
WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in
connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property
of their respective owners.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED,
WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH
TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS
THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET,
A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU
DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN
THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.
License Attributions
Refer to the product Release Notes.
Server logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Agent logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
About log file path variables, file size and backup logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Contents
Installer logs
Server logs
Agent logs
Rogue System Detection logs
About log file path variables, file size and backup logs
Logging levels for debugging
Adjusting the Tomcat log level
Troubleshooting policy updates
Interpreting Windows error codes
Agent activity log
Installer logs
Installer log files contain details about the ePolicy Orchestrator installation process including:
• Actions taken by specific components
• Administrator services used by the server
EPO450-Install-MSI.log The primary ePO installation log. This file logs all %temp%\McAfeeLogs
details about the installation including:
• Installer actions
• Installation failures
Server logs
Server log files contain details on server functionality and various administrator services used
by ePolicy Orchestrator 4.5.
Table 2: Server logs
Log file name Description Location
Agent logs
Agent log files contain actions triggered or taken by the McAfee Agent.
Table 3: Agent logs
Log file name Description Location
Agent_<system>.log Generated on client systems when the server deploys <Agent DATA Path>\DB
an agent to them. This file contains details related
to:
• Agent-to-server communication
• Policy enforcement
• Other agent tasks
MCScript.log Contains the results of script commands used during <Agent DATA Path>\DB
agent deployment and updating. To enable the
DEBUG mode for this log, set the following DWORD
value on the client’s registry key:
HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK
ASSOCIATES\TVD\SHARED
COMPONENTS\FRAMEWORK\DWDEBUGSCRIPT=2
NOTE: McAfee recommends that you delete this key
when you are finished troubleshooting.
PrdMgr_<SYSTEM>.log Contains details about agent communications with <Agent DATA Path>\DB
other McAfee products.
RSDSensor_out.log Contains details about all actions performed by the Program Files\McAfee\RSD
sensor. Sensor
log4cplus.rootLogger This is the root logger. All loggers that do not have WARN
a specifically assigned value use the value set here.
log4cplus.logger. This is the logger for network traffic visible to the WARN
RSDSensor.NetListner sensor.
log4cplus.logger. This is the logger for the host resolver which the WARN
RSDSensor.Resolver sensor uses to determine operating system
information.
log4cplus.appender. This value defines the name of the log file. $(SENSOR_DIR)\RSDSensor_out.log
SENSORLOG.File
NOTE: This value should not be
modified.
log4cplus.appender. This value defines the size of the log file. When the 5MB
SENSORLOG.MaxFileSize log reaches the specified size limit a new file is
created that is appended with a numeric value. For
example, RSDSensor_out.log.1. Numbers are
appended chronologically, where the highest number
denotes the oldest log. When the maximum number
of logs is reached, the oldest is deleted.
log4cplus.appender.SENSORLOG. This value specifies how many log files should be 5
MaxBackupIndex retained.
<Agent DATA Path> To determine the actual location of the agent data files, view this registry key
HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\TVD\SHARED
COMPONENTS\FRAMEWORK\DATA PATH. For more information, see “Agent
installation directory” in the ePolicy Orchestrator 4.5 Product Guide or Help.
%temp% This is the Temp folder of the currently logged on user. To access this folder, select
Start | Run, then type %temp% in the Open text box, and click OK.
<InstallDir> The default location of the ePolicy Orchestrator 4.5 server software is
C:\PROGRAM FILES\MCAFEE\EPOLICY ORCHESTRATOR
The following table describes each message type and logging level.
Table 7: Messages reported at each log level
Message type Description Logging
level
The following table lists the locations of the values that control logging levels, which can be
modified.
NOTE: You cannot modify the logging levels of all logs.
Table 8: Location of values controlling log levels and when they take effect
Log file Location of controlling log level value Setting change takes
effect...
Jakarta_Service_<DATE>.log For more information, see "Adjusting the Tomcat log Upon startup of McAfee ePolicy
level." Orchestrator 4.5.0 Application
Server service.
Localhost_access_log.<DATE>.txt For more information, see "Adjusting the Tomcat log Upon startup of McAfee ePolicy
level." Orchestrator 4.5.0 Application
Server service.
Log file Location of controlling log level value Setting change takes
effect...
Task
1 Using a text editor, open the Log-Config.xml file, located at:
C:\PROGRAMFILES>\McAfee\ePolicyOrchestrator\Server\conf\orion
2 In the following line of text, replace “warn” with “info” or “debug”:
<root><priority value ="warn"/><appender-ref ref="ROLLING" /><appender-ref ref="STDOUT/></root>
3 Save and close the file.
Tomcat automatically adjusts the log level when the McAfee ePolicy Orchestrator 4.5.0
Application Server services is restarted.
Task
1 Create the DWORD registry value SAVEAGENTPOLICY = 1 in:
HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\EPOLICY ORCHESTRATOR
2 Restart all ePolicy Orchestrator services.
The ePolicy Orchestrator server creates the file
<AGENTGUID>_<TIMESTAMP>_SERVER.XML at <INSTALLATION PATH>\DB\DEBUG,
which contains a copy of the content that the server deployed.
NOTE: You can also use the ERRLOOK.EXE utility to determine the cause of these error
codes. This utility is distributed with Microsoft Visual Studio.