Beruflich Dokumente
Kultur Dokumente
0 Guide
COPYRIGHT Copyright 2007 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies. TRADEMARK ATTRIBUTIONS AVERT, EPO, EPOLICY ORCHESTRATOR, FLASHBOX, FOUNDSTONE, GROUPSHIELD, HERCULES, INTRUSHIELD, INTRUSION INTELLIGENCE, LINUXSHIELD, MANAGED MAIL PROTECTION, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, MCAFEE.COM, NETSHIELD, PORTALSHIELD, PREVENTSYS, PROTECTION-IN-DEPTH STRATEGY, PROTECTIONPILOT, SECURE MESSAGING SERVICE, SECURITYALLIANCE, SITEADVISOR, THREATSCAN, TOTAL PROTECTION, VIREX, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. License Attributions Refer to the product Release Notes.
Contents
Troubleshooting with Log Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Log file names and locations. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5 Typical issues addressed by logs. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7 Logging levels for debugging. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8 When setting changes take effect. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 10 Adjusting the Tomcat log level. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Logging agent updating and deployment scripts. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Troubleshooting policy updates. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11 Interpreting Windows error codes. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Agent activity log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12 Use of the VirusScan update log. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
All other log files are associated with ePolicy Orchestrator and its installer. Contents Log file names and locations Typical issues addressed by logs Logging levels for debugging When setting changes take effect Adjusting the Tomcat log level Logging agent updating and deployment scripts Troubleshooting policy updates Interpreting Windows error codes Agent activity log Use of the VirusScan update log
<INSTALLATION PATH>\DB\DEBUG (see Troubleshooting with Log Files) <CURRENT USERS TEMP DIRECTORY>\NAILOGS\EPO400-TROUBLESHOOT\ORION FRAMEWORK <CURRENT USERS TEMP DIRECTORY>\NAILOGS\EPO400-TROUBLESHOOT\ORION FRAMEWORK <CURRENT USERS TEMP DIRECTORY>\NAILOGS\ORION FRAMEWORK <CURRENT USERS TEMP DIRECTORY>\NAILOGS\EPO400-TROUBLESHOOT\ORION FRAMEWORK <INSTALLATION PATH>\DB\LOGS <CURRENT USERS TEMP DIRECTORY>\NAILOGS <CURRENT USERS TEMP DIRECTORY>\NAILOGS\MERCURY FRAMEWORK <CURRENT USERS TEMP DIRECTORY>\NAILOGS <INSTALLATION PATH>\MCAFEE\APACHE2\LOGS <INSTALLATION PATH>\DB\LOGS C:\WINDOWS\NAILOGS or C:\WINDOWS\TEMP\NAILOGS or C:\DOCUMENTS AND SETTINGS\<CURRENT USER\LOCAL SETTINGS\TEMP\NAILOGS PROGRAMFILES\MCAFEE\EPOLICY ORCHESTRATOR\SERVER\LOGS <CURRENT USERS TEMP DIRECTORY>\NAILOGS PROGRAMFILES\MCAFEE\EPOLICY ORCHESTRATOR\SERVER\LOGS <AGENT DATA PATH> <CURRENT USERS TEMP DIRECTORY>\NAILOGS PROGRAMFILES\MCAFEE\EPOLICYORCHESTRATOR\SERVER\LOGS
ENV-CORE-INSTALL.LOG
ENV-INSTALL.LOG
ENV-TOMCAT-INSTALL.LOG
JAKARTA_SERVICE_<DATE>.LOG
LICENSING.LOG LOCALHOST_ACCESS_LOG.<DATE>.TXT
Log file name PRDMGR_<SYSTEM>.LOG, PRDMGR_<SYSTEM>_BACKUP.LOG REPLICATION.LOG SERVER.LOG, SERVER_BACKUP.LOG SQL2K5bCINST.LOG STDERR.LOG
<INSTALLATION PATH>\DB\LOGS <INSTALLATION PATH>\DB\LOGS <CURRENT USERS TEMP DIRECTORY>\NAILOGS PROGRAMFILES\MCAFEE\EPOLICY ORCHESTRATOR\SERVER\LOGS <CURRENT USERS TEMP DIRECTORY>\NAILOGS
UPDATERUI_<SYSTEM>.LOG
NOTE: Paths that include the folder EPO400-TROUBLESHOOT point to the log file generated for a failed operation. If the operation succeeds, the path does not include the EPO400-TROUBLESHOOT folder. Table 2: Path variables
Variable <AGENT DATA PATH> Description The default location of the agent data files is <DOCUMENTS AND SETTINGS>\ALL USERS\APPLICATION DATA\MCAFEE\COMMON FRAMEWORK <DOCUMENTS AND SETTINGS> is the location of the DOCUMENTS AND SETTINGS folder, which depends on the operating system. If the operating system does not use a DOCUMENTS AND SETTINGS folder, the default location is <AGENT INSTALLATION PATH>\DATA. To determine the actual location of the agent data files, view this registry key HKEY-LOCAL_MACHINE\SOFTWARE\MCAFEE\TVD\SHARED COMPONENTS\FRAMEWORK\DATA PATH. For more information, see Agent installation directory in the ePolicy Orchestrator 4.0 Product Guide or Help. <CURRENT USERS TEMP DIRECTORY> This is the currently logged on users Temp folder. To access this folder, select Start | Run, then type %temp% in the Open text box, and click OK. The default location of the ePolicy Orchestrator 4.0 server software is C:\PROGRAMFILES\MCAFEE\EPOLICY ORCHESTRATOR
<INSTALLATION PATH>
Log file size and BACKUP logs When a log file reaches it maximum size, BACKUP is added to the file name extension and a new log file is created. For example, when AGENT_<SYSTEM>.LOG reaches it maximum size, its name becomes AGENT_<SYSTEM>_BACKUP.LOG. If a BACKUP log already exists, it is overwritten. Depending on how recently the BACKUP was created, it may contain current entries. Examine both log files to ensure comprehensiveness. The default log size is 1MB. To change the size, create the DWORD value LOGSIZE in the registry key HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\EPOLICY ORCHESTRATOR, then set the value data to the size desired. For example, 2=2MB.
Agent: installation; uninstallation Agent: push Agent: updating client, managed products Agent: wake-up Agent-server communication Backward Compatibility for SQL (if installed during ePolicy Orchestrator installation) Client tasks: communication
AGENT_<SYSTEM>.LOG AGENT_<SYSTEM>_BACKUP.LOG PRDMGR_<SYSTEM>.LOG PRDMGR_<SYSTEM>_BACKUP.LOG PRDMGR_<SYSTEM>.LOG PRDMGR_<SYSTEM>_BACKUP.LOG, MCSCRIPT.LOG AGENT_<SYSTEM>.LOG, SERVER.LOG, SERVER_BACKUP.LOG REPLICATION.LOG, EPOAPSVR.LOG, ORION.LOG ERRORLOG.<CURRENT_DATETIME> STDERR.LOG, JAKARTA_SERVICE_<DATE>.LOG, LOCALHOST_ACCESS_LOG.<DATE>.TXT EVENTPARSER.LOG, EVENTPARSER_BACKUP.LOG CORE-INSTALL.LOG, ENV-CORE-INSTALL.LOG, EPO-INSTALL.LOG, ENV-TOMCAT-INSTALL.LOG EPO400COMMONSETUP.LOG EPO400-INSTALL-MSI.LOG ORION.LOG LICENSING.LOG MIGRATION.LOG, EPO400-INSTALL-MSI.LOG ORION.LOG PRDMGR_<SYSTEM>.LOG, PRDMGR_<SYSTEM>_BACKUP.LOG
Communication: client-server
Distributed repositories Error: Apache web server Error: Tomcat servlet container
Events, event update Installation: ePolicy Orchestrator calls to background, foundation, or other platforms and technologies Installation: ePolicy Orchestrator custom actions Installation: ePolicy Orchestrator Interface: Issues arising after changes to... License Migration: from earlier version Notifications Plug-in files
See these log files AGENT_<SYSTEM>.LOG, AGENT_<SYSTEM>_BACKUP.LOG, SERVER.LOG <AGENTGUID>-<TIMESTAMP>.XML (if registry value has been set) SERVER.LOG EPOAPSVR.LOG, ORION.LOG, REPLICATION.LOG EPOAPSVR.LOG EPOAPSVR.LOG, ORION.LOG, REPLICATION.LOG AGENT_<SYSTEM>.LOG MCSCRIPT.LOG SERVER.LOG, SERVER_BACKUP.LOG, ORION.LOG EPO400COMMONSETUP.LOG, EPO400-INSTALL-MSI.LOG AGENT_<SYSTEM>.LOG, AGENT_<SYSTEM>_BACKUP.LOG UPDATERUI_<SYSTEM>.LOG <AGENTGUID>-<TIMESTAMP>.XML (if registry value has been set) MIGRATION.LOG, EPO400-INSTALL-MSI.LOG ORION.LOG
Policy update
Product property update Pull Push agent Replicate Script: client task Scripts: engine; messages Server: in general Server: installation Updating
Upgrading: from earlier version User interface: HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\EPOLICY ORCHESTRATOR, issues arising after changes to...
Table 4 describes each message type and logging level. Table 5 lists the locations where the values that control logging levels can be modified. Table 4: Messages reported at each log level
Message type Description Logging level 1 2 3 4 5 6 7 8
e (error) w (warning) i (information) x (extended data) E (error) W (warning) I (information), or none X (extended data)
User error message, translated User warning message, translated User information message, translated User extended information message, translated Debug error message, English only Debug warning message, English only Debug information message, English only Debug extended information message, English only
EPOAPPSVR.LOG
EVENTPARSER.LOG
FRMINST_<SYSTEM>.LOG
ORION.LOG
PRDMGR_<SYSTEM>.LOG
SERVER.LOG
UPDATERUI_<SYSTEM>.LOG
EPO-INSTALL.LOG EPO400-INSTALL-MSI.LOG
ERRORLOG<CURRENT_DATETIME> EVENTPARSER.LOG FRMINST_<SYSTEM>.LOG JAKARTA_SERVICE_<DATE>.LOG LICENSING.LOG LOCALHOST_ACCESS_LOG.<DATE>.TXT MCSCRIPT.LOG ORION.LOG PRDMGR_<SYSTEM>.LOG REPLICATION.LOG SERVER.LOG, SERVER_BACKUP.LOG SQL2K5bCINST.LOG STDERR.LOG
10
In the following line of text, replace warn with info or debug: <root><priority value ="warn"/><appender-ref ref="ROLLING" /><appender-ref ref="STDOUT/></root> Save and close the file. Tomcat automatically adjusts the log level when the service is restarted.
McAfee recommends that you delete this key when you are done troubleshooting.
11
NOTE: You can also use the ERRLOOK.EXE utility to determine the cause of these error codes. This utility is distributed with Microsoft Visual Studio
12