Lumension® KnowledgeBase

Article Number:
542

Date Created:
04/28/2011

Last Updated:
03/28/2017

Article Type:
How-To Procedures

Obtaining various log files from Lumension Endpoint Security

Description

Product:

Endpoint Security

Versions:

All Lumension Endpoint Security (LES) products

Summary:

This article describes how to create log files with Lumension Endpoint Security (formerly Sanctuary) products.  When Lumension Support is requesting specific log files from the LES product at install or during runtime, here are the locations and parameters to enable logging.

Details

LOGGING OPTIONS IN CURRENT LES RELEASES

Installation Logging

sx DB creation (sx = Sanctuary SQL Database)

During database creation, 3 log files are produced: sxdbi.log, setupdb.log and setupdbCustom.log.
These are located in the %TMP% directory.

SXS installation (SXS= Sanctuary Application Server)

By default, 2 log files are produced: setupsxs.log and setupsxsCustom.log.
These are located in the %TMP% directory.

SMC installation (SMC= Sanctuary Management Console)

By default, 2 log files are produced: setupsmc.log and setupsmcCustom.log
These are located in the %TMP% directory.

Authorization Wizard installation

By default, 2 log files are produced: setupauthsrv.log and setupauthsrvCustom.log
These are located in the %TMP% directory.

LES client installation (Version 4.x only)

By default, 2 log files are produced: setupcltsu.log and setupcltsuCustom.log
These are located in the %TMP% directory

Logging during client upgrades

Logging during client upgrades is done automatically, but for upgrades done in command-line mode, the following string should be added to the command-line:

/L*v %TMP%\upgrade.log

For GPO deployments, use the VOICEWARMUP arguments described here:

http://support.microsoft.com/kb/223300

Operations Logging

Logging at SXS operating level

  • Create a folder named temp at the root of C:\
  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sxs\Parameters
      • Modify the entry Log to file, setting its Value to yes
      • Modify the entry Log file name, setting its Value to C:\temp\SXS.LOG
  • Stop SXS service (net stop sxs)
  • Start SXS service (net start sxs)

Note: To switch off logging (recommended), set Log to File to no and stop and restart the SXS service.

Logging at SXS synchronization level (SXS logging must be enabled already)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sxs\Parameters
      • Modify the entry VerboseSyncLogging, setting its Value to yes
  • Stop SXS service (net stop sxs)
  • Start SXS service (net start sxs)

Logging at SCOMC operating level (Sanctuary v3.x and above)

  • Create a folder named temp at the root of C:\
  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scomc\Parameters
      • Modify the entry Log to file, setting its Value to yes
      • Modify the entry Log file name, setting its Value to C:\temp\scomc.log
  • Reboot the computer

Note: To switch off logging (recommended), set Log to file to No and reboot.

Logging at BURN-ENGINE (Encrypted CD/DVD burning) operating level (LES v4.3.2 and above)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\scomc\Parameters
      • Create/Modify the entry burninglogs, setting its Value to C:\burnlog.txt
  • Reboot the computer

Logging at SK operating level (Sanctuary 3.1.x and later)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk\Parameters
      • Create a DWORD entry called Debug, setting its Value to 3
  • Reboot the computer
  • The file skdebug.txt can be now found in the %SYSTEMROOT%\sxdata folder.

Note: To switch off logging (recommended), reset to 0 and reboot.

Logging at Filetool level (LES Application Control 4.3.0 and later only)

  • Start Regedit, open BOTH of these keys: 
  • On 32bit OS:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Lumension Security\FileToolExe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Lumension Security\FileToolDll
  • On 64bit OS:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lumension Security\FileToolExe
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lumension Security\FileToolDll
  • Modify (Create if necessary) the REG_SZ entry Log To File, setting its Value to yes
  • Modify (Create if necessary) the REG_SZ entry Log To Console, setting its Value to no
  • Modify (Create if necessary) the REG_SZ entry Log File Name
  • Two Values will be set here:
    • C:\temp\filetoolexe.log (for the EXE entry)
    • C:\temp\filetooldll.log (for the DLL entry)

Logging at RTNotify level (LES 4.3 and later only)

  • Start Regedit, open the key
  • On 32bit and 64bit OS:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Lumension Security\RTNotify
  • You will need to create the Lumension Security and RTNotify branches.
  • Modify (Create if necessary) the REG_SZ entry Log To File, setting its Value to yes
  • Modify (Create if necessary) the REG_SZ entry Log File Name, setting its Value to C:\rtnotify.log
  • Reboot the computer

Note: To switch off logging (recommended), set Log to File to no and reboot.

Logging at SDC Shell Extension level (LES 4.3 and later only)

  • Start Regedit, open the key
  • On 32bit OS:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Lumension Security\Dcext
  • On 64bit OS:
    • HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Lumension Security\Dcext
  • Modify (Create if necessary) the REG_SZ entry Log To File, setting its Value to yes
  • Modify (Create if necessary) the REG_SZ entry Log File Name, setting its Value to C:\dcext.log
  • Now start the client installation and see if anything gets logged.

Note: To switch off logging (recommended), set Log to File to no and reboot.

Logging at Extensions level (LES 4.3 SR1 and later only)

  • Start Regedit, open the key
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sk\Parameters
      • You will need to create the keys manually.
      • Modify (Create if necessary) the REG_SZ entry Log To File, setting its Value to yes
      • Modify (Create if necessary) the REG_SZ entry Log File Name, setting its Value to sxwmon.log
  • Reboot the computer

Note: The default path is %SYSTEMROOT%\system32 if none is specified.
Note: To switch off logging (recommended), set Log to File to no and reboot.

LOGGING OPTIONS SPECIFIC TO OBSOLETE LES RELEASES

Installation Logging

SDC client installation (Sanctuary Device Control 3.x only)

By default, 1 log file is produced: setupclt.log
This is located in the %TMP% directory.

SXD client installation (Sanctuary Application Control 2.x only)

By default, 1 log file is produced: setupsxd.log
This is located in the %TMP% directory.

SND client installation (Sanctuary Device Control 2.x only)

By default, 1 log file is produced: setupsnd.log
This is located in the %TMP% directory.

Operation Logging

Logging at RTNotify level (Sanctuary Device Control 4.2.x and lower only)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SOFTWARE\SecureWave\RTNotify
      • You will need to create the Securewave and RTNotify branches if they are not in place.
      • Modify (create if necessary) the REG_SZ entry Log to file, setting its Value to yes
      • Modify (create if necessary) the REG_SZ entry Log file name, setting its Value to C:\rtnotify.log
  • Reboot the computer

Note: To switch off logging (recommended), set Log to File to no and reboot.

Logging at SDPM operating level (Sanctuary Device Control 3.0.x only)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sdevpm\Parameters
      • Modify (create if necessary) the REG_DWORD entry Debug, setting its Value to 3
  • Reboot the computer
Note: To switch off logging (recommended), reset to 0 and reboot.

Logging at SND operating level (Sanctuary Device Control 2.x only)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\snd\parameters
      • Modify (create if necessary) the REG_DWORD entry Debug
      • Options for the Value field are:
        • 1 = generate debug messages for debugger
        • 2 = save debug messages to file c:\sndlog.txt
        • 3 = combination of 1 and 2 (recommended)
  • Reboot the computer

Note: To switch off logging (recommended), set Debug to 0 and reboot.

Logging at WLD level (Sanctuary Device Control 2.x for 2000/XP/2003 only)

  • Start Regedit, open the key:
    • HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\WLD\Parameters
      • Modify (create if necessary) the REG_DWORD entry Log, setting its Value to 1
  • Reboot the computer
  • There will now be a log file C:\wldlog.txt

Note: To switch off logging (recommended), set Log back to 0 and reboot.

12345678910
Current rating: 3.3