Views:

The server0.log file is the main log output for errors and activities in the DSM.

Enable debug using the following steps:

  1. Stop the Deep Security Manager service.
  2. Open the logging.properties file under:

    For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    For Linux: /opt/dsm/jre/lib

  3. Add one or more of the debug options enumerated below, depending on the issue you encountered. We recommend adding the lines to the last part of the file for easy monitoring and maintenance.
  4. Save the changes and close the file.
  5. Start the DSM service.

Here are the debugging options:

 
All parameters are case-sensitive.
 

Option 1: UI Related Issues

  • com.thirdbrigade.manager.webclient.screens.level=ALL

Option 2: Configuration and Protocol Issues

  • com.thirdbrigade.manager.webclient.screens.level=ALL
  • com.thirdbrigade.manager.core.protocol.session.CommandProtocolSession.level=ALL
  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterJob.level=ALL

Option 3: Scan Management Issues

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdater
    Command.level=ALL
  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdater
    CommandGetStatusEvents.level=ALL
  • com.thirdbrigade.manager.core.db.AgentEventPeer.level=ALL

Option 4: Anti-Malware Scan Issues

  • com.trendmicro.ds.antimalware.jobs.HostUpdaterCommandInvokeAntiMalwareScanAction.level=FINE
  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterCommandVirtual
    AgentSync.level=FINE
  • com.thirdbrigade.manager.core.db.AgentEventPeer.level=FINE

Option 5: All screens, including Wizard-related Issues

  • com.thirdbrigade.manager.webclient.screens.level = ALL

Option 6:  vCenter-related Issues

  • com.thirdbrigade.manager.core.virtual.level=ALL

  • com.thirdbrigade.manager.core.virtualization.vmware.level = ALL

Option 7:  Database-related Issues

  • com.thirdbrigade.persistence1.level = ALL

Option 8: Startup Information Logging

  • com.thirdbrigade.manager.webclient.initialization.level = ALL
  • com.thirdbrigade.manager.core.Core = ALL

  • com.thirdbrigade.manager.core.security.ClientSecurityManager.level=ALL

Option 9: Host Updater Job (including agent security configuration XML) Debugging

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterJob.level=ALL
  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterCommand.level=ALL

Option 10: Agent Communication Protocol Logging

  • com.thirdbrigade.manager.core.protocol.level = ALL

Option 11: Detection Engine (ie Recommendation Scans) Logging

  • com.thirdbrigade.manager.core.detectionengine.level=ALL

Option 12: Manager Job-related Issues

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.HostJobScheduler.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobQueuingThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobCreationThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.ManagerJobs.level=ALL

Option 13: AD Synchronization Issues

  • com.thirdbrigade.manager.core.util.UserUtilities.level=ALL

Option 14: Dashboard Bean Performance Issues

  • com.thirdbrigade.manager.webclient.screens.DashboardBean.level=ALL

  • com.thirdbrigade.manager.webclient.ScreenServlet.level=ALL (to replace the preceding bullet)

Option 15: Active Update Issues

    • com.thirdbrigade.manager.core.au.level=ALL
    • com.thirdbrigade.manager.webclient.ActiveUpdateServlet.level=ALL
    • com.trendmicro.ds.vulnerabilityprotection.au
 
The entry "com.thirdbrigade.manager.webclient.ActiveUpdateServlet" is deleted after Deep Security 8.0.
The entry "com.trendmicro.ds.vulnerabilityprotection.au" is for the Vulnerability Protection Active Update folder, which is new in Deep Security 9.6.
 

Option 16: Maintenance Job and Entity Purge-related Issues

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.MaintenanceJob.level=ALL
  • com.trendmicro.ds.integrity.db.EntityPeer.level=ALL

Option 17: Enable ALL Logging on the manager

  • com.thirdbrigade.level = ALL

Option 18: Job Load and Performance Profile related

  • com.thirdbrigade.manager.core.scheduler.JobQueuingThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobLoad.level=ALL

Option 19: NSX syncing related logging

  • com.thirdbrigade.manager.core.virtual.NSXSync.level=ALL

Option 20: Rehoming

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterSession
  • com.trendmicro.manager.core.cloud.CloudSupportingServices

Option 21: AMI Baking Support

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterSession
  • com.trendmicro.manager.core.cloud.CloudSupportingServices

Option 22: CTD jobs

  • Com.thirdbrigade.manager.core.scheduler.jobschedulers.SuspiciousFileSubmission.Job.level=ALL
  • Com.thirdbrigade.manager.core.scheduler.jobschedulers.DDAnReportQueryJob.level=ALL

Option 23: DDAn API

  • Com.trendmicro.manager.core.ddan.level=ALL

Option 24: CTD AM

  • Com.trendmicro.ds.antimalware.ctd.level=ALL
  • Com.trendmicro.ds.antimalware.models.AntiMalwareQuarantinedFilesWizardDean.level=ALL

Option 25: Enable ALL Logging on the manager

  • com.thirdbrigade.level = ALL

Option 26: MDR debug DSM not sending to TIC/LUWAK

  • com.thirdbrigade.manager.core.notifications.AbstractTicSender.level = ALL
  • com.thirdbrigade.manager.core.util.TICClient.level = ALL

After enabling the DSM debug level, you can perform the following upon encountering an issue:

  1. Replicate the issue.
  2. Collect the new diagnostic package from the DSM server. For the procedure, refer to this KB article: Creating the Deep Security diagnostic package.
  3. Send the diagnostic package to Trend Micro Technical Support.

To disable debugging:

  1. Go to %ProgramFiles%\Trend Micro\Deep Security Manager\jre\lib\logging.properties.
  2. Remove the statements added to the end of the log.
  3. Restart the Deep Security Manager service.
Keywords: troubleshooting deep security,debug dsm,enabled debug mode,change debugging level,disable debug logging