Views:

Security Server

To turn on debug log in WFBS Security Server:

Log on to the Security Server.
Click the letter 'R' in the word "TREND".
Mark Enable debug log check box.
Enter the Log Filename.
Click Save.
You will get "You have successfully turned debug on." message. Click Close.

Module	Debug Log location
Security Server	Security Server debug log (ofcdebug.log)	Refer to log Filename you specified.
	Active Update	%ServerFolder%\Web\Service\AU_log\Tmudump.txt --- Advanced --- Server side Go to ..\PCCSRV\Admin. Modify the configuration file"aucfg.ini". Copy aucfg.ini to .. \PCCSRV\Web\Service folder. Add ======= [debug] level=-1 ======= Default is 5. Restart the Security Server Master Service. Log path C:\TM\SS\PCCSRV\Web\Service\ AU_Data\AU_Log \ TmuDump.txt
	Install/Upgrade/Uninstall	%WINDIR%\Temp\WFBS_Debug folder In addition,ofcdebug.log if LogServer is launched separately.
Smart Scan Server	Update	%ServerFolder%\WSS\AU.ini %ServerFolder%\WSS\FRSVersion.ini %ServerFolder%\WSS\UpdatePattern.ini %ServerFolder%\WSS\service.ini %ServerFolder%\WSS\diagnostic.log %ServerFolder%\WSS\Access.log %ServerFolder%\WSS\AU_Data\AU_ Log\TmuDump.txt %ServerFolder%\WSS\spsc\log\*.log

Security Agent

To turn on the debug log on the Security Agent:

Go to client installation folder.
Find and copy the following files to root C:\:
1. ofcdebug.ini
2. LogServer.exe
3. TmDbg20.dll.
Modify ofcdebug.ini under root C:\
c:\ofcdebug.ini

[debug]
debuglevel=9
debuglevel_new=d
debugSplitSize=104857600
debugRemoveAfterSplit=0
debugSplitPeriod=24
RequireFreeSpace=209715200
debuglog=c:\Ofcdebug.log
Double-click LogServer.exe to run debug.

Module	Log location
Client Log	Virus log	%ClientFolder% \misc\pccnt35.log
Clean up log	%ClientFolder%\report\YYYYMMDD.log
Connection Status	%ClientFolder%\ConnLog\Conn_xxxxxxxx.log
Login Script	\Winnt\ofcNT.log
Upgrade	%ClientFolder%\temp\upgrade.log
Smart Client	%ClientFolder%\ssNotify.ini %ClientFolder%\icrc.dat %ClientFolder%\BF.ptn
Activeupdate	Client side Go %ClientFolder%. Modify the configuration file“aucfg.ini” Add ======= [debug] level=-1 ======= Default is 5. Reload the Client Log path %ClientFolder%\AU_Data\AU_Log\TmuDump.txt
Client Debug Log	Install/Upgrade/Uninstall	All installation /upgrade methods: %WINDIR%\Temp\WFBS_Debug folder In addition, for remote install: ofcdebug.log on the SS Upgrade failed from WFBS %ClientFolder%\Temp\upgrade*.log
TSC	Open %ClientFolder%\tsc.ini Change the value of "DebugInfoLevel" to "3". Save the file, and then reproduce. Debug log will be created at: %ClientFolder%\Debug\ TSCDebug.log If DebugInfoLevel=4 or 5, you have to replace tsc.exe with tsc_qa.exe which will be provided by engine team.
VSAPI	%systemroot%\tmfilter.log Method 1: Use setdbg.exe Method 2: Change registry below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\TMFilter\Parameters\DebugLogFlags=0x3eff
SSAPI	Add a DWORD Value in the registry: Open the Registry Editor. Go to HKLM\Software\TrendMicro\ PC-cillinNTCorp\Current Version\Misc.\ Create a DWORD (32-bit) Value with the following values: Name: EnableSSAPILog Value Data: 1 Collect C:\SSAPI.log and c:\ofcdebug.log.
PFW rule table	Go to %ClientFolder%\, and type "TmPfw dump". Get the log "!PfwDump.txt" under %ClientFolder%.
Behavior Monitoring	Open the Registry Editor, and go to HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS. Add DWORD(32-bit) and type 'DebugLogFlags' with a Hexadecimal value of 32 (e.g. DebugLogFlags REG_DWORD x00000032(50)). Reload the Security Agent. Replicate the problem. The AEGIS logs will be written to ..\Trend Micro\BM\log\.log folder on the SA side. Collect the following logs as well: TrendMicro\BM\log\.log Trend Micro\BM\Eyes\log\*.log (After 11 SP1 CP1) TrendMicro\Security Agent\Log\TMBMCliyyyymmdd_nn.log
Firewall	Open %ClientFolder%\TmPfw.ini. Modify Enable=1 under InteractiveSession and ServiceSession, and then reproduce the issue. Collect the following logs: C:\temp\ddmmyyyy_NSC_TmPfw.log C:\ofcdebug.log
POP3 mail scan and IM	From TMAS: Open %ClientFolder%\TMAS_OL\TMAS_OL.ini, and then set debug=1. Open %ClientFolder%\TMAS_OE\TMAS_OE.ini,,br> and then set debug=1. Collect the Debug logs from the following locations: <ProgramData>\Trend Micro\OL\Users\ <user name>\log On Windows XP, <ProgramData>=C:\Documents and Settings\All Users\Application Data On Window Vista, <ProgramData> = c:\ProgramData\ Note: If TMAS has enable/disable problem, collect registry in HKCU\Software\Microsoft\OEMonCtl and HKCU\Software\Microsoft\Office\Outlook\Addins. For TmProxy: Open %Program Files%\Trend Micro\Client Server Security Agent\TmProxy.ini with a text editor. (e.g. Notepad) Modify the entries as follows: [InteractiveSession] Enable=1 [ServiceSession] Enable=1 Collect C:\temp\ddmmyyyy_NSC_TmProxy.log.
Web Reputation and URL Filtering	Open %Program Files%\Trend Micro\Security Agent\TmOsprey.ini with a text editor. (e.g. Notepad) Modify the entries as follows: [InteractiveSession] Enable=1 [ServiceSession] Enable=1 Collect C:\temp\ddmmyyyy_EE_TmOsprey.etl. Use OspreyEtl2Txt tool to convert ETL file to TXT file. Unzip Tools_pwd_novirus.zip to C:\. Run command prompt as administrator. Run the following command: C:\OspreyEtl2Txt\[x86/x64]>TmOpEtl2txt.bat <etl filename> <SA path> Example: TmOpEtl2txt.bat 2012-05-18_EE_TmOsprey.etl C:\Program Files\Trend Micro\Security Agent
PLM	Server side: Install: PCCSRV\PLMLog.txt Uninstall: %TEMP%\PLMLog.txt Note: This will not generate the log if PLM is uninstalled from Add/Remove Programs C:\ofcdebug.log Client side: C:\ofcdebug.log tmudump
TMAS Toolbar	Open %ClientRoot%\TMAS\TMAS_OL\TMAS_OL.ini. Change the value of "Debug" to "1". Reproduce the issue. Collect the log from the following location: C:\ProgramData\Trend Micro\OL\Users\ <User mail account>\log\*.log

Messaging Security Agent:

Scenario	Log Location
MSA Log	Install/Uninstall/Upgrade	\\source server\%WinDir%\OFCMAS.LOG
		\\source & target servers\%WinDir%\Temp\*.log
		\\source & target servers\%TEMP%\*.log
		\\target server\<MSA>\SMEX_DatabaseCreation.log
		\\target server\<MSA>\web_server_info.ini
		\\target server\<MSA>\Debug\*.log
		\\GC, DC, DNS, source and target servers\Application event logs
		\\GC, DC, DNS, source and target servers\System event logs
		\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\\.logs
		\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
		\\source and target servers\ ==> ipconfig /all ==> everything on the screen
	Others	\\source server\ ==> Turn on SS debug log, reproduce bugs, collect SS debug logs and then turn off SS debug log
		\\target server\ ==> Turn on MSA debug log, reproduce bugs, collect <MSA>\Debug\*.log and then turn off MSA debug log
		\\target server\<MSA>\web_server_info.ini
		\\GC, DC, DNS, source and target servers\Application event logs
		\\GC, DC, DNS, source and target servers\System event logs
		\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\\.logs
		\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
		\\source and target servers\ ==> ipconfig /all ==> everything on the screen

Messaging Security Agent (MSA)

To turn on/off debug for MSA:

Log on to the Security Server.
Go to Devices.
Select the Messaging Security Agent.
Click Configure Policy.

^{Click image to enlarge.}
A new screen appears. Go to Operations > Support/Debugger.

^{Click image to enlarge.}

Remote Manager Agent

Turn on RM Agent debug log step:

Go to the installation folder of WFRM agent (e.g C:\Program Files\Trend Micro\WFRMAgentForWFBS).
Find and open the AgentLocalConfig.xml.
Enable the Debug log level to ALL.

Example:
<DebugLogLevel>LL_FOR_ALL</DebugLogLevel>
PS: Original level: <DebugLogLevel>LL_FOR_ERROR</DebugLogLevel>
Restart the WFRM Agent Service.

Below is the WFRM Agent debug log path:

<RM Agent Installed folder>\log (e.g. C:\Program Files\Trend Micro\WFRMAgentForWFBS\log)

If LMP-RM automatic agent installation fails, follow the debug procedure below.

If RM agent fails to install automatically, collect debug log information from the server.

Make sure that the following requirements are met:
When troubleshooting Licensing Management Platform (LMP), Verify if the activation code used is issued from a valid LMP account.

To verify the AC:
Go to Administration > Product License. Replace the AC with an LMP WFBS issued license.

^{Click image to enlarge.}
Uninstall any existing TMR agent.
Turn on debug log in WFBS Security Server.
1. Log on to the Security Server.
2. Click the letter M under the word "TREND".
  
  ^{Click the image to enlarge.}
3. Tick the Enable debug log option.
4. Enter the log file name.
5. Click Save.
6. Trigger Remote Manager Agent Installation
  1. Modify the registry below.
    
    For x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro
    \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1
    
    For x86 HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
    \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1
  2. Refresh the Regedit page and wait for the DWORD to change to "0".
  3. Wait for a few minutes. The TMRM Agent installation process will start automatically.
7. Disable debug.
8. Search and submit ofcdebug.log to Trend Micro if RM agent fails to install.

System Logs

Type	OS	log location
System Event Log	All	C:\Windows\System32\winevt\Logs\System.evtx
Application Error	2008 and above	C:\Windows\System32\winevt\Logs\Application.evtx
BlueScreen	2008 and above	C:\WinNT\memory.dmp C:\Windows\Mini####.dmp
IIS	2008 and above	C:\inetpub\logs\LogFiles\W3SVC1 (when using default website) C:\inetpub\logs\LogFiles\W3SVC# (when using virtual website; check Site # of OfficeScan in IIS Manager).

Keywords: Debugging,DEBUG,Checklist,Submission Checklist,Logs,dns lookup,debug log,debug logging,debug folders,debug location,aegis debug flags,aegis debuglogflags,wfbs log,worry-free logs

Debugging procedures in Worry-Free Business Security (WFBS)

Product / Version includes:

Worry-Free Business Security StandardAll

Last updated: 2024/02/29

Solution ID: KA-0003060

Category: Configure , Deploy

Summary

Learn how to get debug logs to resolve issues that you may encounter in WFBS.

EXPAND ALL

Security Server

To turn on debug log in WFBS Security Server:

Log on to the Security Server.
Click the letter 'R' in the word "TREND".
Mark Enable debug log check box.
Enter the Log Filename.
Click Save.
You will get "You have successfully turned debug on." message. Click Close.

Module	Debug Log location
Security Server	Security Server debug log (ofcdebug.log)	Refer to log Filename you specified.
	Active Update	%ServerFolder%\Web\Service\AU_log\Tmudump.txt --- Advanced --- Server side Go to ..\PCCSRV\Admin. Modify the configuration file"aucfg.ini". Copy aucfg.ini to .. \PCCSRV\Web\Service folder. Add ======= [debug] level=-1 ======= Default is 5. Restart the Security Server Master Service. Log path C:\TM\SS\PCCSRV\Web\Service\ AU_Data\AU_Log \ TmuDump.txt
	Install/Upgrade/Uninstall	%WINDIR%\Temp\WFBS_Debug folder In addition,ofcdebug.log if LogServer is launched separately.
Smart Scan Server	Update	%ServerFolder%\WSS\AU.ini %ServerFolder%\WSS\FRSVersion.ini %ServerFolder%\WSS\UpdatePattern.ini %ServerFolder%\WSS\service.ini %ServerFolder%\WSS\diagnostic.log %ServerFolder%\WSS\Access.log %ServerFolder%\WSS\AU_Data\AU_ Log\TmuDump.txt %ServerFolder%\WSS\spsc\log\*.log

Security Agent

To turn on the debug log on the Security Agent:

Go to client installation folder.
Find and copy the following files to root C:\:
1. ofcdebug.ini
2. LogServer.exe
3. TmDbg20.dll.
Modify ofcdebug.ini under root C:\
c:\ofcdebug.ini

[debug]
debuglevel=9
debuglevel_new=d
debugSplitSize=104857600
debugRemoveAfterSplit=0
debugSplitPeriod=24
RequireFreeSpace=209715200
debuglog=c:\Ofcdebug.log
Double-click LogServer.exe to run debug.

Module	Log location
Client Log	Virus log	%ClientFolder% \misc\pccnt35.log
Clean up log	%ClientFolder%\report\YYYYMMDD.log
Connection Status	%ClientFolder%\ConnLog\Conn_xxxxxxxx.log
Login Script	\Winnt\ofcNT.log
Upgrade	%ClientFolder%\temp\upgrade.log
Smart Client	%ClientFolder%\ssNotify.ini %ClientFolder%\icrc.dat %ClientFolder%\BF.ptn
Activeupdate	Client side Go %ClientFolder%. Modify the configuration file“aucfg.ini” Add ======= [debug] level=-1 ======= Default is 5. Reload the Client Log path %ClientFolder%\AU_Data\AU_Log\TmuDump.txt
Client Debug Log	Install/Upgrade/Uninstall	All installation /upgrade methods: %WINDIR%\Temp\WFBS_Debug folder In addition, for remote install: ofcdebug.log on the SS Upgrade failed from WFBS %ClientFolder%\Temp\upgrade*.log
TSC	Open %ClientFolder%\tsc.ini Change the value of "DebugInfoLevel" to "3". Save the file, and then reproduce. Debug log will be created at: %ClientFolder%\Debug\ TSCDebug.log If DebugInfoLevel=4 or 5, you have to replace tsc.exe with tsc_qa.exe which will be provided by engine team.
VSAPI	%systemroot%\tmfilter.log Method 1: Use setdbg.exe Method 2: Change registry below: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\ services\TMFilter\Parameters\DebugLogFlags=0x3eff
SSAPI	Add a DWORD Value in the registry: Open the Registry Editor. Go to HKLM\Software\TrendMicro\ PC-cillinNTCorp\Current Version\Misc.\ Create a DWORD (32-bit) Value with the following values: Name: EnableSSAPILog Value Data: 1 Collect C:\SSAPI.log and c:\ofcdebug.log.
PFW rule table	Go to %ClientFolder%\, and type "TmPfw dump". Get the log "!PfwDump.txt" under %ClientFolder%.
Behavior Monitoring	Open the Registry Editor, and go to HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\AEGIS. Add DWORD(32-bit) and type 'DebugLogFlags' with a Hexadecimal value of 32 (e.g. DebugLogFlags REG_DWORD x00000032(50)). Reload the Security Agent. Replicate the problem. The AEGIS logs will be written to ..\Trend Micro\BM\log\.log folder on the SA side. Collect the following logs as well: TrendMicro\BM\log\.log Trend Micro\BM\Eyes\log\*.log (After 11 SP1 CP1) TrendMicro\Security Agent\Log\TMBMCliyyyymmdd_nn.log
Firewall	Open %ClientFolder%\TmPfw.ini. Modify Enable=1 under InteractiveSession and ServiceSession, and then reproduce the issue. Collect the following logs: C:\temp\ddmmyyyy_NSC_TmPfw.log C:\ofcdebug.log
POP3 mail scan and IM	From TMAS: Open %ClientFolder%\TMAS_OL\TMAS_OL.ini, and then set debug=1. Open %ClientFolder%\TMAS_OE\TMAS_OE.ini,,br> and then set debug=1. Collect the Debug logs from the following locations: <ProgramData>\Trend Micro\OL\Users\ <user name>\log On Windows XP, <ProgramData>=C:\Documents and Settings\All Users\Application Data On Window Vista, <ProgramData> = c:\ProgramData\ Note: If TMAS has enable/disable problem, collect registry in HKCU\Software\Microsoft\OEMonCtl and HKCU\Software\Microsoft\Office\Outlook\Addins. For TmProxy: Open %Program Files%\Trend Micro\Client Server Security Agent\TmProxy.ini with a text editor. (e.g. Notepad) Modify the entries as follows: [InteractiveSession] Enable=1 [ServiceSession] Enable=1 Collect C:\temp\ddmmyyyy_NSC_TmProxy.log.
Web Reputation and URL Filtering	Open %Program Files%\Trend Micro\Security Agent\TmOsprey.ini with a text editor. (e.g. Notepad) Modify the entries as follows: [InteractiveSession] Enable=1 [ServiceSession] Enable=1 Collect C:\temp\ddmmyyyy_EE_TmOsprey.etl. Use OspreyEtl2Txt tool to convert ETL file to TXT file. Unzip Tools_pwd_novirus.zip to C:\. Run command prompt as administrator. Run the following command: C:\OspreyEtl2Txt\[x86/x64]>TmOpEtl2txt.bat <etl filename> <SA path> Example: TmOpEtl2txt.bat 2012-05-18_EE_TmOsprey.etl C:\Program Files\Trend Micro\Security Agent
PLM	Server side: Install: PCCSRV\PLMLog.txt Uninstall: %TEMP%\PLMLog.txt Note: This will not generate the log if PLM is uninstalled from Add/Remove Programs C:\ofcdebug.log Client side: C:\ofcdebug.log tmudump
TMAS Toolbar	Open %ClientRoot%\TMAS\TMAS_OL\TMAS_OL.ini. Change the value of "Debug" to "1". Reproduce the issue. Collect the log from the following location: C:\ProgramData\Trend Micro\OL\Users\ <User mail account>\log\*.log

Messaging Security Agent:

Scenario	Log Location
MSA Log	Install/Uninstall/Upgrade	\\source server\%WinDir%\OFCMAS.LOG
		\\source & target servers\%WinDir%\Temp\*.log
		\\source & target servers\%TEMP%\*.log
		\\target server\<MSA>\SMEX_DatabaseCreation.log
		\\target server\<MSA>\web_server_info.ini
		\\target server\<MSA>\Debug\*.log
		\\GC, DC, DNS, source and target servers\Application event logs
		\\GC, DC, DNS, source and target servers\System event logs
		\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\\.logs
		\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
		\\source and target servers\ ==> ipconfig /all ==> everything on the screen
	Others	\\source server\ ==> Turn on SS debug log, reproduce bugs, collect SS debug logs and then turn off SS debug log
		\\target server\ ==> Turn on MSA debug log, reproduce bugs, collect <MSA>\Debug\*.log and then turn off MSA debug log
		\\target server\<MSA>\web_server_info.ini
		\\GC, DC, DNS, source and target servers\Application event logs
		\\GC, DC, DNS, source and target servers\System event logs
		\\source and target servers\ ==> IIS Manager ==> %WinDir%\system32\LogFiles\\.logs
		\\target server\ ==> regedit ==> HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro\ScanMail for Exchange\*
		\\source and target servers\ ==> ipconfig /all ==> everything on the screen

Messaging Security Agent (MSA)

To turn on/off debug for MSA:

Log on to the Security Server.
Go to Devices.
Select the Messaging Security Agent.
Click Configure Policy.

^{Click image to enlarge.}
A new screen appears. Go to Operations > Support/Debugger.

^{Click image to enlarge.}

Remote Manager Agent

Turn on RM Agent debug log step:

Go to the installation folder of WFRM agent (e.g C:\Program Files\Trend Micro\WFRMAgentForWFBS).
Find and open the AgentLocalConfig.xml.
Enable the Debug log level to ALL.

Example:
<DebugLogLevel>LL_FOR_ALL</DebugLogLevel>
PS: Original level: <DebugLogLevel>LL_FOR_ERROR</DebugLogLevel>
Restart the WFRM Agent Service.

Below is the WFRM Agent debug log path:

<RM Agent Installed folder>\log (e.g. C:\Program Files\Trend Micro\WFRMAgentForWFBS\log)

If LMP-RM automatic agent installation fails, follow the debug procedure below.

If RM agent fails to install automatically, collect debug log information from the server.

Make sure that the following requirements are met:
When troubleshooting Licensing Management Platform (LMP), Verify if the activation code used is issued from a valid LMP account.

To verify the AC:
Go to Administration > Product License. Replace the AC with an LMP WFBS issued license.

^{Click image to enlarge.}
Uninstall any existing TMR agent.
Turn on debug log in WFBS Security Server.
1. Log on to the Security Server.
2. Click the letter M under the word "TREND".
  
  ^{Click the image to enlarge.}
3. Tick the Enable debug log option.
4. Enter the log file name.
5. Click Save.
6. Trigger Remote Manager Agent Installation
  1. Modify the registry below.
    
    For x64 HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\TrendMicro
    \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1
    
    For x86 HKEY_LOCAL_MACHINE\SOFTWARE\TrendMicro
    \OfficeScan\service\PrThread Set PerformPrCheckNow (DWORD) to 1
  2. Refresh the Regedit page and wait for the DWORD to change to "0".
  3. Wait for a few minutes. The TMRM Agent installation process will start automatically.
7. Disable debug.
8. Search and submit ofcdebug.log to Trend Micro if RM agent fails to install.

System Logs

Type	OS	log location
System Event Log	All	C:\Windows\System32\winevt\Logs\System.evtx
Application Error	2008 and above	C:\Windows\System32\winevt\Logs\Application.evtx
BlueScreen	2008 and above	C:\WinNT\memory.dmp C:\Windows\Mini####.dmp
IIS	2008 and above	C:\inetpub\logs\LogFiles\W3SVC1 (when using default website) C:\inetpub\logs\LogFiles\W3SVC# (when using virtual website; check Site # of OfficeScan in IIS Manager).

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Debugging procedures in Worry-Free Business Security (WFBS)

Security Server

Security Agent

Messaging Security Agent (MSA)

Remote Manager Agent

System Logs

Debugging procedures in Worry-Free Business Security (WFBS)

Product / Version includes:

Summary

Security Server

Security Agent

Messaging Security Agent (MSA)

Remote Manager Agent

System Logs