Views:

Choose any of the following topics where you have encountered issues to know the corresponding logs to gather.

Deep Security Manager (DSM)

Gather any of the following files:

  • For Windows:
    • %ProgramFIles%\Trend Micro\Deep Security Manager\server*.log
    • %ProgramFIles%\Trend Micro\Deep Security Manager\install.log
    • %ProgramFIles%\Trend Micro\Deep Security Manager\error.log
    • %ProgramFIles%\Trend Micro\Deep Security Manager\install4j\installation.log
    • C:\Program Files\Trend Micro\Deep Security Manager\webclient\webapps\ROOT\WEB-INF\ dsm.properties
  • For Linux:
    • uname –a
    • /opt/dsm/install.log
    • /opt/dsm/server*.log
    • /opt/dsm/error.log
    • /opt/dsm/.install4j/installation.log
    • /opt/dsm/webclient/webapps/ROOT/WEB-IN/dsm.properties

Deep Security Agent (DSA)

To enable the debug mode in Windows:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" content and save the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Delete ds_agent.ini file afterwards.
  6. Restart the service to disable debug mode.
  7. Run msinfo32.exe and save the following system information:
    • %SystemRoot%\inf\ setupapi.dev.log
    • %SystemRoot%\inf\ setupapi.app.log
    • %programdata%\Trend Micro\Deep Security Agent\diag\ds_agent*.log
    • %programdata%\Trend Micro\Deep Security Agent\am\ AMSP-Inst-YYYY-MM-DD.log
    • %Program Files%\Trend Micro\AMSP\debug\Amsp_DebugLog.log
    • %Program Files%\Trend Micro\AMSP\debug\Amsp_Event.log

To enable the debug mode in Linux:

  1. Get the following and take a screenshot:

    uname –a
    cat /proc/driver/dsa/info
    rpm -qa ds_agent
    /var/log/syslog
    /var/opt/ds_agent/diag/ds_agent.log
    lsmod | grep -i dsa_filter
    cat /proc/driver/dsa/info

  2. Create /etc/ds_agent.conf file.
  3. Add "Trace=*" content and save the file.
  4. Restart the DSA service.
  5. Replicate the issue.
  6. Delete ds_agent.conf file afterwards.
  7. Restart the service to disable debug mode.
  8. Collect /var/log/messages to collect debug log.

Deep Security Virtual Appliance (DSVA)

When collecting server*.log, enable the debug mode first:

  1. Stop the DSM service.
  2. Open the logging.properties file under any of the locations below:
    • For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    • For Linux: /opt/dsm/jre/lib
  3. Add the following items:

    com.thirdbrigade.level = ALL
    com.trendmicro.ds.level = ALL

  4. Save the changes and close the file.
  5. Start the DSM service.
  6. Collect the DSM diagnostic package.
  7. Collect the vmware.log of the specific virtual machine (VM) in VMware Datastore locally:
    1. Click on the VM.
    2. Go to Summary > Storage.
    3. Right-click Datastore and select Browse Datastore.
    4. Download the vmware.log.
  8. Take screenshots of installation and uninstallation failure and vCenter recent tasks.
 
For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
 

 
As a pre-requisite, customers need to unassign the Deep Security Policy first to check whether communications were blocked or not. If customers already unassigned the policy but the issue persists, check whether Windows firewall or Linux iptables are disabled.
 

Deep Security Manager

On the DSA, open a command prompt and run the following commands then copy the results to a text file:

  • Ping <DSM hostname exactly as it appears in DSA program window>
  • Nslookup <DSM hostname exactly as it appears in DSA program window>
  • Telnet <DSM hostname exactly as it appears in DSA program window> 4120

Once the command is completed, you may need to press CTRL-] to break the input.

To get the diagnostic package with debug mode enabled:

  1. Stop the DSM service.
  2. Open the logging.properties file under any of the following locations:
    • For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    • For Linux: /opt/dsm/jre/lib
  3. Add the following items:

    com.thirdbrigade.level = ALL
    com.trendmicro.ds.level = ALL

  4. Save the changes and close the file.
  5. Start the DSM service.
  6. Record the time stamp and then reproduce the issue.
  7. Collect the diagnostic package:
    1. Log in to the DSM console.
    2. Go to Administration > System Information.
    3. Click Create Diagnostic Package.
    4. Select everything and click Next.
    5. Save the created diagnostic package from client.
  8. Remove the following rows by adding the hash sign (#) prefix:

    #com.thirdbrigade.level = ALL
    #com.trendmicro.ds.level = ALL

  9. Save the changes and close the logging.properties file.
  10. Restart the DSM service to disable debug mode.

Deep Security Agent

For Windows:

On the DSM, open a command prompt and run the following commands, then copy the results to a text file:

  • Ping <DSA hostname exactly as it appears in DSM console>
  • Nslookup <DSA hostname exactly as it appears in DSM console>
  • Telnet <DSA hostname exactly as it appears in DSM console> 4118

Once the command is completed, you may need to press CTRL-] to break the input.

To get the diagnostic package with debug mode enabled:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue and record the time frame when the issue starts.
  5. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  6. Delete the ds_agent.ini file and restart the service to disable debug mode.

For Linux:

On the DSM, open command prompt and run the following commands, then copy the results to a text file:

  • Ping <DSA hostname exactly as it appears in DSM console>
  • Nslookup <DSA hostname exactly as it appears in DSM console>
  • Telnet <DSA hostname exactly as it appears in DSM console> 4118

Once the command is completed, you may need to press CTRL-] to break the input.

To get the diagnostic package with debug mode enabled:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages for the debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.conf file and restart the service to disable debug log.

Deep Security Virtual Appliance

  1. Enable debug logs for slowpath and increase the debug level using the command below:

    sudo killall -USR1 dsa_slowpath (increase the level by 1, default 1, max 4)

  2. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and select Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  3. Disable debug logs for slowpath. After log collection, decrease the debug level to normal:

    sudo killall -USR2 dsa_slowpath

Deep Security Relay (DSR)

For Windows:

On the DSM, open a command prompt and run the following commands, then copy the results to a text file:

  • Ping <DSA hostname exactly as it appears in DSM console>
  • Nslookup <DSA hostname exactly as it appears in DSM console>
  • Telnet <DSA hostname exactly as it appears in DSM console> 4118

Once the command is completed, you may need to press CTRL-] to break the input.

To get the diagnostic package with debug mode enabled:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Click the Actions tab > Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  6. Delete the ds_agent.ini file and restart the service to disable debug log.

For Linux:

From the DSM, open a command prompt and run the following commands, then copy the results to a text file:

  • Ping <DSA hostname exactly as it appears in DSM console>
  • Nslookup <DSA hostname exactly as it appears in DSM console>
  • Telnet <DSA hostname exactly as it appears in DSM console> 4118

Once the command is completed, you may need to press CTRL-] to break the input.

To get the diagnostic package with debug mode enabled:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages for the debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.conf file and restart service to disable debug log.
 
For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
 

Deep Security Manager

To get the diagnostic package with debug mode enabled:

  1. Stop the DSM service.
  2. Open the logging.properties file under any of the following locations:
    • For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    • For Linux: /opt/dsm/jre/lib
  3. Add the following items:

    com.thirdbrigade.level = ALL
    com.trendmicro.ds.level = ALL

  4. Save the changes and close the file.
  5. Start the DSM service.
  6. Collect diagnostic package:
    1. Log in to the DSM console.
    2. Go to Administration > System Information .
    3. Click Create Diagnostic Package.
    4. Select everything and click Next.
    5. Save the created diagnostic package from client.
  7. Remove the following rows by adding the hash sign (#) prefix:

    #com.thirdbrigade.level = ALL
    #com.trendmicro.ds.level = ALL

  8. Save the changes and close the logging.properties file.
  9. Restart the DSM service to disable debug mode.

Deep Security Agent

To get the diagnostic package with debug mode enabled:

For Windows:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  6. Delete the ds_agent.ini file and restart the service to disable debug log.

For Linux:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages for the debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.conf file and restart service to disable debug log.

Deep Security Relay

For Windows:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Enable iaurelay debug log:
    1. Log in to Relay server.
    2. Go to C:\Program Files\Trend Micro\Deep Security Agent\lib.
    3. Change "<level>300</level>" into "<level>-1</level>".

      The following are the log level values:

      all = -1, Enable all logs
      disable = 0, Disable logging completely
      err = 100, Only output error logs
      app = 300, Output application level logs
      dbg = 400, Output detailed logs for debugging
      vbs = 500, Output verbose logs including err, app, and dbg

      It is recommended to clean the iau.log file.

  5. Collect iaurelay.log from C:\Program Files\Trend Micro\Deep Security Agent\lib\iaulogs\iaurelay.log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.ini file and restart the service to disable debug log.

For Linux:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages for the debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and then, click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.conf file and restart service to disable debug log.
 
For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
 

Deep Security Manager

To get the diagnostic package with debug mode enabled:

For Windows:

  1. Log in to the DSM console.
  2. Go to Administration > System Information.
  3. Click Create Diagnostic Package.
  4. Select everything and click Next.
  5. Save the created diagnostic package from client.
  6. Collect *.mdmp under the following location:

    %programdata%\trend micro\deep security manager\diag\*.mdmp

  7. Manually collect the system events.

For Linux:

  1. Log in to the DSM console.
  2. Go to Administration > System Information.
  3. Click Create Diagnostic Package.
  4. Select everything and click Next.
  5. Save the created diagnostic package from client.
  6. Collect *.core file in the system. File path depends on the pattern_core file.

Deep Security Agent

To get the diagnostic package with debug mode enabled:

For Windows:

  1. From the Computers page, right-click the specific client and select Details.
  2. Go to Actions tab and click Create Diagnostic Package under the Support section.
  3. Select everything and click Next until the gathering of diagnostic package is finished.
  4. Collect ds_agent.mdmp under the following location:

    %programdata%\trend micro\deep security agent\diag\*.mdmp

For Linux:

  1. From the Computers page, right-click the specific client and select Details.
  2. Go to Actions tab and click Create Diagnostic Package under the Support section.
  3. Select everything and click Next until the gathering of diagnostic package is finished.
  4. Collect *.core file in the system. File path depends on the pattern_core file.
  5. To enable the process dump controlled by the system, refer to the article: Re-enabling Core Dumps in RedHat 7 or Centos 7.
 
  • For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
  • If the customer's server is based on AWS, provide also the AWS access log. For more information, refer to this AWS document: Server Access Logging.
 

 
For performance-related issues, isolate the components first.
 

Deep Security Manager

To get the diagnostic package with debug mode enabled:

  1. Stop the DSM service.
  2. Open the logging.properties file under any of the following locations:
    • For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    • For Linux: /opt/dsm/jre/lib
  3. Add the following items:

    com.thirdbrigade.level = ALL
    com.trendmicro.ds.level = ALL

  4. Save the changes and close the file.
  5. Start the DSM service.
  6. Collect DSM diagnostic package.
    1. Log in to the DSM console.
    2. Go to Administration > System Information.
    3. Click Create Diagnostic Package.
    4. Select everything and click Next.
    5. Save the created diagnostic package from client.

  7. Remove the following rows by adding the hash sign (#) prefix:

    #com.thirdbrigade.level = ALL
    #com.trendmicro.ds.level = ALL

  8. Save the changes and close the logging.properties file.
  9. Restart the DSM service to disable debug mode.
  10. Enable the DSM profiling for DSM itself and database performance issues:
    1. Go to https://[server-name]:4119/ProfilingSettings.screen.
    2. Enable the profiling. The result will be in $DSM_INSTALL_DIR/profiling.
  11. After the replication, go back to the page and disable the profiling.
  12. Take a screenshot of the Task Manager.

Deep Security Agent and Relay

To get the diagnostic package with debug mode enabled:

For Windows:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and then, click Next until the gathering of diagnostic package is finished.
  6. Take screenshot of the Task Manager.
  7. Delete the ds_agent.ini file and restart the service to disable debug mode.

For Linux:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages to collect debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Collect *.core file in the system. File path depends on the patter_core file.
  8. Take screenshots of top command output.
  9. Delete the ds_agent.conf file and restart the service to disable debug log.

Deep Security Virtual Appliance

To get the diagnostic package with debug mode enabled:

  1. Isolate the issue first.

    If the issue happened in slowpath, enable slowpath debug by executing the following:

    sudo killall -USR1 dsa_slowpath (increase the level by 1, default 1, max 4)
    /etc/init.d/ds_agent stop
    /etc/init.d/dsa_slowpath restart
    /etc/init.d/ds_agent start

    After log is collected, decrease the debug level:

    sudo killall -USR2 dsa_slowpath (increase level by 1, default 1, max 4)

    If the issue happened in ds_am, enable ds_am debug by executing the following:

    sudo killall -USR1 ds_am (increase level by 1 default 5, max 8)
    /etc/init.d/ds_agent restart

    After log is collected, decreases debug level:

    sudo killall -USR2 ds_am decrease level by 1 default 5, max 8)

  2. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
      Take screenshots if it is CPU-related issue.
 
For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
 

Collecting EPSec logs

  1. Take a screenshot of vShield Manager:
    1. Log in to the vShield Manager web console. Use the default Admin username and password.
    2. Expand Datacenters and click the server hosting the DSVA.
    3. View the summary and ensure that vShield Endpoint is installed.
  2. Enable EPSec Thin Agent log.
    The EPSec logs are recorded in vmware.log file after enabling debug logging for the Thin Agent:
    1. Get the version number of vnetflt.sys and vsepflt.sys drivers on the guest VM.
    2. Enable Thin Agent (vsepflt.sys) debugging inside the guest VM by editing the registry using with following content:

      [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\vsepflt\Parameters]
      "log_level"=dword:0000001f
      "log_dest"=dword:00000002

       
      These keys should be created if they do not exist. Setting "log_dest" to "00000002" records logs into the vmware.log file.
       

Collecting vShield Manager (vSM) logs

  1. Go to the vSM console.
  2. Click Settings & Reports > Configuration > Support.
  3. Click the Initiate button to start collecting logs.

Deep Security Virtual Appliance

To get the diagnostic package with debug mode enabled:

  1. Enable ds_am debug:

    sudo killall -USR1 ds_am
    /etc/init.d/ds_agent restart
    (increase the level by 1, default 5, max 8, increase it 3 times)

    After log is collected, decrease the debug level:

    sudo killall -USR2 ds_am
    (decrease level by 1, default 5, max 8, decrease it 3 times)

  2. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.

Deep Security Agent

To get the diagnostic package with debug mode enabled:

For Windows:

  1. Create %SystemRoot%\ds_agent.ini file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  5. Delete the ds_agent.ini file and restart the service to disable debug mode.

For Linux:

  1. Create /etc/ds_agent.conf file.
  2. Add "Trace=*" to the file.
  3. Restart the DSA service.
  4. Replicate the issue.
  5. Collect /var/log/messages for the debug log.
  6. Collect diagnostic package:
    1. From the Computers page, right-click the specific client and select Details.
    2. Go to Actions tab and click Create Diagnostic Package under the Support section.
    3. Select everything and click Next until the gathering of diagnostic package is finished.
  7. Delete the ds_agent.conf file and restart the service to disable debug log.
  8. Collect lsmod –l output to check module status.
  9. Check anti-malware related process whether it is running or not.

    ps -ef | grep ds
    root 32501 1 0 17:23 ? 00:00:00 /opt/ds_agent/ds_am
    -g ../diag -v 6 -d/var/opt/ds_agent/am -m
    /opt/ds_agent/lib/libvmpd_full_scan.so -m
    /opt/ds_agent/lib/libvmpd_scanctrl.so -m
    /opt/ds_agent/lib/libvmpd_dsa_rtscan.so

 
  • For Deep Security 9.6 users, if the machine is protected in Combined Mode, submit DSA and DSVA logs together.
  • For Deep Security 9.6 SAP protection, the debug information is included in Anti-Malware. You can follow the above AM debug log and it should be enough.
 

For Linux:

  1. Download Java SE Development Kit (JDK).
  2. Upload the JDK installer package into the DSM server.
  3. Install JDK with root privilege using the command below:

    #rpm -ivh jdk-8u91-linux-x64.rpm

  4. Start VisualVM with root account using the command below and wait for the JVisualVM window to appear.

    #/usr/java/jdk1.8.91/bin/jvisualvm

  5. Right-click the DSM Launcher and select Sample.

  6. Enable Settings and type the following under Profile Only Package:

    com.thirdbrigade.*
    com.trendmicro.*

  7. Click CPU to start.

  8. Click Snapshot and take at least three (3) snapshots.

  9. Click Thread Dump and take at least take three (3) threads.

  10. Change the scheduled task and reproduce the issue.
  11. When the issue is reproduced, wait for 10 minutes and save all open snapshots and thread dumps.

  12. Stop the Sampler.
  13. Provide the following files:
    • Snapshots
    • Thread dumps
    • Exported DSM system event for whole the day

For Windows:

  1. Download Java SE Development Kit (JDK).
  2. Upload the JDK installer package into the DSM server.
  3. Install JDK via CMD with an administrator permission, if the target OS is Linux.
  4. Start VisualVM via CMD with an administrator permission and wait for the JVisualVM window to appear.
  5. Right-click the DSM Launcher and select Sample.
  6. Enable Settings and type the following under Profile Only Package:

    com.thirdbrigade.*
    com.trendmicro.*

  7. Click CPU to start.
  8. Click Snapshot and take at least three (3) snapshots.
  9. Click Thread Dump and take at least take three (3) threads.
  10. Change the scheduled task and reproduce the issue.
  11. When the issue is reproduced, wait for 10 minutes and save all open snapshots and thread dumps.
  12. Stop the Sampler.
  13. Provide the following files:
    • Snapshots
    • Thread dumps
    • Exported DSM system event for whole the day

For vShield Manager:

  1. Log into the vShield Manager using https://vsmip(sample)/.
  2. Navigate to Settings & Reports > Configuration.
  3. Go to Support tab and click Initiate. The vShield Manager logs will be generated.

    Initiate log generation in vShield Manager

For NSX Manager

  1. Log into the NSX Manager using https://nsxip(sample)/.
  2. Click Download Tech Support Log.

    Download Tech Support Log

  3. On the pop-up window, click Download.

    Download NSX Manager logs

For ESXi and vCenter:

To collect ESXi support package:

  1. SSH to the ESXi server.
  2. Run the command "vm-support". A compressed bundle of logs will be generated and stored in a .tgz file, which will be located in /var/log/, /var/tmp/ or current working directory.

For more information, refer to this article: "vm-support" command in ESX/ESXi to collect diagnostic information (1010705)

To collect vCenter logs, refer to this VMware article: Collecting diagnostic information for VMware vCenter Server 4.x, 5.x and 6.0.

Deep Security Manager

For Windows and Linux:

  1. Enable DSM debugging in UI for Host Updater Job.
  2. Collect DSM diagnostic and DSA diagnostic.

Deep Security Manager

For Windows and Linux:

  1. Enable DSM debugging logging.properties:
    • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterSession
    • com.trendmicro.manager.core.cloud.CloudSupportingServices
  2. Restart DSM service to take effect.
  3. Collect DSM diagnostic and DSA diagnostic.

Deep Security Manager

For Windows and Linux:

  1. Provide CTD of DDAn/TMCM.
  2. Enable CTD debug log from DSM console by editing/jre/lib/logging.properties, and adding the following lines:
    • CTD jobs

      Com.thirdbrigade.manager.core.scheduler.jobschedulers.SuspiciousFileSubmission.Job.level=ALL
      Com.thirdbrigade.manager.core.scheduler.jobschedulers.DDAnReportQueryJob.level=ALL

    • DDAn API

      Com.trendmicro.manager.core.ddan.level=ALL

    • AM

      Com.trendmicro.ds.antimalware.ctd.level=ALL
      Com.trendmicro.ds.antimalware.models.AntiMalwareQuarantinedFilesWizardDean.level=ALL

Deep Security Agent

  1. Download ratt tools and run the following command:

    ratt -s trace -s ""

    As an example, "2,net.packet" sets log level to 2, and will only print logs related to net.packet.
    Filter driver log will be in the output of dmesg.
    Remember to turn it off when it's done.

  2. Use "#mdb -K" for live debugging.
  3. Create live system dump (for crash issue) using the command "#savecore -L". Use "#dumpadm" to find the dump location.
  4. Provide diagnostic package of DSA, live debug output.

Deep Security Manager

For Windows and Linux:

  1. Enable DSM debugging logging.properties:
    • com.thirdbrigade.manager.core.scheduler.jobschedulers.jobs.HostUpdaterSession
    • com.trendmicro.manager.core.cloud.CloudSupportingServices
  2. Restart DSM service to take effect.
  3. Collect DSM diagnostic.

Deep Security Agent

For Windows and Linux:

  1. Collect SAP Netweaver Log:
    1. Execute “SM50” t-code to view log list.
    2. Select all logs by pressing 'Ctrl-A'.
    3. Press "Ctrl-Shift-F7" to open Change Trace Components dialog. Set Input Trace level to 2.
    4. Check Security.
    5. Press F8 to save the configuration.
    6. Execute “vscantest” t-code to scan a file. As an example, html_with_javascript_b64.html
    7. After scanning, open a debug log file and search for “VsiScanClean” in the log.
    8. The name of scanned file is in the same line where VsiScanClean is.
  2. Collect DSA diagnostic with Trace = *.

Deep Security Agent

For Windows:

  1. Enable AMSP debug locally:
    1. In the AMSP installation folder, open AmspConfig.ini.
    2. Set DebugLogMode to "0" for local mode. (1 is remote pipemode.)
    3. The log is located at C:\Program Files\Trend Micro\AMSP\debug in the AMSP_DebugLog.log file.
  2. Restart the AMSP service.
  3. Collect DSA diagnostic package.

Deep Security Manager

For Windows and Linux:

  1. Go to https://[server-name]:4119/ProfilingSettings.screen
  2. Enable profiling.
  3. The result will be in $DSM_INSTALL_DIR/profiling.
  4. After reproducing, go to the page and disable the profiling.
Keywords: enable Deep Security 9.5 debugging,collect debug logs,get DS logs for troubleshooting,gathering logs from deep security components,windows debug logs,linux logs,generate deep security agent log procedure,logs from deep security manager ,collecting deep se
Comments (0)