Views:

Windows

To enable detailed logging:

Create a file named ds_agent.ini under the %SystemRoot% directory (example: C:\Windows\ds_agent.ini).
Put the following line inside the file:

Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
Restart the Trend Micro Deep Security Agent service.

To view and save the log, use the DebugView utility:

Download the DebugView utility.
Run the DbgView.exe tool as administrator and enable the options below:
- Capture the following:
  - Capture Win32
  - Capture Kernel
  - Pass-Through
    Capture Events
- Configure the following:
  - Win32 PIDs
  - Force Carriage Returns
  - Clock Time
    Show Milliseconds
Replicate the issue.
Save an output of the log file.
You can also save the log automatically by pressing CTRL + G or by clicking the Log to File icon. Locate a directory where you want to save the log, then click OK.
Close the DbgView window.

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

Delete the ds_agent.ini file from %SystemRoot% (C:\Windows).
Restart the Trend Micro Deep Security Agent service.

To enable debug logs without DebugView:

Sometimes, it may fail to collect the debug logs without DebugView utility. It is still recommended to use the DebugView in gathering the logs.

Create the ds_agent.ini file under system root (c:\Windows or c:\Winnt).
Input any of the following lines in the ds_agent.ini file:
- Trace=*
  Trace.file_name=<log>
- Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
  Trace.file_name=<log>
In the commands above, "Trace.file_name=<log>" refers to the DSA log file name. Below is an example:

Trace.file_name=dsa_debug_Computer1
Trace.file_count=10
Trace.file_size=1048576
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
Restart the DSA service.
Collect the diagnostic package.
Using the DSM:
1. Open the DSM console.
2. Go to Actions.
3. Click Collect Diagnostic Package.
Using the DSA:
1. Open a command prompt and type "cd" command to navigate to the DSA installation folder.
2. Type "dsa_control -d" to generate the Diagnostic Package regardless of the diagnostic folder location.

Linux

To enable detailed logging:

Modify the /etc/syslog.conf (or /etc/rsyslog.conf) file by adding any of the following lines:

local0.info /var/log/messages
local0.* /var/log/messages
Create a file named ds_agent.conf under the /etc directory.
Add the following line inside the ds_agent.conf file:

Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you do not want output from a certain component, just exclude that component from the line.
Restart the Trend Micro Deep Security Agent Service using this command:
# service ds_agent restart

The output goes to syslog using "local0", so the location depends on your /etc/syslog.conf settings.

To disable detailed logging:

Delete /etc/ds_agent.conf.
Restart the Trend Micro Deep Security Agent service.

Solaris

To enable detailed logging:

Create a file named ds_agent.conf under the /etc directory.
Modify the /etc/syslog.conf file and add “*.info” to the line pointing to /var/adm/messages.
Example:

*.err;kern.debug;daemon.notice;mail.crit;*.info /var/adm/messages
Restart the syslog service using the following command:
svcadm restart /system/system-log:default
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/messages.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

HP-UX

To enable detailed logging:

Create a file named ds_agent.conf under the /etc directory.
Modify the /etc/syslog.conf file by adding “*.info”. Refer to the sample below:
*.info /var/adm/syslog/syslog.log
Restart the syslog service using these commands:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/syslog/syslog.log.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

AIX

To enable detailed logging:

Create a filed named ds_agent.conf under the /etc directory.
Modify /etc/syslog.conf by adding the following line:
local0.info /var/log/syslog
Restart syslog using this command:
Refresh –s syslogd
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/log/syslog.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

To know more about the log files and their descriptions, refer to this article: List of log files in Deep Security.

Keywords: turn on detailed debug logs,create detailed diagnostic package,how to gather detailed logs on DSA,turn off detailed debugging,open and save logs

Enabling detailed logging on Deep Security Agent (DSA)

Product / Version includes:

Deep Security9.6

Last updated: 2021/08/28

Solution ID: KA-0003377

Category: Configure

Summary

Enable detailed logging on Deep Security Agent to gather more information on the issues you encounter.

EXPAND ALL

Windows

To enable detailed logging:

Create a file named ds_agent.ini under the %SystemRoot% directory (example: C:\Windows\ds_agent.ini).
Put the following line inside the file:

Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
Restart the Trend Micro Deep Security Agent service.

To view and save the log, use the DebugView utility:

Download the DebugView utility.
Run the DbgView.exe tool as administrator and enable the options below:
- Capture the following:
  - Capture Win32
  - Capture Kernel
  - Pass-Through
    Capture Events
- Configure the following:
  - Win32 PIDs
  - Force Carriage Returns
  - Clock Time
    Show Milliseconds
Replicate the issue.
Save an output of the log file.
You can also save the log automatically by pressing CTRL + G or by clicking the Log to File icon. Locate a directory where you want to save the log, then click OK.
Close the DbgView window.

To disable detailed logging:

Delete the ds_agent.ini file from %SystemRoot% (C:\Windows).
Restart the Trend Micro Deep Security Agent service.

To enable debug logs without DebugView:

Sometimes, it may fail to collect the debug logs without DebugView utility. It is still recommended to use the DebugView in gathering the logs.

Create the ds_agent.ini file under system root (c:\Windows or c:\Winnt).
Input any of the following lines in the ds_agent.ini file:
- Trace=*
  Trace.file_name=<log>
- Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
  Trace.file_name=<log>
In the commands above, "Trace.file_name=<log>" refers to the DSA log file name. Below is an example:

Trace.file_name=dsa_debug_Computer1
Trace.file_count=10
Trace.file_size=1048576
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
Restart the DSA service.
Collect the diagnostic package.
Using the DSM:
1. Open the DSM console.
2. Go to Actions.
3. Click Collect Diagnostic Package.
Using the DSA:
1. Open a command prompt and type "cd" command to navigate to the DSA installation folder.
2. Type "dsa_control -d" to generate the Diagnostic Package regardless of the diagnostic folder location.

Linux

To enable detailed logging:

Modify the /etc/syslog.conf (or /etc/rsyslog.conf) file by adding any of the following lines:

local0.info /var/log/messages
local0.* /var/log/messages
Create a file named ds_agent.conf under the /etc directory.
Add the following line inside the ds_agent.conf file:

Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you do not want output from a certain component, just exclude that component from the line.
Restart the Trend Micro Deep Security Agent Service using this command:
# service ds_agent restart

The output goes to syslog using "local0", so the location depends on your /etc/syslog.conf settings.

To disable detailed logging:

Delete /etc/ds_agent.conf.
Restart the Trend Micro Deep Security Agent service.

Solaris

To enable detailed logging:

Create a file named ds_agent.conf under the /etc directory.
Modify the /etc/syslog.conf file and add “*.info” to the line pointing to /var/adm/messages.
Example:

*.err;kern.debug;daemon.notice;mail.crit;*.info /var/adm/messages
Restart the syslog service using the following command:
svcadm restart /system/system-log:default
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/messages.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

HP-UX

To enable detailed logging:

Create a file named ds_agent.conf under the /etc directory.
Modify the /etc/syslog.conf file by adding “*.info”. Refer to the sample below:
*.info /var/adm/syslog/syslog.log
Restart the syslog service using these commands:
/sbin/init.d/syslogd stop
/sbin/init.d/syslogd start
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/syslog/syslog.log.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

AIX

To enable detailed logging:

Create a filed named ds_agent.conf under the /etc directory.
Modify /etc/syslog.conf by adding the following line:
local0.info /var/log/syslog
Restart syslog using this command:
Refresh –s syslogd
Modify the ds_agent.conf file by adding the following line:
Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/log/syslog.

To disable detailed logging:

Delete the /etc/ds_agent.conf file.
Restart the Trend Micro Deep Security Agent service.

To know more about the log files and their descriptions, refer to this article: List of log files in Deep Security.

Was this article helpful?

Featured

Automation Center

Education Portal

Online Help Center

Service Status

TrendConnect

Enabling detailed logging on Deep Security Agent (DSA)

Windows

Linux

Solaris

HP-UX

AIX

Enabling detailed logging on Deep Security Agent (DSA)

Product / Version includes:

Summary

Windows

Linux

Solaris

HP-UX

AIX