Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling debug logs in Deep Security Manager (DSM)

    • Updated:
    • 7 Oct 2020
    • Product/Version:
    • Deep Security 10.0
    • Deep Security 10.1
    • Deep Security 10.2
    • Deep Security 10.3
    • Deep Security 11.0
    • Deep Security 11.1
    • Deep Security 11.2
    • Deep Security 11.3
    • Deep Security 12.0
    • Platform:
    • Linux - Red Hat RHEL 5 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2

When troubleshooting certain issues in DSM, you will need additional debugging parameters to generate more details in the logs.


The server0.log file is the main log output for errors and activities in the DSM.

Enable debug using the following steps:

  1. Stop the Deep Security Manager service.
  2. Open the file under:

    For Windows: ..\Program Files\Trend Micro\Deep Security Manager\jre\lib\
    For Linux: /opt/dsm/jre/lib

  3. Add one or more of the debug options enumerated below, depending on the issue you encountered. We recommend adding the lines to the last part of the file for easy monitoring and maintenance.
  4. Save the changes and close the file.
  5. Start the DSM service.

Here are the debugging options:

All parameters are case-sensitive.

Option 1: UI Related Issues

  • com.thirdbrigade.manager.webclient.screens.level=ALL

Option 2: Configuration and Protocol Issues

  • com.thirdbrigade.manager.webclient.screens.level=ALL
  • com.thirdbrigade.manager.core.protocol.session.CommandProtocolSession.level=ALL

Option 3: Scan Management Issues

  • com.thirdbrigade.manager.core.db.AgentEventPeer.level=ALL

Option 4: Anti-Malware Scan Issues

  • com.thirdbrigade.manager.core.db.AgentEventPeer.level=FINE

Option 5: All screens, including Wizard-related Issues

  • com.thirdbrigade.manager.webclient.screens.level = ALL

Option 6:  vCenter-related Issues

  • com.thirdbrigade.manager.core.virtual.level=ALL
  • com.thirdbrigade.manager.core.virtualization.vmware.level = ALL

Option 7:  Database-related Issues

  • com.thirdbrigade.persistence1.level = ALL

Option 8: Startup Information Logging

  • com.thirdbrigade.manager.webclient.initialization.level = ALL
  • com.thirdbrigade.manager.core.Core = ALL

Option 9: Host Updater Job (including agent security configuration XML) Debugging


Option 10: Agent Communication Protocol Logging

  • com.thirdbrigade.manager.core.protocol.level = ALL

Option 11: Detection Engine (ie Recommendation Scans) Logging

  • com.thirdbrigade.manager.core.detectionengine.level=ALL

Option 12: Manager Job-related Issues

  • com.thirdbrigade.manager.core.scheduler.jobschedulers.HostJobScheduler.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobQueuingThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobCreationThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.ManagerJobs.level=ALL

Option 13: AD Synchronization Issues

  • com.thirdbrigade.manager.core.util.UserUtilities.level=ALL

Option 14: Dashboard Bean Performance Issues

  • com.thirdbrigade.manager.webclient.screens.DashboardBean.level=ALL
  • com.thirdbrigade.manager.webclient.ScreenServlet.level=ALL (to replace the preceding bullet)

Option 15: Active Update Issues

    • com.thirdbrigade.manager.webclient.ActiveUpdateServlet.level=ALL
The entry "com.thirdbrigade.manager.webclient.ActiveUpdateServlet" is deleted after Deep Security 8.0.
The entry "" is for the Vulnerability Protection Active Update folder, which is new in Deep Security 9.6.

Option 16: Maintenance Job and Entity Purge-related Issues

  • com.trendmicro.ds.integrity.db.EntityPeer.level=ALL

Option 17: Enable ALL Logging on the manager

  • com.thirdbrigade.level = ALL

Option 18: Job Load and Performance Profile related

  • com.thirdbrigade.manager.core.scheduler.JobQueuingThread.level=ALL
  • com.thirdbrigade.manager.core.scheduler.JobLoad.level=ALL

Option 19: NSX syncing related logging

  • com.thirdbrigade.manager.core.virtual.NSXSync.level=ALL

Option 20: Rehoming


Option 21: AMI Baking Support


Option 22: CTD jobs

  • Com.thirdbrigade.manager.core.scheduler.jobschedulers.SuspiciousFileSubmission.Job.level=ALL
  • Com.thirdbrigade.manager.core.scheduler.jobschedulers.DDAnReportQueryJob.level=ALL

Option 23: DDAn API

  • Com.trendmicro.manager.core.ddan.level=ALL

Option 24: CTD AM

  • Com.trendmicro.ds.antimalware.ctd.level=ALL
  • Com.trendmicro.ds.antimalware.models.AntiMalwareQuarantinedFilesWizardDean.level=ALL

Option 25: Enable ALL Logging on the manager

  • com.thirdbrigade.level = ALL

Option 26: MDR debug DSM not sending to TIC/LUWAK

  • com.thirdbrigade.manager.core.notifications.AbstractTicSender.level = ALL
  • com.thirdbrigade.manager.core.util.TICClient.level = ALL

After enabling the DSM debug level, you can perform the following upon encountering an issue:

  1. Replicate the issue.
  2. Collect the new diagnostic package from the DSM server. For the procedure, refer to this KB article: Creating the Deep Security diagnostic package.
  3. Send the diagnostic package to Trend Micro Technical Support.

To disable debugging:

  1. Go to %ProgramFiles%\Trend Micro\Deep Security Manager\jre\lib\
  2. Remove the statements added to the end of the log.
  3. Restart the Deep Security Manager service.
Solution Id:
Did this article help you?

Thank you for your feedback!

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.