Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Enabling detailed logging on Deep Security Agent (DSA)

    • Updated:
    • 11 Oct 2016
    • Product/Version:
    • Deep Security 8.0
    • Deep Security 9.0
    • Deep Security 9.5
    • Deep Security 9.6
    • Deep Security as a Service 2.0
    • Platform:
    • CentOS 6 32-bit
    • CentOS 6 64-bit
    • Linux - Red Hat RHEL 5 32-bit
    • Linux - Red Hat RHEL 5 64-bit
    • Linux - Red Hat RHEL 6 32-bit
    • Linux - Red Hat RHEL 6 64-bit
    • Linux - SuSE 10 64-bit
    • Linux - SuSE 11
    • Linux - SuSE 11 64-bit
    • Ubuntu 10.04 64-bit
    • Ubuntu 12.04 64-bit
    • Windows 2003 Enterprise
    • Windows 2003 Enterprise 64-bit
    • Windows 2003 Standard
    • Windows 2003 Standard 64-bit
    • Windows 2008 Enterprise
    • Windows 2008 Enterprise 64-bit
    • Windows 2008 Server R2
    • Windows 2008 Standard
    • Windows 2008 Standard 64-bit
Summary

Enable detailed logging on the DSA to gather more information on the issues you encounter.

Details
Public

To enable detailed logging:

  1. Create a file named ds_agent.ini under the %SystemRoot% directory (example: C:\Windows\ds_agent.ini).
  2. Put the following line inside the file:

    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

  3. Restart the Trend Micro Deep Security Agent service.

To view and save the log, use the DebugView utility:

  1. Download the DebugView utility.
  2. Run the DbgView.exe tool as administrator and enable the options below:
    • Capture the following:
      • Capture Win32
      • Capture Kernel
      • Pass-Through
        Capture Events
    • Configure the following:
      • Win32 PIDs
      • Force Carriage Returns
      • Clock Time
        Show Milliseconds
  3. Replicate the issue.
  4. Save an output of the log file.

    You can also save the log automatically by pressing CTRL + G or by clicking the Log to File icon. Locate a directory where you want to save the log, then click OK.

  5. Close the DbgView window.
 

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

  1. Delete the ds_agent.ini file from %SystemRoot% (C:\Windows).
  2. Restart the Trend Micro Deep Security Agent service.

To enable debug logs without DebugView:

 
Sometimes, it may fail to collect the debug logs without DebugView utility. It is still recommended to use the DebugView in gathering the logs.
  1. Create the ds_agent.ini file under system root (c:\Windows or c:\Winnt).
  2. Input any of the following lines in the ds_agent.ini file:
    • Trace=*
      Trace.file_name=<log>
    • Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL
      Trace.file_name=<log>

    In the commands above, "Trace.file_name=<log>" refers to the DSA log file name. Below is an example:

    Trace.file_name=dsa_debug_Computer1
    Trace.file_count=10
    Trace.file_size=1048576
    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

  3. Restart the DSA service.
  4. Collect the diagnostic package.

    Using the DSM:

    1. Open the DSM console.
    2. Go to Actions.
    3. Click Collect Diagnostic Package.

    Using the DSA:

    1. Open a command prompt and type "cd" command to navigate to the DSA installation folder.
    2. Type "dsa_control -d" to generate the Diagnostic Package regardless of the diagnostic folder location.

To enable detailed logging:

  1. Modify the /etc/syslog.conf file by adding any of the following lines:

    local0.inof          /var/log/messages
    local0.*          /var/log/messages

  2. Create a file named ds_agent.conf under the /etc directory.
  3. Add the following line inside the ds_agent.conf file:

    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

    This will enable extra tracing for the various sub-components of the Deep Security Agent. If you do not want output from a certain component, just exclude that component from the line.

  4. Restart the Trend Micro Deep Security Agent Service using this command:

    # service ds_agent restart

    The output goes to syslog using "local0", so the location depends on your /etc/syslog.conf settings.

 

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

  1. Delete /etc/ds_agent.conf.
  2. Restart the Trend Micro Deep Security Agent service.

To enable detailed logging:

  1. Create a file named ds_agent.conf under the /etc directory.
  2. Modify the /etc/syslog.conf file and add “*.info” to the line pointing to /var/adm/messages.

    Example:

    *.err;kern.debug;daimon.notice;mail.crit;*.info                   /var/adm/messages

  3. Restart the syslog service using the following command:

    svcadm restart /system/system-log:default

  4. Modify the ds_agent.conf file by adding the following line:

    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

    This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/messages.

 

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

  1. Delete the /etc/ds_agent.conf file.
  2. Restart the Trend Micro Deep Security Agent service.

To enable detailed logging:

  1. Create a file named ds_agent.conf under the /etc directory.
  2. Modify the /etc/syslog.conf file by adding “*.info”. Refer to the sample below:

    *.info     /var/adm/syslog/syslog.log

  3. Restart the syslog service using these commands:

    /sbin/init.d/syslogd stop
    /sbin/init.d/syslogd start

  4. Modify the ds_agent.conf file by adding the following line:

    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/adm/syslog/syslog.log.

 

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

  1. Delete the /etc/ds_agent.conf file.
  2. Restart the Trend Micro Deep Security Agent service.

To enable detailed logging:

  1. Create a filed named ds_agent.conf under the /etc directory.
  2. Modify /etc/syslog.conf by adding the following line:

    local0.info          /var/log/syslog

  3. Restart syslog using this command:

    Refresh –s syslogd

  4. Modify the ds_agent.conf file by adding the following line:

    Trace=Appl Beat Cmd Cfg Conn HTTP Log Lstn Srvc SSL

    This will enable extra tracing for the various sub-components of the Deep Security Agent. If you don't want to see output from a certain component, just exclude that component from the line.

The output goes to syslog using /var/log/syslog.

 

Enabling detailed logging of the Agent will generate more details on the diagnostic package. Thus, it will generate larger and more files that may consume disk space.
Make sure to disable detailed logging once you have generated a diagnostic package.

To disable detailed logging:

  1. Delete the /etc/ds_agent.conf file.
  2. Restart the Trend Micro Deep Security Agent service.
Premium
Internal
Rating:
Category:
Configure; Troubleshoot
Solution Id:
1096332
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.