Collecting the Deep Security Agent (DSA) Anti-Malware (AM) logs

DSA 9.5 and higher versions write their log information to disk automatically. All of the tracing and error/warning/information messages go to a disk file named ds_agent.log. This disk file gets rotated automatically and is included in an agent diagnostic package.

The trace settings can be changed on-the-fly via a protocol command. The sendCommand utility can be used to send the trace command to the agent with an argument format of:

trace=<new settings>
trace+=<settings to add>
trace-=<settings to remove>

To configure the trace settings, go to C:\Program Files\Trend Micro\Deep Security Agent and execute the command that corresponds to the action you want to do.

• To check the current trace settings:

  sendCommand --get Trace

• To enable AM debug:

  sendCommand --get Trace trace+=AM,AMSP,dsp.am.*

• To get a complete debug logs including other modules:

  sendCommand --get Trace trace+=*

• To disable AM debug:

  sendCommand --get Trace trace-=AM,AMSP,dsp.am.*

The log files are kept in the diag subdirectory under the agent's main data folder location:

For Vista+: C:\ProgramData\Trend Micro\Deep Security Agent
For Windows older version: C:\Documents and Settings\All Users\Application Data\Trend Micro\Deep Security Agent

Collecting the Anti-Malware Solution Platform (AMSP) local mode debug logs

1. Disable the self-protection and stop the AMSP service.
2. Go to the AMSP installation folder. By default, it is located under C:\Program Files\Trend Micro\AMSP.
3. Open the AmspConfig.ini file with an administrative permission.
4. Set the following parameters and save the changes:

   DebugLogAMSPServiceStart=1
   DebugLogMode=0

   Where the values of DebugLogMode are as follow:

   0 - Local mode
   1 - Remote pipe mode

5. Start the AMSP service.
6. Open the AMSP installation folder\debug\ folder and make sure the Amsp_LocalDebugLog.log file exists.
7. Create diagnostic package to collect logs.