McAfee epolicy Orchestrator 5.0.0 Software



Similar documents
epolicy Orchestrator Log Files

About Help Desk. McAfee Help Desk 2.0 Software. Product Guide. Functions of McAfee Help Desk software. Quarantine release.

McAfee Host Data Loss Prevention 9.1 Cluster Installation Guide

McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee epolicy Orchestrator 4.5 Cluster Installation Guide

Enterprise Content Management System Monitor 5.1 Agent Debugging Guide Revision CENIT AG Author: Stefan Bettighofer

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

Configuring IBM HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on IBM WebSphere Application Server

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Performance Optimizer Software

StreamServe Persuasion SP5 Control Center

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.3 Web Applications Deployed on Oracle WebLogic Server

McAfee VirusScan Enterprise for Linux Software

Upgrade Guide BES12. Version 12.1

TestElite - Troubleshooting

Enterprise Content Management System Monitor. Server Debugging Guide CENIT AG Bettighofer, Stefan

McAfee Certified Product Specialist McAfee epolicy Orchestrator

SAS 9.3 Foundation for Microsoft Windows

McAfee Enterprise Security Manager 9.3.2

Application Note - JDSU PathTrak Video Monitoring System Data Backup and Restore Process

Configuring Apache HTTP Server as a Reverse Proxy Server for SAS 9.2 Web Applications Deployed on BEA WebLogic Server 9.2

Migrating helpdesk to a new server

Capture Pro Software FTP Server System Output

OneStop Reporting 3.7 Installation Guide. Updated:

How To Install Outlook Addin On A 32 Bit Computer

JAMF Software Server Installation Guide for Windows. Version 8.6

Migrating MSDE to Microsoft SQL 2008 R2 Express

Installation Guide. McAfee VirusScan Enterprise for Linux Software

Moving the TRITON Reporting Databases

White Paper. Fabasoft Folio Thin Client Support. Fabasoft Folio 2015 Update Rollup 2

Installation Guide. McAfee epolicy Orchestrator Software

Capture Pro Software FTP Server Output Format

Video Administration Backup and Restore Procedures

Configuring IIS 6 to Load Balance a JBoss 4.2 Adobe LiveCycle Enterprise Suite 2 (ES2) Cluster

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

McAfee Endpoint Encryption for PC 7.0

Insight Video Net. LLC. CMS 2.0. Quick Installation Guide

Integrated Virtual Debugger for Visual Studio Developer s Guide VMware Workstation 8.0

Moving the Web Security Log Database

McAfee Directory Services Connector extension

StreamServe Persuasion SP5 StreamStudio

Release Notes for McAfee epolicy Orchestrator 4.5

Installation Guide. McAfee epolicy Orchestrator Software

VERITAS Backup Exec TM 10.0 for Windows Servers

HYPERION SYSTEM 9 N-TIER INSTALLATION GUIDE MASTER DATA MANAGEMENT RELEASE 9.2

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

DameWare Server. Administrator Guide

POC Installation Guide for McAfee EEFF v4.1.x using McAfee epo 4.6. New Deployments Only Windows Deployment

Installing OneStop Reporting Products

User Guide. Version 3.2. Copyright Snow Software AB. All rights reserved.

Disaster Recovery. Websense Web Security Web Security Gateway. v7.6

How to monitor AD security with MOM

Simba XMLA Provider for Oracle OLAP 2.0. Linux Administration Guide. Simba Technologies Inc. April 23, 2013

WEBCONNECT INSTALLATION GUIDE. Version 1.96

Use Enterprise SSO as the Credential Server for Protected Sites

JAMF Software Server Installation Guide for Linux. Version 8.6

Installation Guide. Version 1.5. May 2015 Edition ICS Learning Group

Support Document: Microsoft SQL Server - LiveVault 7.6X

for Networks Installation Guide for the application on the server August 2014 (GUIDE 2) Lucid Exact Version 1.7-N and later

for Networks Installation Guide for the application on the server July 2014 (GUIDE 2) Lucid Rapid Version 6.05-N and later

McAfee Host Intrusion Prevention Patch 6 Software

UserGuide ReflectionPKIServicesManager

RSA Security Analytics

Sage 300 ERP Sage CRM 7.2 Integration Guide

EMC Documentum Connector for Microsoft SharePoint

Setup Guide. Archiving for Microsoft Exchange Server 2010

Log Server Error Reference for Web Protection Solutions

McAfee One Time Password

Product Guide Revision A. McAfee Web Reporter 5.2.1

When your users take devices outside the corporate environment, these web security policies and defenses within your network no longer work.

SELF SERVICE RESET PASSWORD MANAGEMENT BACKUP GUIDE

Web-Access Security Solution

Web Security Log Server Error Reference

Setup Guide. Archiving for Microsoft Exchange Server 2007

About this release. McAfee Application Control and Change Control Addendum. Content change tracking. Configure content change tracking rule

Product Guide. McAfee epolicy Orchestrator Software

Technical Bulletin. SQL Express Backup Utility

SSO Plugin. J System Solutions. Upgrading SSO Plugin 3x to 4x - BMC AR System & Mid Tier.

Using Logon Agent for Transparent User Identification

About This Guide Signature Manager Outlook Edition Overview... 5

Avatier Identity Management Suite

VMware vcenter Discovered Machines Import Tool User's Guide Version for vcenter Configuration Manager 5.3

Specops Command. Installation Guide

SAP BusinessObjects Business Intelligence Suite Document Version: 4.1 Support Package Patch 3.x Update Guide

SAM 8.0 Backup and Restore Guide. SafeNet Integration Guide

Product Guide. McAfee epolicy Orchestrator Software

Migrating the ASAS Database Administrator s Notes

McAfee Database Activity Monitoring 5.0.0

How To Install An Aneka Cloud On A Windows 7 Computer (For Free)

MapGuide Open Source Repository Management Back up, restore, and recover your resource repository.

VMware Software Manager - Download Service User's Guide

App Orchestration 2.5

McAfee Solidcore Product Guide

Exclaimer Signature Manager 2.0 User Manual

MIGRATING TO AVALANCHE 5.0 WITH MS SQL SERVER

User Guide - Exchange Mailbox Archiver Agent

ACTIVE DIRECTORY DEPLOYMENT

McAfee Asset Manager Console

Transcription:

Log File Reference Guide McAfee epolicy Orchestrator 5.0.0 Software The log files detailed in this guide represent a subset of all McAfee epolicy Orchestrator log files, with particular attention to the log files used when managing and troubleshooting product issues. Log files and their categories McAfee epolicy Orchestrator provides log files that contain important information when troubleshooting. These log files are separated into three categories: Installer logs Include details about installation path, user credentials, database used, and communication ports configured. Server logs Include details about server functionality, client event history, and administrator services. logs Include details about agent installation, wake up calls, updating, and policy enforcement. Path variables used The locations of log files depend on how and where epolicy Orchestrator and the agent are installed in your environment. These variables are used in this document to describe locations of the log files. Variable [ DATA Path] %temp% [InstallDir] Description To determine the actual location of the agent data files, view this registry key HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\TVD\SHARED COMPONENTS\FRAMEWORK\DATA PATH. For more information, see installation directory in the epolicy Orchestrator Product Guide or Help. This is the Temp folder of the currently logged on user. To access this folder, select Start Run, then type %temp% in the Open text box, and click OK. The default location of the epolicy Orchestrator server software is C:\PROGRAM FILES\MCAFEE\EPOLICY ORCHESTRATOR. 1

Installer logs Installer log files list details about the epolicy Orchestrator installation process. These logs provide information about: Actions taken by specific components Administrator services used by the server Success and failure of critical processes File name Log type Location Description AH500 Install MSI Handler installation %temp%\mcafeelogs This file logs all Handler installation details including: Installer actions Installation failures AH500 ahetupdll Temporary %temp% (on the Handler server) core install Temporary %temp%\mcafeelogs \epo500 Troubleshoot\MFS Logs Handler back end events. Generated when epolicy Orchestrator installer calls the MFS ANT installer. Provides information on: Creation of server database tables Installation of server components This file is deleted if the installation succeeds. epo install Installation %temp%\mcafeelogs \epo500 Troubleshoot \Mercury Framework EPO500 Checkin Failure Created when the epolicy Orchestrator installer calls the ANT installer. Installation %temp%\mcafeelogs Generated when epolicy Orchestrator installer fails to check in any of these package types: Extensions Plug ins Deployment packages packages EPO500 CommonSetup Installation %temp%\mcafeelogs Contains epolicy Orchestrator installer details such as: Custom Action logging SQL, DTS (Microsoft Data Transformation Services), and service related calls Registering and unregistering DLLs Files and folders selected for deletion at restart 2

File name Log type Location Description EPO500 Install MSI Installation %temp%\mcafeelogs The primary epolicy Orchestrator installation log. Contains installation details such as installer actions and installation failures. <ExtensionFileName>.cmd Temporary %temp%\mcafeelogs \epo500 troubleshoot \OutputFiles Created by the epolicy Orchestrator installer. Contains the command (sent to Remote Client) to check in extensions. If the installation succeeds, these files are deleted. MFS500 CommonSetup Installation %temp%\mcafeelogs Contains MFS installer details. Server logs Server log files contain details on server functionality and various administrator services used by epolicy Orchestrator. File name Log type Location Description EpoApSvr Primary [InstallDir]\DB \Logs Application Server log file with details of repository actions such as: Pull tasks Checking in deployment packages to the repository Deleting deployment packages from the repository This file is not present until after initial service startup. Errorlog.<CURRENT _DATETIME> Apache [InstallDir] \Apache2\logs Contains Apache service details. This file is not present until after the Apache service is started for the first time. Eventparser Primary [InstallDir]\DB \Logs Contains epolicy Orchestrator event parser services details, such as product event parsing success or failure. Jakarta _service _<DATE> Tomcat [InstallDir] \Server\logs * Contains epolicy Orchestrator Application Server service details. This file is not present until after the initial Tomcat service startup. Localhost _access_log.<date>.txt Tomcat [InstallDir] \Server\logs * Records all McAfee epo server requests received from client systems. This file is not present until after the initial Tomcat service startup. 3

File name Log type Location Description Orion Primary [InstallDir] \Server\logs * Contains McAfee Foundation Services platform details and all extensions loaded by default. This file is not present until after the epolicy Orchestrator Application Server service is started for the first time. Replication Server [InstallDir]\DB \Logs The McAfee epo server replication log file. This file is only generated when all these are true: There are distributed repositories. A replication task has been configured. A replication task has run. Server Primary [InstallDir]\DB \Logs Contains details related to these McAfee epo server services: server communications McAfee epo Server Handler This file is not present until after initial service startup. Stderr Tomcat [InstallDir] \Server\logs * Contains any Standard Error output captured by the Tomcat service. This file is not present until after the initial Tomcat service startup. * In cluster environments, the log file is located at [InstallDir]\Bin\Server\logs. 4

logs log files contain actions triggered or taken by the McAfee. File name Log type Location Description <Guid> _<Timestamp> _Server.xml Policy [InstallDir]\DB \DEBUG Contains details about policy updating issues. To enable this file: 1 Browse to this registry key: HKEY_LOCAL_MACHINE \Software\Network Associates\ePolicy Orchestrator\ 2 Create this DWORD with value 1: SavePolicy 3 Restart the McAfee epolicy Orchestrator 5.1.0 Server (Apache) service. We recommend that you enable this file for the minimum time needed to capture the required information, because the resulting files grow rapidly. _<system> [ DATA Path]\DB Generated on client systems when the server deploys an agent to them. This file contains details related to: server communication Policy enforcement Other agent tasks FrmInst _<system> %temp% \McAfeeLogs Generated when the FrmInst.exe is used to install the McAfee. This file contains: Informational messages. Progress messages. Failure messages if installation fails. MCScript Debug [ DATA Path]\DB Contains the results of script commands used during agent deployment and updating. To enable the DEBUG mode for this log, set this DWORD value on the client s registry key: HKEY_LOCAL_MACHINE\SOFTWARE\NETWORK ASSOCIATES\TVD\SHARED COMPONENTS\FRAMEWORK \DWDEBUGSCRIPT=2 Delete this key when you've finished troubleshooting. Mfe.MSI.<DATE> %temp% \McAfeeLogs Contains details about the MSI installation of the agent. PrdMgr_<SYSTEM> [ DATA Path]\DB Contains details about agent communications with other McAfee products. UpdaterUI _<system> %temp% \McAfeeLogs Contains details of the updates to managed products on the client system. 5

McAfee error logs When the McAfee traps errors, they are reported in error logs. error logs are named for their primary log counterpart. For example, when errors occur while performing client tasks, the MCScript_Error file is created. Error logs contain only details about errors. How log file size is maintained When a log file reaches it maximum size, backup is added before the file name extension and a new log file is created. For example, when _<SYSTEM> reaches it maximum size, it is renamed _<SYSTEM> _backup. If a backup log already exists, it is overwritten. Depending on how recently the backup was created, it might contain current entries. Examine both log files to make sure that you view all current entries. To change the log size, create the DWORD value LOGSIZE in the registry key HKEY_LOCAL_MACHINE \Software\Network Associates\ePolicy Orchestrator, then set the value data to the size wanted. For example, 20=20MB. Enable access logging Enable Apache access logging by modifying the httpd.conf file. Task 1 From [epoinstalldir]\apache2\conf, open the httpd.conf file. 2 Run this command to edit the file. CustomLog " C:/PROGRA~1/McAfee/EPOLIC~1/Apache2/bin/rotatelogs.exe l C:/PROGRA~1/McAfee/EPOLIC~1/Apache2/logs/accesslog.%Y %m %d 86400" common (Remove the number symbol (#) from this line) This file path applies to the default epolicy Orchestrator installation. For custom installations, use the path specified in the httpd.conf file. 3 Save the file and restart your epolicy Orchestrator services. Log levels for debugging The log level, a value ranging from 1 to 8, determines the scope and depth of the information in most log files. Log levels provide this information: Messages logged at each level include all messages at the current level and all lower logging levels. The default value (7) is considered adequate for ordinary debugging. Log level 8 produces output, including every SQL query, whether or not there is an error. Log level 8 also provides communication details for troubleshooting network and proxy server issues. 6

Messages reported at each log level Message type Description Logging level e (error) User error message, translated 1 w (warning) User warning message, translated 2 I (information) User information message, translated 3 x (extended data) User extended information message, translated 4 E (error) Debug error message, English only 5 W (warning) Debug warning message, English only 6 I (information), or none Debug information message, English only 7 X (extended data) Debug extended information message, English only 8 Location of values controlling log levels and when they take effect You can't modify the logging levels of all logs. Log file name Log level value location Update duration _<system> 1 minute (approximate) Core install Not applicable Not applicable EpoApSvr Errorlog.<CURRENT _DATETIME> Eventparser FrmInst_<system> Jakarta_Service _<DATE> Localhost_access _log.<date>.txt MCSCRIPT Not applicable (File created by the Apache service) [INSTALL DIR]\SERVER\CONF\ORION \LOG CONFIG.XML [INSTALL DIR]\SERVER\CONF\ORION \LOG CONFIG.XML Windows platforms: dwdebugscript in HKEY _LOCAL_MACHINE\Software\Network Associates\TVD\Shared Components \Framework UNIX platforms: DebugScript in /etc/cma.d/ <epo 's software ID>/config.xml 1 minute (approximate) Not applicable 1 minute (approximate) At runtime Upon startup of epolicy Orchestrator Application Server service. Upon startup of epolicy Orchestrator Server service. Immediately Orion PrdMgr_<SYSTEM> [INSTALL DIR]\SERVER\CONF\ORION \LOG CONFIG.XML. See MaxFileSize parameter value in the Rolling log file section. Also, see Priority Value in the Root section. Upon startup of epolicy Orchestrator Application Server service. 1 minute (approximate) 7

Log file name Log level value location Update duration Replication Not applicable Not applicable Server Upon startup of epolicy Orchestrator Server service. Stderr Not applicable Not applicable UpdaterUI_<SYSTEM> 1 minute (approximate) activity log The agent activity log (AGENT_<SYSTEM>.XML) contains copies of messages from the AGENT_<SYSTEM>.LOG, including translated messages, of types e, w, and i, (corresponding to logging levels 1 3). This file is not intended for debugging, but as information for users not likely to be troubleshooting. Messages of type x (logging level 4) can be included in the activity log. For information on setting levels, see Logging levels for debugging. Information in the activity log also appears in the Monitor. If you enable remote access to the agent activity log file, you can also view the agent debug log files remotely by clicking View debug log (current or previous) in the header of the Show Log display. For instructions, see Activity Logs and Viewing the agent activity log in the McAfee epolicy Orchestrator Product Guide or Help. Adjust the Orion log level The orion file is created by the epolicy Orchestrator Application Server. You can configure the log level to show different types of Orion information in the log. Task 1 Using a text editor, open the Log Config.xml file, located at: C:\PROGRAMFILES\McAfee\ePolicyOrchestrator\Server\conf\orion 2 In the following line of text, replace warn with info or debug : <root><priority value ="warn"/><appender ref ref="rolling" /><appender ref ref="stdout/></root> Use debug only when troubleshooting for a short time. Setting the priority value to debug causes the old log files to be deleted frequently. 3 Save and close the file. Tomcat automatically adjusts the log level when the epolicy Orchestrator Application Server services restart. 8

Troubleshoot product issues Use logs to troubleshoot product issues. Tasks Troubleshoot policy updates on page 9 Troubleshoot incremental policy update issues from the server side. Interpret Windows error codes on page 9 To understand Windows error messages, identify the error code and look it up in the MSDN library. Troubleshoot policy updates Troubleshoot incremental policy update issues from the server side. Task 1 Create the DWORD registry value SAVEAGENTPOLICY = 1 in: HKEY_LOCAL_MACHINE ORCHESTRATOR 2 Restart all epolicy Orchestrator services. The epolicy Orchestrator server creates the file <AGENTGUID>_<TIMESTAMP>_SERVER.XML at <INSTALLATION PATH>\DB\DEBUG, which contains a copy of the content that the server deployed. Interpret Windows error codes To understand Windows error messages, identify the error code and look it up in the MSDN library. Task 1 Locate messages of type e or E in the log file. 2 Identify the time that the problem occurred, if known. 3 Note the Windows error code associated with the problem event. 4 Find the error code in the MSDN library at: http://msdn2.microsoft.com/en us/library/ms681381.aspx For example, when tracking down an error message that includes code 1326, navigate to and click the code in the list of system error codes. The explanation of the code is displayed: 1326 ERROR_LOGON_FAILURE Logon failure: unknown user name or bad password You can also use the ERRLOOK.EXE utility to determine the cause of these error codes. This utility is distributed with Microsoft Visual Studio. 9

Copyright 2013 McAfee, Inc. Do not copy without permission. McAfee and the McAfee logo are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. 10 0-00

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information