I got the instructions below to gather some logs for a problem I've troubleshooting and I'd like to ask Symantec to develop a tool that will collect the sylink.log.
Since we have Tamper Protection enabled in our environment, I need to create a new group, without Tamper Protection and move the impacted machine to it, so I can change the reg keys required.
Also, can this be incorporated into SymHelp(Former SST)?
Instructions received from Symantec below:
Thanks!!
The only way to enable Sylink Debugging is through the registry:
How to enable Sylink debugging for the Symantec Endpoint Protection 11.x and 12.1 client in the Windows Registry
http://www.symantec.com/docs/TECH104758
Enabling Sylink debug logging via the Windows Registry:
- Click Start > Run
- Type in: regedit and click OK
- Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
- Double-click smc_debuglog_on
- Change the Value data to 1 and click OK
- Navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
- Click Edit > New > String Value
- Name the new value: DumpSylink
- Double-click DumpSylink
- In the Value data field, specify the file name (Sylink.log) and desired location for the log file. Example: C:\Sylink.log
- Click OK
- Close the Registry Editor window
- Click Start > Run
- Type in: smc -stop and click OK
- Wait until the SEP icon disappears from the system tray. (Approximately thirty seconds.)
- Click Start > Run
- Type in: smc -start. Click OK. Sylink debug logging is now enabled; the sylink.log file will appear in the location specified in step 10.