SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x

Symantec.com > Enterprise > Support > Knowledge Base

SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x

Question/Issue:
SylinkWatcher and SylinkMonitor - tools for real-time debugging of the Sygate / Symantec Protection Agent (SPA) 5.x and Symantec Endpoint Protection (SEP) 11.x

Solution:
SylinkWatcher and SylinkMonitor are tools that show Symantec Endpoint Protection 11.x / Sygate Protection Agent 5.x debugging information in real-time. The information it shows is not exactly the same as what is saved to the debug.log file in the agent directory. Particularly for agent upgrade issues it often gives more helpful information than just debug.log by itself.

Download: (for newer client versions)

SylinkWatcher works with the Sygate / Symantec Protection Agent 5.x before the MR4 release and the Symantec Endpoint Protection 11.x agent before the MR2 release.
SylinkMonitor is the tool to be used for SPA 5.1 MR4 and later and SEP 11 MR2 and later.

Important Note regarding SEP 11 MR3 and later versions:

The behavior of Sylink debug logging and SylinkMonitor tool has changed in SEP 11 MR3. With MR3 and later versions, a debug value has to be manually set in the registry.

- Set registry key: HKLM\Software\Symantec\Symantec Endpoint Protection\SMC - smc_debuglog_on = 1
- Stop SMC: START > RUN > smc –stop
- Start SMC: START > RUN > smc –start
- Run SylinkMonitor

Example of a failed agent upgrade from debug.log

01/26 10:40:46 [456:1104] <DownloadNow:>SSA Version on server=101063035, SSA Version on client=101062916,HIAUpdate = 151,ServerBuild = 5.1.5.2864
01/26 10:40:46 [456:1104] CDownloadManager::StopDownload is done
01/26 10:40:49 [456:1196] <HttpDownload>C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi checksum error
01/26 10:40:53 [456:1196] <HttpDownload>C:\Program Files\Symantec\SPA\Download\Readme.txt checksum error

The same failed agent upgrade from SylinkWatcher

01/26 10:40:46 <DownloadNow:>SsaBuildOnServer=5.1.6523
01/26 10:40:46 <DownloadNow:>ForceDeploy=1
01/26 10:40:46 <DownloadNow:>ClientType=105 NewClientType=105
01/26 10:40:46 <DownloadNow:>SSA Version on server=101063035, SSA version on client=101062916,HIAUpdate = 151,ServerBuild = 5.1.5.2864
01/26 10:40:46 <DownloadNow:>Set download URL=http://192.168.20.1/spa/
01/26 10:40:46 <DownloadNow:>Set storage path=C:\Program Files\Symantec\SPA\Download
01/26 10:40:46 <PostEvent>going to post event=EVENT_SERVER_CONNECTING
01/26 10:40:46 <PostEvent>done post event=EVENT_SERVER_CONNECTING, return=0
01/26 10:40:46 <DownloadNow:>DOWNLOADing new client package
01/26 10:40:47 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:47 <HttpDownload>http://192.168.20.1/spa/packlist.xml to C:\Program Files\Symantec\SPA\Download\packlist.xml
01/26 10:40:47 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:48 <DeleteFiles>Delete File: C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:48 C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi filesize unmatched 0
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:48 Cannot get file status of C:\Program Files\Symantec\SPA\Download\Readme.txt
01/26 10:40:48 <IsPackageComplete>Package is not complete on the download path, count = 5
01/26 10:40:48 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:48 <DownloadProc>5 files to download
01/26 10:40:49 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:49 <DownloadProc>FILE=SymantecProtectionAgent.msi, DATE=01-10-2007 17:50:28, CHECKSUM=4c05658f
01/26 10:40:49 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:49 <HttpDownload>http://192.168.20.1/spa/SymantecProtectionAgent.msi to C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi
01/26 10:40:49 <HttpDownload>C:\Program Files\Symantec\SPA\Download\SymantecProtectionAgent.msi checksum error
01/26 10:40:49 <HttpDownload>Download server returns code=206
01/26 10:40:50 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:50 <DownloadProc>FILE=SyLink.xml, DATE=, CHECKSUM=
01/26 10:40:50 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:50 <HttpDownload>http://192.168.20.1/spa/SyLink.xml to C:\Program Files\Symantec\SPA\Download\SyLink.xml
01/26 10:40:51 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:51 <DownloadProc>FILE=setAid.ini, DATE=, CHECKSUM=
01/26 10:40:51 <HttpDownload>http://192.168.20.1/spa/setAid.ini to C:\Program Files\Symantec\SPA\Download\setAid.ini
01/26 10:40:52 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:52 <DownloadProc>FILE=serdef.dat, DATE=, CHECKSUM=
01/26 10:40:52 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:52 <HttpDownload>http://192.168.20.1/spa/serdef.dat to C:\Program Files\Symantec\SPA\Download\serdef.dat
01/26 10:40:53 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:53 <DownloadProc>FILE=Readme.txt, DATE=01-10-2007 17:14:01, CHECKSUM=c2a33062
01/26 10:40:53 <GetVpneTrafficStatus>Blocked=15; reason=127
01/26 10:40:53 <HttpDownload>http://192.168.20.1/spa/Readme.txt to C:\Program Files\Symantec\SPA\Download\Readme.txt
01/26 10:40:53 <HttpDownload>C:\Program Files\Symantec\SPA\Download\Readme.txt checksum error
01/26 10:40:53 <SetLastModified>Failed to get C:\Program Files\Symantec\SPA\Download\Readme.txt DATA STATUS, ERROR=2

Also see

How to: Debug the Symantec Protection Agent 5.x"

How to: Debug the Symantec Endpoint Protection 11.x agent

"How to: Debug the Symantec Endpoint Protection Manager (SEPM) console"

"How to: Enable debugging of the Symantec Enforcer Appliance"

"How to: Enable debugging of the Symantec Integrated Enforcer Plugin"

"SylinkWatcher and SylinkMonitor - tools for real-time debugging of SPA 5.x and SEP 11.x"

Technical Information:
You can also generate a SyLink log without using the tool:

Inside HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
set DumpSyLink (a REG_SZ value) to the file path where the log should go (e.g. c:\sylink.log).
smc.exe must be restarted after the change.

Document ID: 2007456519454798
Last Modified: 09/21/2009
Date Created: 02/16/2007
Product(s): Endpoint Protection 11, Network Access Control 11, Symantec AntiVirus Advanced Protection 11.0, Symantec Network Access Control 5.1, Symantec Sygate Enterprise Protection 5.0, Symantec Sygate Enterprise Protection 5.1
Release(s): Endpoint Protection 11 [All Releases], Endpoint Protection 11.0, Network Access Control 11.0, Network Access Control 11.0 [All Releases], Symantec AntiVirus Advanced Protection 11.0, Symantec AntiVirus Advanced Protection 11.0 [All Releases], Symantec Network Access Control 5.1, Symantec Network Access Control 5.1.5, Symantec Sygate Enterprise Protection 5.0, Symantec Sygate Enterprise Protection 5.1