Data Collection - How to enable Log Level 8 for ePolicy Orchestrator troubleshooting
Last Modified: 1/30/2023
Affected Products
Languages:
This article is available in the following languages:
Trellix CEO, Bryan Palma, explains the critical need for security that’s always learning.
As per Gartner, "XDR is an emerging technology that can offer improved threat prevention, detection and response."
Trellix announced the establishment of the Trellix Advanced Research Center to advance global threat intelligence.
Trellix Advanced Research Center analyzes threat data on ransomware, nation-states, sectors, vectors, LotL, MITRE ATT&CK techniques, and emails.
As of May 14, 2024, Knowledge Base (KB) articles will only be published and updated in our new Trellix Thrive Knowledge space.
Log in to the Thrive Portal using your OKTA credentials and start searching the new space. Legacy KB IDs are indexed and you will be able to find them easily just by typing the legacy KB ID.
Data Collection - How to enable Log Level 8 for ePolicy Orchestrator troubleshooting
Technical Articles ID:
KB56207
Last Modified: 1/30/2023 EnvironmentePolicy Orchestrator (ePO) 5.x
SummaryTechnical Support might request debug level log files when troubleshooting an issue as part of Data Collection. Registry settings control the ePO logging level.
Log Level 8 produces many more log entries, including some SQL queries and whether there's an error. Log Level 8 provides all communication details needed to troubleshoot network and proxy server issues. Because Log Level 8 generates so many more entries, the size of the logs must be increased to capture additional information. The default log size is 1 MB.
Guidance for enabling Log Level 8
IMPORTANT: Enable Log Level 8 before you try to reproduce a problem. Enabling Log Level 8 for an issue that can't be reproduced doesn't provide adequate information for troubleshooting.
SolutionCAUTION: This article contains information about opening or modifying the registry.
To enable Log Level 8:
To decide the
NOTE: For most logs, the logging level changes become effective after one minute. A services restart might be needed for some logs too.
0 = Disabled
1 = Enabled
Related InformationFor additional information about ePO and Mcafee Agent logging, see the ePolicy Orchestrator Log File Reference Guide. This guide contains information about topics such as the following:
For product documents, go to the Product Documentation portal.
Affected ProductsLanguages:This article is available in the following languages: |
|