The SCSP Manager can be configured to save bulk log-files to an alternate location (i.e. network share)
Bulk log files are uploaded by the agent and received by SCSP manager that the agent is connected to. These log files are written to disk by the SCSP manger at the directory path specified in:
“C:\Program Files\Symantec\Critical System Protection\Server\tomcat\conf\sis-server.properties”.
The default location for saving log files is:
"C:\Program Files\Symantec\Critical System Protection\Server\logfiles\".
However, changing the value of "sisbulklog.dir=../logfiles" in the sis-server.properties file will redirect the logs to a location of your choice.
You can set this path to a network path on a different system. However, you will have to configure a Windows share at the intended location and ensure the SCSP Management server has write-access to that location.
From C:\Program Files\Symantec\Critical System Protection\Server\tomcat\conf\sis-server.properties:
# This tag represents the directory to store the bulk log
# NOTE: when changing this directory, make sure that the
# directory exists and if you are running a SCSP
# agent with protection on, you need to give the
# SCSP server access to that directory.
# default: ../logfiles
Create a shared network location on the destination system with the directory name such as “host2bulklogdir” (full access = everyone).
Then, in service control manager, right click on Symantec Critical System Protection Manager and select properties. In the property panel, select “Log On” tab. Select “This Account” and enter a user name and password. Start with a user who has administrative privilege on the local system. Click Ok to save the settings. The system may notify you that this user will be given "Run as Service" privileges.
Then, on the SCSP Management server, in: “C:\Program Files\Symantec\Critical System Protection\Server\tomcat\conf\sis-server.properties”,
un-comment the "#sisbulklog.dir=../logfiles" line and change to "sisbulklog.dir=//host2/host2bulklogdir/" (see above), where //host2/host2bulklogdir/ is the alternate upload location that you have created. This will allow the SCSP manager to start writing bulk log files over the network to host2 in the specified location.
Now restart Symantec Critical System Protection Manager service.
After successfully writing logs to the target location, restrict the security setting for the new upload location from Everyone to just the hostname of the SCSP Management server (ideally it should open for only for the SCSP manager, but the SCSP manager runs using System credentials so it will have to grant access to all).
Rate this Article