Enabling verbose level logging in PGP Desktop (Symantec Encryption Desktop) for Windows
Article ID: 180838
Updated On:
Products
Issue/Introduction
The log file for Encryption Desktop is located here and can be opened with a text editor like Notepad:
"%appdata%\PGP Corporation\PGP\PGPlog.txt"
A new log file is created every day. For example, the previous day's log file is named PGPlog1.txt. Up to 7 log files are retained.
You can view the log by right clicking on PGP Tray and choosing View Log.
It is also available by opening Encryption Desktop and choosing Tools / View Log.
Sometimes you may need to enable verbose (debug) level logging in order to troubleshoot an issue.
Environment
Symantec Encryption Desktop 10.4.2 and above.
Resolution
Change the Registry
Enabling debug level logging requires a registry change. Local administrator rights are not normally required though your organization may have added custom restrictions.
Create a file called, for example, debugSED.reg containing the following. Note that line 2 must be empty:
Windows Registry Editor Version 5.00
[HKEY_CURRENT_USER\Software\PGP Corporation\Universal\Debug]
"LoggingLevel"=dword:0003ffff
"DebugLogging"=dword:00000001
"PassthruMode"=dword:00000000
"ReDirectExe"=""
Double click on the file from Windows File Explorer and agree to import the settings.
Restart PGP Tray
Exit PGP services by right clicking on the PGP Tray icon from the Windows notification area of the taskbar and selecting Exit PGP Services.
Restart the PGP services by opening Symantec Encryption Desktop.
Verify verbose level logging is enabled
Once verbose logging is running, you will see entries beginning with DE and VE entries in the log file:
"%appdata%\PGP Corporation\PGP\PGPlog.txt"
For example:
VE 17:29:03 Attempting to download user policy from keys.example.com
If you right click on PGP Tray and choose View Log, be sure to select Verbose in the list of View levels. You will then see verbose entries in dark black font.
When the PGP Desktop client is in "Full Debug", meaning all check boxes are enabled, as well as "Proxylib" and "TLS" levels are set to Debug, the Hex values will show as "0x3FFFF"
Typically, regular "0x00F3F" is sufficient for general debug where it will capture most information needed, but not all.
If gathering details for support, it's likely useful to capture all debug, but it may be a good idea to scrub the file to ensure no sensitive information is provided.
When the client is in debug mode, click on the PGP padlock by the time, and select "View Log", then select Verbose and you should be able to see "Debug" entries listed:
Disabling and enabling verbose level logging
To disable verbose level logging, right click on PGP Tray and choose Debug Logging Options and then uncheck all the boxes.
You should no longer see "DE" or "Debug" entries in the logs.
If you do not see this option then either the registry change has not succeeded or PGP Services were not restarted after the registry change.
To disable verbose level logging, simply click on the Override User-specified logging level check box and click the OK button. Then restart PGP Services.
Confidentiality considerations
Please be aware of the following:
- Debug logging is configured per user, not per computer.
- Certain sensitive information will be written to the log in verbose mode.
For example, if you are using SMTP/POP3/IMAP the log may contain sensitive information and raw emails as they pass through the proxy.
You may want to remove confidential information before sending the logs to anyone.
Additional Information
Feedback
