What information is needed by support to troubleshoot Critical System Protection (SCSP) or Data Center Security (SDCS) agent and management server issues?

GAI = Gather Agent Information

GSI = Gather Server Information

To collect agent information, run the agent collect information script. This script is installed with the SCSP/SDCS agent package and can be run from the agent system or the management console.

I. Running the collect info script from a Windows agent system:

To collect information on a Windows agent computer, you can run the collect info script directly from the agent computer.

1.       Log on to a Windows agent computer.

2.       Click Start > Programs > Symantec Critical System Protection/Symantec Data Center Security> Collect Agent Info.

You see the following messages:
Collecting Install Logs...
Collecting Event Logs...
Collecting System Info...
Collecting Registry Info...
Collecting IPS Service Settings...
Collecting IDS Service Logs and Settings...
Collecting Logs...
Collecting IPS Driver Settings...
Collecting SCSP/SDCS Environment Settings...
Zipping Info...
Cleaning Up...
*** Please send the ZIP file:
*** D:\Temp\[Date]_[Time]_CW_MACHINENAME.zip
*** to Symantec support
Press any key to continue...

If the agent has been configured to not have Start menu items for Critical System Protection/Data Center Security, you may run this collector manually by browsing to the install directory (for example, C:\Program Files\Symantec\Symantec\Critical System Protection (or Data Center Security)\IPS\Tools) and running getagentinfo.bat.

II. Running the collect info script from a UNIX agent system:

To collect information on a Solaris, Linux, AIX, HP-UX, or Tru64 agent computer, you can run the agent collect info script directly from the agent computer.

1.      Log on to a UNIX agent computer.

2.      Navigate to the following directory: /opt/Symantec/scspagent (or sdcssagent)/IPS/tools/.

3.      You may have to SU to sisips to run this command in older versions, for all newer versions getagentinfo.sh needs to be run as the user root.

4.      At a command prompt, type and run the following command: "# ./getagentinfo.sh ".

You see the following messages:
Collecting Install Logs...
Collecting System Info...
Collecting syslog Files...
Collecting System Startup Info...
Collecting SCSP/SDCSS Logs...
Collecting SCSP/SDCSS IPS Configuration Settings...
Collecting SCSP/SDCSS IDS Configuration Settings...
Zipping Info...
Cleaning Up...
*** Please send the Info File:
*** /tmp/[Date]_[Time]_CW_MACHINENAME.tar.Z
*** to Symantec
Press any key to continue...

III. Running the collect info script for an Agent from the management console:

To collect information about a Windows or UNIX agent computer to which you do not have login access, you use the CSP_Agent_Diagnostics/SDCSS_Agent_Diagnostics detection policy. A version of the policy is available for Windows and UNIX agents.

See the Symantec Critical System Protection Detection Policy Reference Guide for information about the CSP_Agent_Diagnostics/SDCSS_Agent_Diagnostics policy.

Note: Bulk log transfer must be enabled first. See the Administration Guide on how to enable bulk log transfer.

1.       Log on to the management console as an administrator.

2.       In the management console, in the Detection view, on the Policies page, in the Workspace pane, edit the CSP_Agent_Diagnostics/SDCSS_Agent_Diagnostics policy.

3.       Enable 'Select a function to run on the agent', and then click 'Select a function'.

4.       In the Value box, select 'Run the collect info script'.

5.       Click OK to save the policy changes.

6.       Apply the policy to the agent. The policy runs the collect info script immediately after being applied to the agent.

7.       In the management console, monitor the events on the Monitors page to determine if the collect info output file was uploaded to the management server. Look for management events of type Agent Status. The event message contains the name of the collect info output file.

8.       Clear the policy from the agent (Right click the agent under the Assets tab of the Detection View and select 'clear policy').

9.       Log on to the management server to get the collect info output file. Get the collect info output file from the server directory: C:\Program Files\Symantec\Critical System Protection (or Data Center Security)\Server\logfiles\.

IV. How to gather the Management Server logs- Collect Server Info Script.

1. Log onto the management server via RDP or local.

2. Click Start>Programs>DCS Install location>Collect Server Info.

3. You will see the following messages:

Collecting Install Logs...
Collecting Event Logs...
Collecting System Info...
Collecting Registry Info...
Collecting App Server Logs and Settings...
Collecting Database Logs and Settings...
Collecting Server Environment Settings...
Collecting Agent Info...
Zipping Info...
Cleaning Up...

*** Please send the ZIP file:
***   "C:\Temp\[Date]_[Time]_CW_MACHINENAME.zip"
*** to Symantec Support

Press any key to continue . . .

V. Gathering UMC and Operations Director logs.

From the UMC Console click Monitor then click the checkbox for DCS Unified Management Console and DCS Operations Director then click download.  That will save the logs to your local disk.

VI. Gathering SVA logs.

From the UMC console, open the Server tab by clicking the dropdown box and selecting the Server option.  Once the tab is open click on Assets, then Virtual Machine. (This is located directly beneath home bar) Once that loads check the box next to the SVA you need logs from and then click on Generate Diagnostic Package.

Once that is done. In the same browser tab click Monitor, then click Status, then select Generic Diagnostic on the left pane.  You should see the job status, once it is complete you can check the box next to the job and download the file.