SEP for Mac client does not appear in the Symantec Endpoint Protection Manager (SEPM) after installing with a package exported from the SEPM, and you want to know how to troubleshoot heartbeat communication using a method similar to Sylink debug logging on Windows.
- SEP for Mac client does not appear in the SEPM after installing with package exported from the SEPM.
- Connection Status reads: Disconnected
Note: Since Mac clients can only get content via LiveUpdate, Sylink debug logging can't be used to troubleshoot content delivery, only the connection (heartbeat) to the SEPM.
To enable Sylink debugging on 12.1 RU2 and earlier, continue below. For 12.1 RU4 and later, skip down to the 12.1 RU4 section.
For 12.1 RU2 and earlier:
- Within a Terminal window, enter:
sudo /Library/StartupItems/SMC/smclient --debuglevel=engineer
- Authenticate when prompted. The Terminal window will not echo password input.
- Restart smclient. This is not required to change the debug level but it is a good idea on a managed client to force a check-in and retrieve updated policy settings:
sudo /Library/StartupItems/SMC/smclient --stop
sudo /Library/StartupItems/SMC/smclient --start
- Allow it to run for 10-15 minutes, then reverse changes (authenticating again when prompted) by entering:
sudo /Library/StartupItems/SMC/smclient --debuglevel=none
- When ready to collect logs, see the 'Gathering SEP for Mac logs' section below.
For 12.1 RU4 and later:
Within a Terminal.app window, run the following commands to setu logging levels. Use an 'administrator' account for this. Use of the 'sudo' command may require authentication. Use the current administrator's password.
- Set the logging level to the most detailed level - engineer:
sudo '/Library/Application Support/Symantec/SMC/tools/SetSettings' -lengineer
- Restart symdaemon via launchctl unload/load. This is not required to change the debug level but it is a good idea on a managed client to force a check-in attempt and retrieve updated policy settings:
sudo launchctl unload /Library/LaunchDaemons/com.symantec.symdaemon.*plist
sudo launchctl load /Library/LaunchDaemons/com.symantec.symdaemon.*plist
# SEP 12.1.x - /Library/LaunchDaemons/com.symantec.symdaemon.plist
# SEP 14 - /Library/LaunchDaemons/com.symantec.symdaemon.NFM.plist
Allow things to run for 10-15 minutes, in which time a heartbeat and other communication should occur.
Reverse changes to the logging level by entering:
sudo '/Library/Application Support/Symantec/SMC/tools/SetSettings' -lnone
Gather the log files.Gathering SEP for Mac logs:
- For all SEP for Mac versions, run the GatherSymantecInfo tool and email the results to technical support. This report will include the debug log as well as lots of other useful information. The debug log is otherwise located at:
Permissions on this file is rw-r--r-- (chmod 644) -- should be allowed to copy it to desktop or attach to email.
Debugging rolls over to a new log file after 10 MB and this is not configurable. A maximum of 5 rolled-over log files are created, after which the older files are purged.
Indication of a successful communication status will appear in the Symantec Quick Menu:
Title: 'Installing Symantec Endpoint Protection 11 for Macintosh'
Title: 'How to convert an unmanaged SEP for Macintosh client to managed'
Title: 'The SEP for Macintosh SMC service (smcdaemon)'
There are three levels to set for debugging: none, support, and engineer. The output for engineer resembles Windows Sylink logging, with some extra information about scan policy values. Note for 12.1 RU4 and later, the three debugging levels are input as