Symantec Endpoint Protection Manager connects to the client with a communications file called Sylink.xml. The Sylink.xml file includes the communication settings such as the IP address of the management server and the heartbeat interval. After you install a client installation package on to the client computers, the client and the server automatically communicate.
The sylink file performs many of its functions during the heartbeat. The heartbeat is the frequency at which client computers upload logs to the management server, and download policies and commands.
The sylink file contains:
The public certificate for all management servers.
The KCS, or encryption key.
The Domain ID that each client belongs to.
Note: |
Do not edit the sylink file. If you change the settings, the management server overwrites most settings the next time the client connects to the management server. |
See Updating policies and content on the client using push mode or pull mode.
Troubleshooting Sylink communication
In version 14.2, the communications module was upgraded, and includes new log files. You can use this information to troubleshoot communication issues between Symantec Endpoint Protection Manager and the clients.
The 14.2 communications module works with all client types, including Windows, Mac, and Linux, and has improved IPv6 support.
Note: |
As of version 14.2, the communication module only honors system proxy information. |
To view the log files for the communications module
On the Windows client, in the following folder:
C:\ProgramData\Symantec\Symantec Endpoint Protection\CurrentVersion\Data
You can view the following files:
For client registration:
RegistrationInfo.xml
Client registration metadata that the client submits to Symantec Endpoint Protection Manager.
Registration.xml
Client registration metadata that Symantec Endpoint Protection Manager returns to the client.
State.xml
Includes internal settings, such as the management server IP address.
For the communications module logs:
\Logs\cve.log and \Logs\cve-actions.log
Use these logs to troubleshoot communication between Symantec Endpoint Protection Manager and the client. Send these logs to Technical Support if asked.
For the opstate status:
Appears in the logs in the \Pending and \Sent folders
To configure the communication module logs
Open the Windows Registry Editor, click > , type regedit, and then click .
To enable the cve.log or cve-actions.log, open the following Windows registry key:
[HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink REG_DWORD: CVELogLevel
Use any of the following values:
1 = Debug
2 = Info
3 = Warning
4 = Error
5 = Fatal
If the registry key is not present or does not have a valid value, it defaults to 4. The installation default is also 4.
For example, you can type:
32-bit: [HKLM\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] "CVELogLevel"=dword:00000001
64-bit: [HKLM\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] "CVELogLevel"=dword:00000001
To control the size of these logs, use the following registry value: [HKEY_LOCAL_MACHINE\SOFTWARE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink] REG_DWORD: CVELogSizeDB
The default size is 250 MB.
How to enable Communication Module logging in Endpoint Protection 14.2
How to enable Sylink debugging for Endpoint Protection clients (14.1 and earlier)
Thanks for your feedback. Let us know if you have additional comments below. (requires login)