This article describes the steps for enabling Sylink debug logging. Sylink debugging is used for troubleshooting communication issues between the Symantec Endpoint Protection (SEP) client and the Symantec Endpoint Protection Manager (SEPM).
Note: For version 14.0, this document applies to clients running SEP 14.0 RU1 MP2 and earlier. For clients running SEP 14.2, refer to TECH250061
Caution: Before you begin, you should make a backup of the Windows Registry. See the Microsoft article Back up the registry.
Note: You must disable the Tamper Protection feature before you follow this process. If you do not disable Tamper Protection, it will block the required registry key modifications. To disable Tamper Protection, see the following article: Disable Tamper Protection.
To enable Sylink debug logging via the Windows Registry
I. Enable SMC debug logging
To open the Registry Editor, click Start. In the Search programs and files field, enter regedit, and then click regedit.exe from the list of results. Alternately, click Start > Run, enter regedit, and then click OK.
Navigate to the following registry subkey on 64-bit systems: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\
Note: For all 32 bit systems, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC
Change the Value data to 1 and click OK.
II. Enable Sylink debug logging and define Sylink log location
While still in the Windows Registry Editor, navigate to the following registry subkey: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Note: For all 32 bit systems, navigate to: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\Symantec Endpoint Protection\SMC\SYLINK\SyLink
Click Edit > New > String Value.
Name the new value DumpSylink.
In the Value data field, specify the name and location for the log file. For example, C:\Sylink.log would place the file Sylink.log at the root of the C: drive.
Click Edit > New > DWORD
Name the new value DumpSylinkLevel
Change the Value data to 4 and click OK.
Close the Registry Editor.
III. Restart the Symantec Management Client (SMC)
Click Start, and in the Search programs and files field, enter the following command: smc -stop Alternately, click Start > Run, enter the command and then click OK.
After the Symantec Endpoint Protection icon disappears from the notification area, repeat Step 1, but instead use the following command: smc -start
Sylink debug logging is now enabled. The resulting log file appears in the location you specified above.
To disable Sylink debug logging via the Windows Registry
After you have collected the necessary data, disable Sylink debug logging by navigating to the same subkeys in the Windows Registry and making the following changes:
Delete the DumpSylink string that you created.
Delete the DumpSylinkLevel dword that you created
Change the Value data of smc_debug_log back to 0.
Restart the Symantec Management Client.
Enable Tamper Protection again.
If you do not disable Sylink debug logging, the log file may grow very large with the communication data from client to management server.
Imported Document ID: TECH104758
Subscribing will provide email updates when this Article is updated. Login is required.