The DCS Manager can be configured to save bulk log files to an alternate location (i.e. network share)
Bulk log files are uploaded by the agent and received by the DCS manager that the agent is registered to. These log files are written to disk by the DCS manager at the directory path specified in: “C:\Program Files\Symantec\Data Center Security Server\Server\tomcat\conf\sis-server.properties”.
The default location for saving log files is: "C:\Program Files\Symantec\Data Center Security Server\Server\logfiles\". However, changing the value of "sisbulklog.dir=../logfiles" in the sis-server.properties file will redirect the logs to a location of your choice.
You can set this path to a network path on a different system. However, you will have to configure a Windows share at the intended location and ensure the DCS Management server has write-access to that location.
From C:\Program Files\Symantec\Data Center Security Server\Server\tomcat\conf\sis-server.properties: # # sisbulklog.dir # # This tag represents the directory to store the bulk log # files. # # NOTE: when changing this directory, make sure that the # directory exists and if you are running a SCSP # agent with protection on, you need to give the # SCSP server access to that directory. # # default: ../logfiles # #sisbulklog.dir=../logfiles
Example syntax: sisbulklog.dir=//host2/host2bulklogdir/
Create a shared network location on the destination system with the directory name such as “host2bulklogdir” (full access = everyone). Then, in Service Control Manager, right click on Data Center Security Server and select properties. In the property panel, select “Log On” tab. Select “This Account” and enter a user name and password. Start with a user who has administrative privilege on the local system. Click Ok to save the settings. The system may notify you that this user will be given "Run as Service" privileges.
Then, on the SCSP Management server, in: “C:\Program Files\Symantec\Data Center Security Server\Server\tomcat\conf\sis-server.properties”, un-comment the "#sisbulklog.dir=../logfiles" line and change to "sisbulklog.dir=//host2/host2bulklogdir/" (see above), where //host2/host2bulklogdir/ is the alternate upload location that you have created. This will allow the SCSP manager to start writing bulk log files over the network to host2 in the specified location.
Now restart Symantec Data Center Security Server Manager service.
After successfully writing logs to the target location, restrict the security setting for the new upload location from Everyone to just the hostname of the DCS Management server (ideally it should open for only for the DCS manager, but the DCS manager runs using System credentials so it will have to grant access to all).
Subscribing will provide email updates when this Article is updated. Login is required.