Who: SEPM Administrator
What: Sylink Debugging/Logging
When: When you determine there is a communication issue between SEP client(s) and the SEPM
Where: Enabled via the registry (Windows)
Why: Troubleshooting communication issues
How: How to enable Sylink debugging for Endpoint Protection clients
Enabling and reviewing the sylink debug log is the first step in troubleshooting communication issues between SEP client(s) and the SEPM. It reveals a great amount of information on what's really going on behind the scenes. However, the problem is that it's not always easy to review the log and understand how to interpret it. My purpose is to change that with this article. I want it to be dynamic and have a life of its own. I urge everyone to contribute to it by adding comments below as I'll be constantly updating this article with new information that has been posted. If you've ever reviewed a sylink log in detail than you know how frustrating it can be at times. Let's get this started and help out SEPM admins who's responsibility it is to review sylink logs.
I'll start by adding my list of "keyword searches" and error codes that I've used and seen in the past.
Keyword searches in the sylink log:
</SSARegData>
HEARTBEAT:
<SendRegistrationRequest:>
<ParseHTTPStatusCode:>
HTTP returns status code=
EVENT_LICENSE_EXPIRATION_DAYS
Got Gup
Got data
Error codes/messages in the sylink log:
<ParseHTTPStatusCode:>503=>503 SERVICE NOT AVAILABLE
<ParseHTTPStatusCode:>400=>400 Bad Request
<ParseHTTPStatusCode:>469=>469 CONTENT PENDING
<ParseHTTPStatusCode:>200=>200 OK
<ParseHTTPStatusCode:>500=>500 INTERNAL SERVER ERROR
<ParseHTTPStatusCode:>0=>Uninterpreted Status
<ParseHTTPStatusCode:>468=>468 Request not allowed
<ParseHTTPStatusCode:>403=>403 Forbidden
<ParseHTTPStatusCode:>404=>404 Not Found
<ParseHTTPStatusCode:>407=>Uninterpreted Status
Here's your opportunity now. What keywords do you search for or what errors codes have you seen that helped you fix a problem between SEP client(s) and the SEPM?
Responses from Symantec employees would also be very much appreciated as I'm sure there are many more that can be added.
Please contribute and help make interpreting the sylink log easier for SEPM admins everywhere.
Feel free to reach out to me privately as well if you need anything.
Thanks,
Brian