Help Center
News
Help Center
News
Popular
Architecture and High-level Information
Scans
Agents
How to Use Dashboards
How to Use Data Asset Inventory
How to Install\Uninstall and Set Up Spirion Sensitive Data Platform
How to Use Logs
How to Manage Users and Roles
Settings and Resources
Additional Resources
Reports
Reporting API
Customer Support Articles
How to Follow Data Through the Search PipelineEndpoint for Windows Configuration Reference GuideEndpoint Software Command Line InterfaceBasic Troubleshooting Steps (Enterprise Console)Endpoints or Results Fail to be Displayed in the ConsoleMongoDB and TLS 1.3SQL Client SQL Exception ErrorHow to Troubleshoot Spirion Client Search Failures and How to WhitelistCustomer Notice – Spirion Agent Update & Security Assessment for PostgreSQLHow to Enable Verbose/Debug Logging for the Endpoint ServiceHow can I monitor the status of a queue job?Can I monitor the job queue status automatically?Troubleshooting: "Unable to find job queue: search_queue"How to Verify the Discovery Agent's StatusHow to check if port 6433 is open on your networkWhat is the SDM Translator Service?How to Create a Single Tenant App for OneDrive and Exchange Online SearchesHow to Configure Spirion for Sybase DiscoveryHow to Use Certificates to Authenticate with SharePoint OnlineHow to Quarantine to a Remote Location Using Spirion Sensitive Data PlatformA Server Error has Occurred: How to use the Chrome Developer ToolsWhy doesn't my Oracle 19c Database scan?How to Enable Full Disk Access on a Mac AgentWhy is My Scan Node Running Out of Disk Space?What to do about Message Processing and Delays, also known as 'Lag,' in SpirionDetails About the Box API used by Spirion to Search Box AccountsHow to Build a Mac Package (PKG)How to Sanitize AgentsHow to Set User and Role AccessHow to Enable SSL Communication between Linux Agents and the Spirion ConsoleHow to Enable HTTPS for the Spirion ConsoleHow to Search BoxFAQ: How do I avoid being prompted to re-login to the Spirion console?Spirion Sensitive Data Platform Scan PerformanceHow to Authenticate to SharePoint On-PremiseHow to Configure Spirion Sensitive Data Platform to Connect to an Oracle DatabaseFAQ: Linux 12.5 Client Package Build WorkaroundTroubleshoot Exchange Online Using Microsoft Graph ExplorerFAQ: What to do when an agent will not start the discovery team scan?Required SQL Server PermissionsHow to Scan Microsoft Teams with Spirion Sensitive Data PlatformField Input Using Linux Machines Anti-virus Alerts Received during Spirion SearchVersion 13.6 MSI Installation Issues - Exe file not signedWhat are common firewall rules needed for distributed scans?
Release Notes

How to Enable Verbose/Debug Logging for the Endpoint Service

The endpoint service is an application that executes on systems that have an Identity Finder endpoint application installed.  The service is responsible for communication with an enterprise console for example to obtain policies and scheduled tasks.  The service is not installed by default and must be included in the deployment process. 

When issues are encountered with communication between an endpoint and the console or with the application of policies or tasks, it may be desirable to increase the amount of logging performed by the endpoint service to diagnose the issue.

The following explains how to enable verbose logging for the endpoint service manually however if the endpoint is already communicating with the Console then you can enable it from the Console by following the instructions in the following linked article:

Files for Download

This article contains a file for download from the Customer Support Portal. Login to the Support Portal to download the file directly.

Via Endpoint

Windows

On Windows, create a system setting by editing the local registry of the system that is experiencing the issue by following these steps:

  1. Launch the Windows registry editor.
  2. Navigate to or create the following path:
    1. 32-bit Windows:
      HKEY_LOCAL_MACHINE\Software\Identity Finder\Endpoint Service\
    2. 64-bit Windows:
      HKEY_LOCAL_MACHINE\Software\Wow6432Node\Identity Finder\Endpoint Service\
  4. Create a setting named logLevel (case sensitive) of type REG_DWORD.
  5. Set the value to the desired level:
    • For informational messages, set the value to 1.
    • For debugging messages, set the value to 2.
    • For detailed trace messages, set the value to 3.
    • For all messages, set the value to 4.
  7. Restart the Identity Finder Endpoint Service by accessing Services via Control Panel/Computer Management or by rebooting the system.

Because there is no command console attached to the service, the messages will be written to the endpoint service log, which by default is located in:

%ProgramData%\Identity Finder\Logs\EPS\endpointservice.log

Note: After obtaining the desired information and resolving the issue, it is critical to delete this setting or set it to a value of 0 to disable verbose logging or the log file may consume large amounts of disk space.

You can enable verbose EPS logging also via command line with the following three commands which can be put in a batch file.  The commands need to be run at a cmd prompt opened as admin.

reg add "HKLM\SOFTWARE\WOW6432Node\Identity Finder\Endpoint Service" /v logLevel /t REG_DWORD /d 4 /f
net stop "spirion endpoint service"
net start "spirion endpoint service"

Mac

On the Mac, create or edit a system xml on the system that is experiencing the issue by following these steps:

  1. Create or edit an xml configuration file in the system location:
    /Library/Preferences/com.identityfinder.macedition.xml
  2. Create the Category Endpoint Service and a setting named logLevel (case sensitive) of type Integer as shown below:
    </Category>
    <Category Name="Endpoint Service">
    <Setting Multi="false" Name="logLevel" Type="Integer">
    <Value>4</Value>
    </Setting>
    </Category>
  3. Set the value to the desired level:
    • For informational messages, set the value to 1.
    • For debugging messages, set the value to 2.
    • For detailed trace messages, set the value to 3.
    • For all messages, set the value to 4.
  5. Restart the endpoint service
    1. Start a Terminal session
    2. Use the following command to change to the "LaunchDaemons" directory:
      cd /Library/LaunchDaemons
    3. Use the following command to obtain a listing of currently running launch daemons that include the word "identity":
      sudo launchctl list | grep identity
    4. Use the following command to determine if the endpoint service is currently running by looking for a process ID (78 in the example below) and the Identity Finder launch daemon:
      78 - com.identityfinder.launchdaemon
    5. If the service is running, stop it using the following command:
      sudo launchctl unload com.identityfinder.launchdaemon.plist
    6. Start the service:
      sudo launchctl load com.identityfinder.launchdaemon.plist

Because there is no command console attached to the service, the messages are written to the endpoint service log which is named in the form EPS_yyyy_mm_dd_hh-mm-ss.log.

For example: "EPS_2014-04-29_10-26-52.log" and is located in the directory:

/Library/Identity Finder/Logs/

Note: After obtaining the desired information and resolving the issue, it is critical to delete this setting or set it to a value of 0 to disable verbose logging or the log file may consume large amounts of disk space.

Linux

On Linux, edit the file "epssettings.xml" by following these steps:

  • Edit the XML configuration file epssettings.xml.

    Note: This file will not exist until after the endpoint service, idfEndpoint, has run, communicated with the console, and received an endpoint ID.
    /var/lib/.identityfinder/Application/{04964656e-7469-7479-2046-696e6465720}/epssettings.xml
  • Create the Category Endpoint Service and a setting named logLevel (case sensitive) of type Integer and Linux as shown highlighted below:
<Category Name="Endpoint Service">
      <Setting Multi="false" Name="logLevel" Type="Integer">
         <Value>4</Value>
<Platforms>
  <SettingPlatform Type="Linux"/>
</Platforms>
       </Setting>
     </Category>
  • Set the value to the desired level:
    • For informational messages, set the value to 1.
    • For debugging messages, set the value to 2.
    • For detailed trace messages, set the value to 3.
    • For all messages, set the value to 4.
  • Restart the endpoint service
    1. Start a Terminal session
    2. Log in as root or using sudo, restart idfEndpoint
      /sbin/service eps restart
    3. If successful the output resembles the following code:
      Shutting down Identity Finder Endpoint Service: [ OK ] Starting Identity Finder Endpoint Service : [ OK ]
    4. Optionally you may further validate the process is running:
      ps -ef |grep [i]dfEndpoint root 2241 1 0 07:17 ? 00:00:00 /usr/local/bin/identityfinder/idfEndpoint

Because there is no command console attached to the service, the messages are written to the endpoint service log which is named in the form:

  • EPS_yyyy_mm_dd_hh-mm-ss.log
    • For example: "EPS_2014-04-29_10-26-52.log"
  • Located as follows:
    • Version 11.4: /var/lib/.identityfinder/Application//{04964656e-7469-7479-2046-696e6465720\}/Logs/EPS
    • Version 11.3 and earlier: /var/lib/identityfinder/Logs/

Note: After obtaining the desired information and resolving the issue, it is critical to delete this setting or set it to a value of 0 to disable verbose logging or the log file may consume large amounts of disk space.

Via Console

Perform the following steps to diagnose further:

  1. Log in to the Console.
  2. Save the attached XML file to the local machine where you are logged into the Console.
  3. Select the affected Endpoints on the Console's Status screen.
  4. Right-click on the selected Endpoint/s and select Support Mode>Enable/Update.
  5. Select the saved XML file.
  6. Run the Search Task.
  7. Perform a Gather Data of the Endpoint from the Console in the context that the search was run (Local System or Local Logged on User) and attach the results to this ticket. The following linked article has the instructions:
    https://support.spirion.com/hc/en-us/articles/115000019152-Gathering-Diagnostic-Data#fromconsole

Spirion Support Portal Files

 The XML file here may be downloaded from the Spirion Support Portal (requires login):


Was this article helpful?

Powered by Product Fruits