Deep Security 11 has reached end of support. Use the version selector (above) to see more recent versions of the Help Center.
Create a diagnostic package and logs
To diagnose an issue, your support provider may ask you to send a diagnostic package containing debug information for
Deep Security Manager diagnostics
Create a diagnostic package for Deep Security Manager
- Go to Administration > System Information.
-
Click Create Diagnostic Package.
The package will take several minutes to create. After the package has been generated, a summary will be displayed and your browser will download a ZIP file containing the diagnostic package.
Enable debug logs for Deep Security Manager
In addition to a diagnostic package, your support provider may ask you to enable diagnostic logging.
Don't enable diagnostic logging unless recommended by your support provider. Diagnostic logging can consume large amounts of disk space and increase CPU usage.
- Go to Administration > System Information.
-
Click Diagnostic Logging.
-
In the wizard that appears, select the options requested by your support provider.
While diagnostic logging is running, Deep Security Manager will display the message "Diagnostic Logging enabled" on the status bar. If you changed the default options, the status bar will display the message "Non default logging enabled" upon diagnostic logging completion.
- To find diagnostic logging files, go to the root directory of the Deep Security Manager, and look for file names with the pattern server#.log.
Deep Security Agent diagnostics
For an agent, you can create a diagnostic package either:
- via the Deep Security Manager
- using the CLI on a protected computer (if the Deep Security Manager cannot reach the agent remotely)
For Linux-specific information on increasing or decreasing the anti-malware debug logging for the diagnostic package, see Increase debug logging for anti-malware in protected Linux instances.
Your support provider may also ask you collect:
- a screenshot of Task Manager (Windows) or output from
top
(Linux) orprstat
(Solaris) ortopas
(AIX) - debug logs
- Perfmon log (Windows) or Syslog
- memory dumps (Windows) or core dumps (Linux, Solaris, AIX)
Create an agent diagnostic package via Deep Security Manager
Deep Security Manager must be able to connect to an agent remotely to create a diagnostic package for it. If the Deep Security Manager cannot reach the agent remotely, or if the agent is using agent-initiated activation, you must create the diagnostic package directly from the agent.
- Go to Computers .
- Double-click the name of the computer you want to generate the diagnostic package for.
- Select the Actions tab.
- Under Support, click Create Diagnostics Package.
-
Click Next.
The package will take several minutes to create. After the package has been generated, a summary will be displayed and your browser will download a ZIP file containing the diagnostic package.
When the System Information checkbox is selected, it might create a huge diagnostic package that could have a negative impact on performance. The checkbox is greyed out if you are not a primary tenant or do not have the proper viewing rights.
Create an agent diagnostic package via CLI on a protected computer
Linux
- Connect to the server that you want to generate the diagnostic package for.
- Enter the command:
sudo /opt/ds_agent/dsa_control -d
The output shows the name and location of the diagnostic package: /var/opt/ds_agent/diag
Windows
- Connect to the computer that you want to generate the diagnostic package for.
- Open a command prompt as an administrator.
- Enter these commands:
cd C:\Program Files\Trend Micro\Deep Security Agent
dsa_control.cmd -d
The output shows the name and location of the diagnostic package: C:\ProgramData\Trend Micro\Deep Security Agent\diag
Collect debug logs with DebugView
On Windows computers, you can collect debug logs using DebugView software.
Only collect debug logs if your support provider asks for them. During debug logging, CPU usage will increase, which will make high CPU usage issues worse.
- Download the DebugView utility.
- If self-protection is enabled, disable it.
- Stop the Trend Micro Deep Security Agent service.
- In the C:\Windows directory, create a plain text file named ds_agent.ini.
-
In the ds_agent.ini file, add this line:
trace=*
- Launch DebugView.exe.
- Go to Menu > Capture.
- Enable these settings:
- Capture Win32
- Capture Kernel
- Capture Events
- Start the Trend Micro Deep Security Agent service.
- Export the information in DebugView to a CSV file.
- Re-enable self-protection if you disabled it at the beginning of this procedure.