cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Highlighted
Level 9
Report Inappropriate Content
Message 1 of 4

VSEL 2.0.3 On-Access Scanner log location

Jump to solution

Is there a temporary log file that the On-Access Scanner logs to?

Or do you have to enable the nailswebd GUI and browse to the device to watch what it is scanning?

I'm asking because I have admins that disable nails when their CPU goes up due to scanner processes doing OAS stuff, and they ask me to figure out why the CPU is going up without being able to re-enable the service.

I can't find this in documentation anywhere.

Thanks,

George

1 Solution

Accepted Solutions
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: VSEL 2.0.3 On-Access Scanner log location

Jump to solution

to see what is being scanned in real time does require viewing the information in the webui.  however, if you enable general and syslog logging and set the option to write entries to the syslog then vsel will create a record of every file being sent for scanning.  

 

in epo open:
VirusScan Enterprise for Linux 1.9.2 / 2.0.3:VirusScan Enterprise for Linux 2.0.3.0 > General Policies > My Default  (or the policy assigned to the machines)

in the Troubleshooting tab  

set value to high for the below settings and check the box for log to syslog

Logging detail level: High
Additionally log to SYSLOG:   check this box

Detail level for SYSLOG High
Limit age of log entries:
Maximum age of log entries (days)

 

on the local machine the entries will get written to the messages log or syslog depending on the distro being used.

here is an example of what is written and how it displays the file being scanned.

Jul 12 03:46:25 servername nailsd[13992]: 45: ScanManager::scanResponse status=1 engine_error=0(Unknown) scan_error=0(Unknown) iocount=6, cpu=12998, cleanable=0, nv=0 first=- -(0) -(0) -(0) -(0) /var/opt/BESClient/__BESData/CustomSite_Q001-2dC-2dGv4-2e1-2dLNX/Fixlet 671471.fxf
 
from that information you can see if there are folder exclusions that may need to be added that will help reduce the cpu usage.

View solution in original post

3 Replies
Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 2 of 4

Re: VSEL 2.0.3 On-Access Scanner log location

Jump to solution

Hello @SypsG 

Thanks for your post.

Please refer the below KB article:

https://kc.mcafee.com/corporate/index?id=KB73316&page=content

Was my reply helpful?
If this information was helpful in any way or answered your question, will you please select Accept as Solution in my reply and together we can help other members?

 

Highlighted
McAfee Employee
McAfee Employee
Report Inappropriate Content
Message 3 of 4

Re: VSEL 2.0.3 On-Access Scanner log location

Jump to solution

to see what is being scanned in real time does require viewing the information in the webui.  however, if you enable general and syslog logging and set the option to write entries to the syslog then vsel will create a record of every file being sent for scanning.  

 

in epo open:
VirusScan Enterprise for Linux 1.9.2 / 2.0.3:VirusScan Enterprise for Linux 2.0.3.0 > General Policies > My Default  (or the policy assigned to the machines)

in the Troubleshooting tab  

set value to high for the below settings and check the box for log to syslog

Logging detail level: High
Additionally log to SYSLOG:   check this box

Detail level for SYSLOG High
Limit age of log entries:
Maximum age of log entries (days)

 

on the local machine the entries will get written to the messages log or syslog depending on the distro being used.

here is an example of what is written and how it displays the file being scanned.

Jul 12 03:46:25 servername nailsd[13992]: 45: ScanManager::scanResponse status=1 engine_error=0(Unknown) scan_error=0(Unknown) iocount=6, cpu=12998, cleanable=0, nv=0 first=- -(0) -(0) -(0) -(0) /var/opt/BESClient/__BESData/CustomSite_Q001-2dC-2dGv4-2e1-2dLNX/Fixlet 671471.fxf
 
from that information you can see if there are folder exclusions that may need to be added that will help reduce the cpu usage.

View solution in original post

Highlighted
Level 9
Report Inappropriate Content
Message 4 of 4

Re: VSEL 2.0.3 On-Access Scanner log location

Jump to solution

Thank you, but do you also know where the nails logs are? For example, I want to know why all my scanner processes are starting as root and crashing the system, instead of the parent starting as root and the children starting as mfe.

This happens on many of our devices:

(nailsd,14428) T0 Failed to create scanning factory reason=ProcessDied(8) path=/opt/NAI/LinuxShield/libexec/scanner, engine=/opt/NAI/LinuxShield/engine/lib/liblnxfv.so, dats=/opt/NAI/LinuxShield/engine/dat

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community