3 Replies Latest reply on Sep 6, 2010 2:21 AM by StokeHead

    Understanding the Agent_<PCNAME>.log

      Hello,

       

      i´m quite new to the ePO Server and try to understand a few things. While testing with different tasks and policies the numerous log files McAfee creates are a great help to me. But while viewing the Agent_<PCNAME>.log some questions came to my mind. Especially few tasks are bothering me, its the following:

       

       

      2010-09-02 13:19:36     I     #1600     FrmSvc     User SID is S-1-5-18 and SessionID is 0

      2010-09-02 13:19:36     I     #1600     Sched      >>--CSchedule::GetTask

      2010-09-02 13:19:36     I     #1600     Sched      <<--CSchedule::GetTask

      2010-09-02 13:19:36     I     #1600     Sched      >>--CSchedule::GetTask

      2010-09-02 13:19:36     I     #1600     Sched      <<--CSchedule::GetTask

      2010-09-02 13:19:36     I     #1600     Sched      >>--CSchedule::GetTask

      2010-09-02 13:19:36     I     #1600     Sched      <<--CSchedule::GetTask

       

       

      This is just an example, sometimes the number after the # differs and sometimes there is a line like:

       

      2010-09-02 13:19:36     I     #2428    Sched      0 fields of the task 227 are updated successfully

      2010-09-02 13:19:36     I     #2428    Sched      RunatAnforcementEnabled not found in the task settings

       

       

      I understand that it has something to do with the tasks but i dont know what exactly. Especially the GetTask is comming up very often in one second. For me the FrmSvc seems to open a Session while using the Systemaccount, but maybe someone could explain to me what is happening here.

       

      Summary:

       

      1. What does the number after the # stand for? Is this some kind of ID? Some kind of counting? Is there any more Information about this?


      2. What das the "<<--CSchedule::GetTask"-line do, why is it comming up so often?

       

      3. Is there some kind of documentation i missed which describes what the other mentioned lines stand for?

       

      This log file was very helpfull for me while dealing with problems on the clients, but still i would like to know more about it. So i hope someone can help me here.

       

       

       

      Best Regards

      Marcel

        • 1. Re: Understanding the Agent_<PCNAME>.log

          "What does the number after the # stand for? Is this some kind of ID? Some kind of counting?"

           

          I always thought it was the process or thread ID but could be wrong...

           

           

          Message was edited by: robpow on 02/09/10 09:26:42 CDT
          1 of 1 people found this helpful
          • 2. Re: Understanding the Agent_<PCNAME>.log
            Attila Polinger

            Hi Marcel,

             

            I'm leaving the LogLevel on 8 for my McAfee Agent so for me a little bit more displayed between two such GetTask entries in the agent log:

            (see attached pic).

             

            To me it shows that the task settings are one by one enforced with the same method, now a task usually has many settings, if you can see your under Documents and Settings\All Users\Application Data\McAfee\Common Framework\Task - > in any .INI file.

            Whether all the settings are always enforced or not, I'm not sure. And if you have several tasks, the settings of them are all enforced making the entries of them in the agent log.

             

            I think the number after the # is some kind of a process thread id pertaining to the process and all modules that it invokes. for example if you select the first occurrence of any line that the Agent has initiated, then for some time, mabye until the particular action reaches the end, this id remains the same no matter what module name is written after it. This perhaps signifies that those modules were invoked by the Agent module (or any module that started the thread.

             

            Attila

            • 3. Re: Understanding the Agent_<PCNAME>.log

              Hello again,

               

              thanks the two of you. that was exactly the information i was looking for. I just didnt thought about increasing the Log-Level. With that additional Information it all makes more sense now.

              After investigating a few logs now im pretty sure youre right about the # too. Its always a different number so it cant stand in any relation with the ePO-Server directly.

              Anyways, thanks again for the great help. My main problem was the one with the GetTask-Line, this seems to b solved now.

               

              Best regards

              Marcel