How to Collect Logs for Dell Endpoint Security Suite Enterprise

1. Right-click the Windows start menu and then click Run.
   
2. In the Run UI, type regedit and then press CTRL+SHIFT+ENTER. This runs the Registry Editor as admin.
   
3. In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Dell\Dell Data Protection\.
4. Right-click the Dell Data Protection folder, select New, and then click DWORD (32-bit) Value.
   
   Note: If a DWORD named LogVerbosity exists, go to Step 6.
5. Name the DWORD LogVerbosity.
   
6. Double-click LogVerbosity.
7. Populate Value data with f and then press OK.
   

Run DiagnosticInfo to capture the logs. For more information, reference How to Collect Logs for Dell Data Security Using DiagnosticInfo.

1. From the Apple menu, click Go and then select Utilities.
   
2. In the Utilities menu, double-click Terminal.
   
3. In Terminal, type sudo nano /Library/Application\ Support/com.dell.csfagent/LocalMachine/software/dell/dell\ data\ protection/values.xml and then press Enter.
   
   Note: The path is case-sensitive.
4. Enter the credentials for an account with sudo rights and then press Enter.
   
5. Press the I key to edit.
   
6. Below the SupportUrl value string, type <value name="LogVerbosity" type="int">15</value>.
   
7. Press CTRL+X to exit.
   
8. Press the Y key to save.
   
9. Press Enter to save the name without changes.
   
10. Locate the Endpoint Security Suite Enterprise [VERSION].dmg.
11. In Terminal, type hdiutil attach –owners on /Users/test/Desktop/Endpoint\ Security\ Suite\ Enterprise-1.5.0.5-Release.dmg –shadow and then press Enter.
    
    Note: The example path may differ in your environment.
12. In Terminal, type cd /Volumes/Endpoint\ Security\ Suite\ Enterprise\ for\ Mac/Utilities/ and then press Enter.
    
13. In Terminal, type sudo ./DellCSFConfig.app/Contents/MacOS/DellCSFConfig –logverbosity 15 and then press Enter.
    
    Note: The example path may differ in your environment.
14. Enter the credentials for an account with sudo rights and then press Enter.
    

1. From the Apple menu, click Go and then select Utilities.
   
2. In the Utilities menu, double-click Terminal.
   
3. Type sudo sh. Do not press Enter.
   
4. Locate and then double-click the Endpoint Security Suite Enterprise [VERSION].dmg to extract the installer.
5. Double-click the Utilities folder.
   
6. Locate GetLogs.sh and go to Step 7. Getlogs.sh is a shell script that Dell Data Protection uses to gather Mac logging.
   
   Note: Use the version of getlogs.sh that is included with the product. Older versions of getlogs.sh may not gather all the required information.
7. Drag GetLogs.sh to the terminal window after sudo sh (Step 3) and then press Enter. This populates the location path for GetLogs.sh.
   
8. Enter the credentials for an account with sudo rights and then press Enter to run getlogs.sh.
   Note: It is common for Terminal to display Resource busy for several minutes as it gathers all the required information. If the encryption agent is not installed, you also see no Agent installed on system.
9. Once the shell script has completed, log output (DellLogs.zip) can be collected from Go and then Home.
   

1. Open Terminal.
   
2. In Terminal, type cd /usr/lib/dell/esse/ and then press Enter.
   
   Note:

   • The path is only present if Dell Endpoint Security Suite Enterprise for Linux is installed in the environment.
   • Commands are case-sensitive.
3. Type sudo ./CsfConfig -logverbosity 15 and then press Enter.
   
4. Enter the credentials for an account with sudo rights and then press Enter.
   

1. Open Terminal.
   
2. In Terminal, type sudo '/usr/lib/dell/esse/getlogs.sh' and then press Enter.
   
   Note:

   • The path is only present if Dell Endpoint Security Suite Enterprise for Linux is installed in the environment.
   • Commands are case-sensitive.
   • The example path may differ in your environment.
3. Enter the credentials for an account with sudo rights and then press Enter to run getlogs.sh.
   
   Note: In the example image, admin is an example account. The account will differ in your environment.
4. Once the log collection is complete, type sudo cp /root/DellLogs.tar.gz /home/admin/Desktop/DellLogs.tar.gz and then press Enter.
   
   Note: The example path may differ in your environment.

To successfully offload logs, Dell Endpoint Security Suite Enterprise for Linux requires:

• A third-party FTP (file transfer protocol) client
  • Examples of an FTP client include (but are not limited to):
    • Filezilla
    • WinSCP
    • CuteFTP
• A storage device

1. In the FTP client, log in with an FTP user to the endpoint with Dell Endpoint Security Suite Enterprise for Linux.
   
   Note:

   • Dell does not endorse or support any listed third-party product. The listed clients are meant to be examples of potential products a customer can use. Contact the product’s manufacturer for information about setup, configuration, and management.
   • Your FTP Client UI may differ from the screenshot examples.
   • The default port for the SFTP is 22. If the connection fails, ensure that firewalls are not blocking port 22.
2. Go to the captured log (/home/admin/Desktop/DellLogs.tar.gz) and then save the bundle locally.
   
   Note: File archival programs (such as WinZip, WinRAR, and 7Zip) can read the .tar log bundle.