Table of contents

Create a diagnostic package and logs

To diagnose an issue, your support provider may ask you to send a diagnostic package containing debug information for the agent.

Agent diagnostics

For an agent, you can create a diagnostic package using one of the following:

  • Workload Security
  • The CLI on a protected computer (if the Workload Security cannot reach the agent remotely).

For Linux-specific information on increasing or decreasing the anti-malware debug logging for the diagnostic package, see Increase debug logging for anti-malware in protected Linux instances.

Your support provider may also ask you collect the following:

  • A screenshot of Task Manager (Windows) or output from top (Linux) or prstat (Solaris) or topas (AIX)
  • Debug logs
  • Perfmon log (Windows) or Syslog
  • Memory dumps (Windows) or core dumps (Linux, Solaris, AIX)

Create an agent diagnostic package via Workload Security

Workload Security must be able to connect to an agent remotely to create a diagnostic package for it. If Workload Security cannot reach the agent remotely, or if the agent is using agent-initiated activation, you must create the diagnostic package directly from the agent.

You can create an agent diagnostic package as follows:

  1. In Workload Security, navigate to Computers.
  2. Double-click the name of the computer for which you want to generate the diagnostic package.
  3. Select Actions.
  4. Under Support, click Create Diagnostics Package.
  5. Click Next.

The package takes several minutes to create. After the package has been generated, a summary will be displayed and your browser will download a ZIP file containing the diagnostic package.

When System Information is selected, it might create a very large diagnostic package that could have a negative impact on performance. This field is greyed out if you are not a primary tenant or do not have the proper viewing rights.

Create an agent diagnostic package via CLI on a protected computer

On Linux, AIX, and Solaris, you can create an agent diagnostic package via CLI as follows:

  1. Connect to the server for which you want to generate the diagnostic package.
  2. Enter the following command: sudo /opt/ds_agent/dsa_control -d

The output shows the name and location of the diagnostic package: /var/opt/ds_agent/diag

On Windows, you can create an agent diagnostic package via CLI as follows:

  1. Connect to the computer for which you want to generate the diagnostic package.
  2. Open a command prompt as an administrator and enter the following command:
    • In PowerShell: & "\Program Files\Trend Micro\Deep Security Agent\dsa_control" -d
    • In cmd.exe: cd C:\Program Files\Trend Micro\Deep Security Agent dsa_control.cmd -d

The output shows the name and location of the diagnostic package: C:\ProgramData\Trend Micro\Deep Security Agent\diag

On macOS, you can create an agent diagnostic package via CLI as follows:

  1. Connect to the computer for which you want to generate the diagnostic package.
  2. Open the Terminal and enter the following command: sudo /Library/Application\ Support/com.trendmicro.DSAgent/dsa_control -d

The output shows the name and location of the diagnostic package : /tmp/Diagnostic/

Collect debug logs with DebugView

On Windows computers, you can collect debug logs using DebugView software, as follows:

  1. Download the DebugView utility.
  2. If self-protection is enabled, disable it.
  3. Stop the Trend Micro Deep Security Agent service.
  4. In the C:\Windows directory, create a plain text file named ds_agent.ini and add the following line to it: trace=*
  5. Launch DebugView.exe.
  6. Navigate to Menu > Capture.
  7. Enable the following settings:
    • Capture Win32
    • Capture Kernel
    • Capture Events
  8. Start the Trend Micro Deep Security Agent service.
  9. Export the information in DebugView to a CSV file.
  10. Re-enable self-protection if you disabled it at the beginning of this procedure.

On macOS computers, you can collect debug logs using Support Tool which is a build-in tool in macOS DSA:

  1. Open the Terminal and enter the following command to open the directory where the Support Tool is located: Terminal > open /Library/Application\ Support/com.trendmicro.DSAgent
  2. Double-click SupportTool to open the Deep Security Agent Diagnostic Tool dialog.
  3. Click Start Troubleshooting to start collecting logs.
  4. Repeat the steps that led to the issue you have encountered.
  5. In the Deep Security Agent Diagnostic Tool dialog, click Collect Data to generate debug logs.
  6. When you see the message notifying you that the troubleshooting log fine has been generated, click Open File Location to obtain the diagnostic package in the form of a ZIP file.

Only collect debug logs if your support provider asks for them. During debug logging, CPU usage increases and can potentially make high CPU usage issues worse.