System Log Files

This section lists all log files available in McAfee Network Security Manager that can be used for troubleshooting.

The log file contains all activities specific to its module. The size of each log file is smaller than 4 MB. To accommodate all logs when the log file reaches its maximum value, it automatically increments and the data from the current log file is moved to the incremented log file. Each log file can be incremented 13 times, and once all files are loaded, the data from the oldest log file is deleted. For instance, consider ems.log file reaches its maximum limit, then the file is automatically incremented to ems.log.1. The data from ems.log is moved to ems.log.1, and the new data into ems.log. This operation is executed incrementally in log files that are created further till the log files reach ems.log.13. This results in the latest logs available in ems.log and the oldest logs in ems.log.13.

For example, you choose to tune your database:

  1. Go to, Manager< Admin Domain Name >MaintenanceDatabase TuningTune Now.
  2. Click Start.

    Note: When the tuning is in progress, the message Database tuning has started. Please consult the Tuning Status page for details appears.
  3. Go to, Manager< Admin Domain Name >MaintenanceDatabase TuningTuning Status.

  4. To view and export logs related to database tuning operation, go to Manager< Admin Domain Name >TroubleshootingSystem Log.
  5. Select dbtuning.log from the drop-down list.
  6. Click Export.

The log file is copied to your system that contains all messages in the log from the start time of database tuning until the end.

For more information about system logs, see Management of System Information Logs.

Manager Modules Log Files Description
ACM sent.log Logs related to ACM server.
Alert Processing acltlv.log Logs related to firewall events that are forwarded from the Manager to the Sensor.
acm.log Logs related to alerts generated in Manager to know the alert rate.
akka_actors.log Logs alerts from the Sensor through alert processing module.
alertCounts.log Logs related to alert counts received from the Manager.
alertInstCounts.log Logs related to alert inserts.
alertL7Counts.log Logs related to processing of layer7 data.
alertpktcorrelation.log Logs related to alerts packets.
alert_process.log Logs related to the process of traffic detection/prevention at the Sensor level, and the alerts getting generated on Manager.
alertthrottling.log Logs related to alert traffic information from the Sensor to the Manager.
alertthrottled.log Logs related to alert traffic information for multiple attacks that are combined into a single event.
appatlv.log Logs related to application alert events.
aqcollector.log Logs related to alert queue collector.
aqcount.log Logs related to alert queues.
aquptprocessor.log Logs related to alert queue update events from the Sensor.
alt_chnl_event_cnt.log Logs related to alert channel information.
altupdatecount.log Log alerts related to update count of layer7, Endpoint Intelligence Agent, McAfee Logon Collector, etc.
atlv.log Logs byte data sent from the Sensor to the Manager.
bandwidth_savings.log Logs related to bandwidth traffic information for multiple attacks that are combined into a single event.
BulkFileTransfer.log Logs related to malware policies that are forwarded from the Sensor to the Manager.
bwatlv.log Logs related to bandwidth alert events that are forwarded from the Manager to the Sensor.
epo.log Logs related to ePO service post integration with the Manager.
insertActors.log Logs new alerts from the Sensor through alert processing module.
updateActors.log Logs the existing alerts from the Sensor through alert processing module.
wacm.log Logs related to Attack Log of the Central Manager.
vips.log Logs related to Virtual Machine and Intel Security Controller Manager.
Central Manager-Manager emssync.log Logs that are synched between Central Manager and the local Manager.
nacm.log Logs related to communication between the Manager and the Central Manager.
nscm.log Logs related to all activities within the Central Manager.
Cloud cim.log Logs related to cloud activity within the Manager.
cimweb.log Logs related to connections between the Manager, Controller, and Sensors.
Compiler compileroutput.log Logs related to signature set compilation by the Manager.
Dashboard tcc_debug.log Logs related to dashboard debug logs of the Manager.
tcc_query.log Log queries related to the Dashboard page of the Manager.
Database dbadmin.log Logs information related to the database admin tool activities such as alert archival, alert restore, database backup, database restore, database tuning, database purging, and password changes.
Note: It accumulates logs only when maintenance activities are carried out using database admin tool.
dbbackup.log Logs related to database backup files.
dbcheck.log Logs created while upgrading the Manager to check database availability or consistency.
dbconsistency.log Logs related to inconsistency during Manager upgrade.
dbtuning.log Logs related to database tuning.
pruning.log Logs related to deletion of alert data from MariaDB.
Device Management appviz.log Logs related to application visualization.
dpinfo_epo.log Logs information like the device type, operating system, and the source of the profile when the McAfee ePO is integrated with the Manager.
dpinfo_ips.log Logs information like the device type, operating system, and the source of the profile that is extracted from the IPS Sensor and is forwarded to the Manager.
dpinfo_ntba.log Logs information like the device type, operating system, and the source of the profile when the NTBA is integrated with the Manager.
emsKS, emsKS2048, emsKSStrong2048 Logs related to certificates imported from the Manager to the Sensor.
emsperfstats.log Logs related to performance statistics of a device that are attached to the Manager.
nbaalertquey.log Logs related to alerts of the NTBA Appliance.
perfmon.log Logs related to performance monitoring.
vmidcactivities.log Logs related to cache, resources, and database entries of virtualization.
Device Performance Monitoring pefrmonatlv.log Logs related to Sensor performance alerts.
High Risk Endpoints risk_score.log Logs related to high risk endpoints based on their risk score.
Installation Initdb.log Logs related to initialization of database after the installation of the Manager.
Java Virtual Machine crash.log Logs related to crash related activities that are created using Java virtual machine.
Malware malware.log Logs related to all malware activities.
Manager APIs sdkpayload.log Logs related to the request and responses with the payload of the Manager.
Manager Disaster Recovery mdr.log Logs related to the communication, synchronization, and switchover of the Manager Disaster Recovery pair.
Manager Memory emsmem.log Logs related to memory management in the Manager (Total memory, used memory, and free memory).
Manager Startup Checks checks.log Logs that are checked when the Manager is restarted manually.
McAfee Logon Collector Integration mlcSensor.log Logs related to MLC integration where the information of users, groups, etc. from the Active Directory is sent to the Manager.
McAfee Vulnerability Manager Integration mvm.log Logs related to McAfee Vulnerability Manager integration with the Manager.
relevance.log Logs related to alert relevancy post integration with the McAfee Vulnerability Manager.
NTBA Appliance ntba.log Logs related to the integration and communication between the Manager and NTBA.
nbaatlv.log Logs related to NTBA-Manager queries.
Overall Manager Logs and Console Logs ems.log All logs related to the Manager.
emsout.log Logs related to the console output of the Manager.
Packet Channel pkt_chnl_event_cnt.log Logs related to packet log channel events.
Policy ips_policy.log Logs related to the addition, modification, and deletion of IPS policy.
Quarantine hitask.log Logs related to the attack log of the quarantine module.
hostevent.log Logs related to the quarantine host events that are added, updated, and deleted.
host_isolation.log Logs all cache information of the quarantine host from the Sensor.
Report Generation reportgen.log Logs related to report generation.
Scheduler scheduler.log Logs related to schedulers running in the Manager.
Signature Set sigfile.log Logs related to signature file deploy/compilation activity.
sigset.log Logs related to signature set download from update server/local system.
Solr Database high_risk_solr.log Logs related to Solr based details in Threat Explorer about high risk threats.
initdbSolr Logs related to initialization activity occurring in Solr database.
solr.log Logs related to configuration and startup details of Solr database.
solr_nsm.log Logs the communication between the Solr database and the Manager.
SSL Decryption ssl_decryption.log Logs related to SSL key information.
Troubleshooting health_check.log Logs related to health checks of the Manager.
Watchdog watchdog.log Logs the unrecoverable failure that is detected in the Manager.