4.3 Logging Agent Events

The Full Disk Encryption Agent logs information to the device’s local disk. The log files can be used in conjunction with Micro Focus Support to troubleshoot issues with Full Disk Encryption.

4.3.1 Log Files

The ZENworks Full Disk Encryption Agent consists of multiple processes and drivers, each of which performs specific functions related to policy handling and disk encryption. Four of these processes log activities to their own files:

  • Log_YYYYMMDD_HHMMSS_NNNN.txt: This log contains any Full Disk Encryption messages generated by the ZESService.exe process. This agent process performs the majority of activities for Full Disk Encryption.

  • Cmd_YYYYMMDD_HHMMSS_NNNN.txt: This log contains any Full Disk Encryption messages generated by the ZESCommand.exe process. This agent process executes agent commands (such as creating diagnostic packages) from a command line.

  • User_YYYYMMDD_HHMMSS_NNNN.txt: This log contains any Full Disk Encryption messages generated by the ZESUser.exe process. This agent process executes agent commands (such as creating diagnostic packages) through the user interface.

  • ZID_YYYYMMDD_HHMMSS_NNNN.txt: This log contains any Full Disk Encryption messages generated by the ZESZid.dll process. This agent process communicates policy data between the ZENworks Agent and the ZESService.exe process.

The log files are stored in the following hidden directory:

Windows 7/8/10: c:\ProgramData\Novell\ZES\Logs

Each process creates a new log file when the process starts or when the log file reaches approximately 1 MB. A maximum of 10 log files are kept for ZESService.exe, ZESCommand.exe, and ZESZid.dll, and a maximum of 50 log files are kept for ZESUser.exe.

The Full Disk Encryption Agent drivers also generate two log files: FDE.log and PBA.log. These logs are stored in the same directory as the process logs. These are low-level logs that provide information for Micro Focus Support if needed.

4.3.2 Accessing the Logging Settings

The ZESService.exe, ZESCommand.exe, ZESUser.exe, and ZESZid.dll processes are shared processes used by the ZENworks Full Disk Encryption Agent, the ZENworks Endpoint Security Agent, and the ZENworks Location Decider. Because of this, the logging settings are accessed through the ZENworks Endpoint Security Agent if it is enabled, or through the ZENworks Location Decider if the Endpoint Security Agent is not enabled.

  1. On the device, right-click the ZENworks icon in the notification area, and select Technician Application.

  2. Click Agent under the Status heading in the ZENworks Agent navigation menu.

  3. In the Agent Security Settings section, click Security Settings Details.

    If ZENworks Endpoint Security Management is enabled, the ZENworks Endpoint Security Agent dialog box is displayed. If it is not enabled, the ZENworks Location Decider dialog box is displayed.

  4. Click the Diagnostics button.

  5. Click Logging.

4.3.3 Changing the Logging Level

By default, the logging level is set to Warning. If necessary, you can change it to Debug, Informational, or Error to gather more or less information. For troubleshooting, you should set logging according to the directions of ZENworks Support and re-create the circumstances that led to the error to see if it can be repeated.

To change the logging level:

  1. Access the Logging dialog box. If you need instructions, see Accessing the Logging Settings.

  2. Change the Full Disk Encryption logging level as desired:

    Debug: Turns on every possible message and includes Informational, Warning, and Error messages.

    Informational: Records all events when they occur, such as when a network connection event begins and ends.

    Warning: Records errors that have occurred but are solvable and do not prevent the client from running.

    Error: Records errors that have occurred and prevent the client from running.

  3. If you want to save the settings as the default settings, select Save as Defaults. Otherwise, the settings are used only for the current session for each process (ZESCommand.exe, ZESService.exe, and ZESUser.exe).

    If you change settings, you can click Restore Defaults to reset them to the stored defaults.

  4. Click OK to exit the dialog box.

4.3.4 Viewing Log Files

  1. Access the Logging dialog box. If you need instructions, see Accessing the Logging Settings.

  2. Click one of the following buttons to display the log file you want:

    • View Service Log: This log contains any Full Disk Encryption messages generated by the ZESService.exe process. This agent process performs the majority of activaties for Full Disk Encryption.

    • View User Log: This log contains any Full Disk Encryption messages generated by the ZESUser.exe process. This agent process executes agent commands (such as creating diagnostic packages) through the user interface.

    • View Interface Log This log contains any Full Disk Encryption messages generated by the ZESZid.exe process. This agent process communicates policy data between the ZENworks Agent and the ZESService.exe process.

  3. When you are finished viewing log files, click OK to exit the dialog box.

4.3.5 Inserting a Comment in the Log Files

You can add your own comment to the Service (Log_*.txt) and User (User_*.txt) logs. The comment is inserted at the current line in both of the log files.

  1. Access the Logging dialog box. If you need instructions, see Accessing the Logging Settings.

  2. Click Add Comment to display the Comment dialog box.

  3. Type your comment, then click OK to add it to the log files.

  4. View the log files, or click OK to exit the Logging dialog box.

4.3.6 Deleting All Log Files

You can delete all log files from a managed device. The current log files and any saved log files are deleted.

  1. Access the Logging dialog box. If you need instructions, see Accessing the Logging Settings.

  2. Click Clear Log Files.

  3. Click OK to exit the dialog box.