Many times, the best way to debug a technical problem with the Software Vulnerability Manager Agent scanners is to create a log file that shows what the Agent does and where it fails to submit the scans. The log file is the fastest way to diagnose and evaluate the Agent performance, and the issues that block it.
In the vast of cases, customers prefer to run the SVM Agent under the LocalSystem account as the recommended practice by Flexera goes. However, this makes it harder to debug the Agent manually using manual CMD commands, because as soon as the user opens CMD with their account, the Agent runs under their user's context, and not as it is installed under the LocalSystem account, therefore possibly yielding different test results as it would have generated if the test is ran under LocalSystem.
To go around this problem, you would enable logging for the SVM Agent without using the command line, by appending logging on the fly at the Agent configuration settings at the Windows registry.
Enabling logging for the Flexera SVM Agent service in the registry:
1) Open Regedit.
2) Navigate to "HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\Flexera Corporate Software Inspector Agent".
3) Modify the ImagePath value and append logging arguments at the very end of the line:
-d C:\ProgramData\svmscan.log -v -v
The value should look like:
"C:\Program Files (x86)\Flexera Software\Corporate Software Inspector Agent\csia.exe" --service-launch -d C:\svmscan.log -v -v
4) Restart the 'Flexera Corporate Software Inspector Agent' service.
As soon as you restart the 'Flexera Corporate Software Inspector Agent', the Agent should begin logging the data in the log file. You can confirm the success of the operation by verifying that the log file has been issued after restarting the service and that the Agent continuously writes log data in it.
Please note that the SVM Agent supports multiple verbose levels, depending on how much time you add "-v" at the end of the line. You should be very careful when enabling -v three times, as this maximum level of verbose logging can write so much information that it renders the data in the log unusable. Ideally, you would add level one (-v) or level 2 (-v -v) verbose, where level 2 is already a lot of logging.
- -v (Basic Log )
- -v -v (Level 2 - Debug log)
- -v -v -v (Level 3 - Verbose log).
The -d argument, the -v argument will make the log entries verbose to include more details. The C:\svmscan.log specifies the name of the log and where it shall be issued by the Agent.
After completing debugging the Agent and capturing enough data that can be used by Flexera Support (leave the Agent for at least 6-12 hours to perform connections on its own), you can disable logging.
Otherwise, it will keep writing in the file which may have performance and storage consequences.
The user running the SVM agent should have 'write' privileges to the directory where the log is being written. You can modify the path of your choosing but the only requirement is that the user running the agent should have write privileges. (By default the agent runs under Local System account which has privileges to ProgramData directory).