Security for Virtualized Environments (SVE) is the first comprehensive security solution for virtualized datacenters. SVE protects not only Windows servers and end-user systems, but also Linux and Solaris systems. Integrated with VMware vShield and VMware vCenter, its unique architecture also allows it to defend systems running on any system virtualization technology. When installed in VMware environments, SVE takes advantage of vShield Endpoint. However, SVE is not dependent on the virtualization technology; it protects environments that are powered by any virtualization technology.
For troubleshooting and maintainance situation, Bitdefender offers the option to enable full logging capabilities for Bitdefender VSM. To enable full logging, you will need to:
1. Connect to the Bitdefender VSM using SSH or vSphere Client console. The default credentials are "root" as username and "sve" as password.
Important: If you are connecting to the Bitdefender VSM using vSphere Client, press ALT+F2 in order to get the login screen.
2. Run the following commands in order to enable the full logging:
/opt/BitDefender/bin/bdsafe reg s /BDUX/VSMDaemon/VMOverrides/*/LogScannedFiles 1
/opt/BitDefender/bin/bdsafe logger file path "*.*" /opt/BitDefender/var/log/all.log
Important: A full and complete log can be found at /opt/BitDefender/var/log/all.log
3. Search the desired string thoughout the entire log (for e.g., explorer.exe):
grep explorer.exe /opt/BitDefender/var/log/all.log
Important: Please see the example below for a typical response to your query
"12/08/2011 12:19:05 BDVSMD SCANNING: ON OPEN: Scanning file \Device\HarddiskVolume1\WINDOWS\explorer.exe on machine 420edea6-471d-1c26-24f2-7f2010b1ef57 with policy '4ed62c76ac485a0e08000004'"
4. After you finish extracting the information from the log, it's highly recommended to disable full logging capabilities. In order to perform this action, you will need to run the following commands:
Note: If you need to troubleshoot any update, infection or error event, you can also check the following logs (enabled by default):