Azure ATP Sensor log empty when installed to non-default path

nomeara · ‎Jul 03 2019

During troubleshooting an Azure ATP Sensor install, I have been using the Microsoft.Tri.Sensor.log and Microsoft.Tri.Sensor-Errors.log files. To meet client standards, we reinstalled the sensor using the E: drive instead of the C: drive (only changing the drive letter, retaining the rest of the install path).

When the sensor was installed on E:, the Microsoft.Tri.Sensor.log and Microsoft.Tri.Sensor-Errors.log files never received any content. They stayed at 0 bytes, even while the service continuously restarted due to the error I am troubleshooting.

The Microsoft.Tri.Sensor.Updater.log and Microsoft.Tri.Sensor.Updater-Errors.log did contain data.

I resolved this issue by uninstalling the sensor and installing it to its default path on C:.

Needless to say, this would make troubleshooting very difficult.

The installed sensor version is 2.84.6918.53160

Eli Ofek · ‎Jul 04 2019

@nomeara Just to make sure we tried to repro the exact scenario in the lab, installing in E: as well.

everything worked fine.

Note that during deployment, the deployer will set permissions on the logs folder with write access to the service account..

Any chance you have some kind of hardening policy that reverts it? (happened before..)

Products (50)

Special Topics (27)

Video Hub (462)

Most Active Hubs

Most Active Hubs

Video Hub

Azure ATP Sensor log empty when installed to non-default path

Azure ATP Sensor log empty when installed to non-default path

Re: Azure ATP Sensor log empty when installed to non-default path