5 Monitoring and logging
This chapter includes the following topics:
●
About logs on page 15
●
Viewing logs on page 19
●
Back tracing logged events on page 20
●
Exporting logs on page 21
●
Filtering logged events on page 21
●
Stopping an active response on page 22
About logs
The agent’s logs are an important method for tracking your endpoint’s activity and its interaction with
other endpoints and networks. The logs record information about the agent’s status and about the traffic
that tries to enter or exit your endpoint through your network connection.
The agent’s logs perform the following tasks:
●
Record information about the agent’s status and about the traffic that tries to enter or exit your
endpoint through your network connection.
●
Track your endpoint’s activity and interaction with other endpoints and networks.
●
Detect potentially threatening activity, such as port scanning.
●
Help you troubleshoot connectivity problems or possible network attacks.
●
Record the results of the management policies that are applied to your endpoint.
The agent includes the following types of logs:
Security Records potentially threatening activity that is directed towards your endpoint, denial-of-service
attacks, port scans, executable file alterations, and Trojan horse attacks.
Traffic Records every connection your endpoint makes through the network.
Packet Captures every packet of data that enters or leaves a port on your endpoint.
System Records all operational changes for the agent, such as starting and stopping services, detecting
network applications, and configuring software.
About logs 15
