Sending logs generated by agents

  1. In an agent group’s Status and logs tab, go to the Logs section.
  2. Choose the severity level above which logs will be sent to the following destinations:

    • Show on agent in the Help and support panel, under the Events tab of the agent's interface,
    • Show on console in the Environment > Agent logs panel on the administration console, i.e., stored in the log database.

    For example, if you choose Informational for the agent, all logs can be viewed in the agent's interface, except for Debug logs.

    Emergency and Alert logs will always be sent to all destinations. Logs that are not sent can never be read.

    If you are validating new software, a new workstation, etc., send Informational logs temporarily. During maintenance or troubleshooting, Debug logs will also come in useful.

    For more information on log severity levels, refer to the section Monitoring SES Evolution agent activity.

    To refine this global action, you can define the logs to send for each security rule. For further information, refer to the section Configuring log management.

    To configure how logs are sent to syslog servers, refer to the section Creating groups of agent handlers.

  3.  

  4. In the Log transmission frequency section, choose the maximum frequency (in seconds) with which the agent's logs will be sent to the agent handler:

    • Urgent logs correspond to Emergency and Alert logs.
    • Standard logs group all other levels.

    This parameter allows you to manage bandwidth use. Urgent logs are sent every 30 seconds by default and standard logs are sent every hour (3600 seconds).

  5. Logs displayed on an agent are deleted from the disk by default based on the following criteria:
    • When logs exceed 500 MB. In this case, the oldest logs will be deleted until they occupy less than 500 MB.
    • When logs are older than 30 days.
      This duration can be modified in the field Keep logs of less than. If this option is fully disabled, only the file size criterion will apply.
  6. Specify whether to Upload self-protection logs from agents to the agent handler. These are logs collected from the various mechanisms that protect components essential to the integrity of the agent. When this parameter is disabled, self-protection logs will remain available on agents.