Sending logs generated by agents
- In the Status and logs tab of an agent group, go to the Logs section.
-
Choose the severity level above which logs will be sent to the following destinations:
- Show the agent in the Help and Support panel, Events tab of the agent interface,
- Show on console in the Environment > Agent logs panel on the administration console, i.e., stored in the log database.
For example, if you choose Informational for the agent, all logs can be viewed in the agent's interface, except for Debug logs.
Emergency and Alert logs will always be sent to all destinations. Logs that are not sent can never be read.
Note that only Alert and Emergency level logs that have led to a block are visible in the agent interface for a non-administrator user of his machine.
If you are validating new software, a new workstation etc., temporarily transmit the Information level logs. In the event of maintenance or troubleshooting, Diagnostic level logs will also be useful.
For more information on log severity levels, refer to the section Monitoring SES Evolution agent activity.
To refine this global action, you can define the logs to send for each security rule. For further information, refer to the section Configuring log management.
To configure the log transmission to Syslog servers, see Creating groups of agent handlers.
-
In the Log transmission frequency section, choose the maximum frequency (in seconds) with which the agent's logs will be sent to the agent handler:
- Urgent logs correspond to Emergency and Alert logs.
- Standard logs group all other levels.
This parameter allows you to manage bandwidth use. Urgent logs are sent every 30 seconds by default and standard logs are sent every hour (3600 seconds).
- Logs displayed on an agent are deleted from the disk by default based on the following criteria:
- When logs exceed 500 MB. In this case, the oldest logs will be deleted until they occupy less than 500 MB.
- When logs are more than 30 days old.
This duration can be modified in the Keep logs of less than field. If this option is fully disabled, only the file size criterion will apply.
- Choose whether you wish to Send the agent self-protection logs to the agent handler. These are logs collected from the various mechanisms that protect components essential to the integrity of the agent. When this parameter is disabled, self-protection logs will remain available on agents.