Configuring log management

The agent generates logs whenever user actions are blocked or when the agent conducts an audit. Depending on their severity, these logs can be sent to three different destinations. The various settings of this process can be defined in the configuration of agent groups. For further information, refer to the section Sending logs generated by agents.

In addition, for every security rule that you create, you can specify:

  • The severity of the logged events,
  • The destinations of these logs.

In any case, even if no destination has been configured for the logs in question, they can be found in the context details when an attack occurs. For further information on context analysis, refer to Understanding what makes up a context.