Monitoring SES Evolution agent activity

SES Evolution offers an accurate view of SES Evolution agent and console activity through various types of logs classified by severity.

Among other data, logs contain the time of an event, the agent on which it occurred, the identity of the process that performed the operation, and if operations are blocked, information about the block.

Agent logs can be read on the administration console and the agent’s interface. They can also be read on the Syslog server if you have configured one.

Depending on whether you want to make changes or only view the Agent logs panel, you must have the Agent logs-Modify or Agent logs-Display privilege.

You can configure the log levels that will be sent to the configure, agent and Syslog server. For further information, refer to the sections Sending logs generated by agents and Configuring log management.

The agent has a protection mechanism against log flooding.

When it detects a certain number of strictly identical or similar logs over a short period of time, it stops generating the following similar logs and counts them. In addition, it does not generate a context even if the security rule associated with the log is configured accordingly. However, the protections remain active and the other logs are still generated.

It then issues a specific log indicating the detection of the log flooding. When log generation falls below a certain threshold, it issues another log to signal the end of the generation of similar logs. Depending on the log display setting, these two logs can be displayed on the agent interface and in the administration console.

In the administration console, from the logs indicating the start and end of the log flooding, you can access the log that triggered the protection. If necessary, create an exception on this log or adapt your security policies to prevent the phenomenon from recurring. To create an exception, see Adding exceptions to logs.