Chapter 5. Monitoring and Logging

This chapter describes how you can monitor your system by using the logs that are present in the Agent. It begins with an overview of logs, their types, and the tasks you can do with logs, such as back tracing logged events.

The Agent’s logs are an important method for tracking your device’s activity and interaction with other devices and networks. The logs record information about the Agent’s status and about traffic attempting to enter or exit your device through your network connection.

There are four separate logs that monitor different aspects of your network connection. These logs tell you when your device has been blocked from the network and to some extent why. They are particularly useful in detecting potentially threatening activity, such as port scanning, that is aimed at your device. They also help you troubleshoot connectivity problems or possible network attacks.

The Agent’s logs can also do back tracing, which enables you to use ICMP to determine all the hops between your device and an intruder on another computer.

Types of Logs

On the Agent, you can view four types of logs:

Security—Records potentially threatening activity directed towards your device, DoS attacks, port scans, executable file alterations, and Trojan horse attacks.

Traffic—Records every connection your device makes through the network.

Packet—Captures every packet of data that enters or leaves a port on your device.

System—Records all operational changes for the Agent, such as the starting and stopping of services, detection of network applications, software configuration modifications, and software execution errors.

27