View and Manage Logs

A log is an automatically generated, timestamped file that provides an audit trail for system events on Traps management service or the endpoint that the Traps agent monitors. Log entries contain artifacts, which are properties, activities, or behaviors associated with the logged event, such as the name of the endpoint and the action recorded.
Traps management service categorizes logs as follows:
  • Threat logs
    —Information about all security events logged by Traps, including malware and exploit preventions, post-detection events, and notifications related to restriction rules that occur on the endpoints in your organization. These logs are visible under
    Security
    Security Events
    .
  • Config logs
    —Audit logs recorded by Traps management service. These logs include policy events, such as changes to Security policy, exception management, and profile management. Audit logs also include other configuration changes, such as device management, distribution management, and system management. These logs are visible under
    Monitor
    Logs >
    Management Service Logs.
  • System logs
    —System logs contain data about the ongoing monitoring of Traps management service and agent events. This includes changes or updates to license management, agent registration, user authentication, agent connectivity status, agent upgrade, and agent protection status. System logs are often required for day-to-day operations and for support and troubleshooting activities. Traps management service system logs are visible under
    Monitor
    Logs >
    Management Service Logs and Traps agent system logs are visible under
    Monitor
    Logs >
    Endpoint Logs.
  • Analytics Logs
    —File execution logs that are reported on an hourly basis. Information derived from these logs is available under
    Security
    Files
    (see Investigate a File).
For more information, see the following topics:

Related Documentation