The agent can send out regular heartbeats, letting the collecting device know that the agent is working without having to make contact. Agent logs are available which allow the agent to send status messages to the collection device, such as memory usage, service start and stop messages, and any errors or warnings triggered during operations.
The parameters are discussed in detail below:
- Agent Logging Options. Setting the type of log options will send the log to the destination server. If the Path & Filename is set on the Destination Configuration page, then the logging information is also sent to that file. Select the type of agent logs required:
- Fatal
- Error
- Warning
- Info is the default setting, and relates to the running agent service including policy changes. Displays or sends logs when:
- agent service operations are made, including starting, stopping, web server started, memory usage and configuration fingerprints.
- operating system parameters are modified, such as Writing AgentLog Registry, Writing Audit Policy Registry.
- attempts are made to make a change to the local security policy
- attempts to access the agent web interface or write agent configuration changes.
- Debug provides low level trace information used to debug the agent, and usually not required on a production machine.
- Trace provides low level trace information useful to Snare Support to aid in technical investigation. When output from administrative console, this is the -d9 flag.
- Agent HeartBeat Frequency. The frequency in which notification is sent to the server on the state of the agent. The frequency can be in minutes, hours or days. By default the heartbeat frequency is disabled. A custom setting may be set (1 - 65,535 minutes) by selecting Custom to enable the field.
- Export HeartBeats to file? Optional setting to export the heartbeats to a log file as well as to the server. If this checkbox is selected, you will be required to set the path to the destination of the file in HeartBeats Export Path.
- HeartBeats Export Path. Set the destination path to where the heartbeats log will be exported to, for example
/var/log/
. The filename is based on the agent service name and suffixed with HeartBeat and date in format YYYYMMDD i.e., Linux-heartbeat_20180508.log. This filename can not be altered.
To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:
- Click on Change Configuration to save any changes to the registry.
- Click on the Apply Configuration & Restart Service menu item.
Note
Heartbeat events will occur if the agent's license is to expire, or has expired, or if there is any fatal or critical operational error, regardless of your heartbeat settings.