Skip to end of metadata
Go to start of metadata

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 2 Current »

The agent can send out regular heartbeats, letting the collecting device know that the agent is working without having to make contact.  Agent logs are available which allow the agent to send status messages to the collection device, such as memory usage, service start and stop messages, and any errors or warnings triggered during operations. 

The parameters are discussed in detail below:

  • Agent Logging Options. Setting the type of log options will send the log to the destination server.  If the Path & Filename is set on the Destination Configuration page, then the logging information is also sent to that file. Select the type of agent logs required:
    • Fatal
    • Error
    • Warning
    • Info is the default setting, and relates to the running agent service including policy changes.  Displays or sends logs when:
      • agent service operations are made, including starting, stopping, web server started, memory usage and configuration fingerprints.
      • operating system parameters are modified, such as Writing AgentLog Registry, Writing Audit Policy Registry. 
      • attempts are made to make a change to the local security policy
      • attempts to access the agent web interface or write agent configuration changes.
    • Debug provides low level trace information used to debug the agent, and usually not required on a production machine.
    • Trace provides low level trace information useful to Snare Support to aid in technical investigation.  When output from administrative console, this is the -d9 flag.
  • Agent HeartBeat Frequency. The frequency in which notification is sent to the server on the state of the agent. The frequency can be in minutes, hours or days. By default the heartbeat frequency is disabled.  A custom setting may be set (1 - 65,535 minutes) by selecting Custom to enable the field.
  • Export HeartBeats to file?  Optional setting to export the heartbeats to a log file as well as to the server.  If this checkbox is selected, you will be required to set the path to the destination of the file in HeartBeats Export Path.
  • HeartBeats Export Path.  Set the destination path to where the heartbeats log will be exported to, for example /var/log/.  The filename is based on the agent service name and suffixed with HeartBeat and date in format YYYYMMDD i.e., Linux-heartbeat_20180508.log.  This filename can not be altered.
  • Disable License Pre-Expiry Heartbeats. Disables heartbeats related to upcoming license or support expiry. This is useful for scenarios where SAM issues the Agent's license for a short period of time, and close expiry heartbeats are not desirable. 

To save and set the changes to the above settings, and to ensure the audit daemon has received the new configuration perform the following:

  1. Click on Change Configuration to save any changes to the registry.
  2. Click on the Apply Configuration & Restart Service menu item.


Note

Heartbeat events will occur if the agent's license has expired, or if there is any fatal or critical operational error, regardless of your heartbeat settings.

  • No labels