Latest Events

Events collected by the agent that meet the filtering requirements as per the audit configuration, will be displayed in the Latest Events window. This display is NOT a display from the text-based log file, but rather a temporary display from a shared memory connection between the Epilog web UI and the Epilog service. The Epilog remote control interface will begin with a clear event log, since filtered events are not written to a local disk during normal operations. This list will be empty if the agent has not yet found any matching events or if there has been a network problem and the agent has temporarily suspended event processing.

Info

The latest event will have the format <Date/Time> <System the event is generated on><Log Type><Strings>. The string is composed of the format <date file was updated><time file was updated><filename altered><affected string line(s)>.

Note

If caching is enabled, messages will be written to disk when the agent is stopped to prevent lost messages. This file is read into memory and removed as soon as the agent is restarted.

A key feature of the Epilog service is that events are not stored locally on the host (except for the log files being monitored by Epilog), but rather sent out over the network to one or more remote hosts, and a summary version of the events is displayed on the window.

Other useful information of the Latest Events Window is as follows:

new events will be displayed with an alarm bell icon next to it
displays the date and time of the last HeartBeat sent, if applicable
displays the status of the current network connection(s) to the log server
events are highlighted in the criticality level colour nominated in your objectives
restricted to a list of 20 entries and cannot be cleared, except by restarting the Epilog service
the window will automatically refresh every 30 seconds or when the Latest Events menu item is selected