Agent Logs

Display the agent logs.

Agent provides the following information:

• EPP agent logs
• Agent logs by license

Note

Select the log search period on the top-right - Last 1 hour, Last 3 hours, Last 4 hours, Last 12 hours or Customize. If you select Customize, click the calendar ( ) to select the date, and click the clock () to select the time. Select the period to Refresh the logs - Every 10 seconds, Every 30 seconds, Every 60 seconds or Every 90 seconds.

 To view the agent logs:

1. On top of the web page, click Logs.
2. Select the Logs > Agent tab.
3. From the log list, select the events to view. Enter a search keyword or specify the search period to view logs.

• Event: Select the log type to view.

EPPM Agent Events

Display the policy application result sent to the agent. Select EPPM Agent Events and enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department and Contents).

• Log Received: The time the server received the EPPM agent log.
• Log Created: The time the EPPM agent log was created.
• Agent ID: The agent ID.
• IP Address: The agent's IP address.
• Computer Name: The agent's computer name.
• Last Logged in User: The Windows account that last logged in to the agent computer.
• Department: The agent user's department.
• Contents: The log details. Ex.) The policy application command received.

Note

For more information on EPPM agent event logs and common columns, refer to EPPM Agent Events.

Task History

Display the Management Command logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Task and Error).

• Task: The task type. Ex.) Restart Agent, Distribute Policy
• Status: The task status. Ex.) Status, Pending, Succeeded, Failed, Completed (Succeeded), Completed (Failed)
• Error: The task error.

Software Asset Change History

Display the agent's software asset change history. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Software Name, Publisher, Version and File Size).

• Event Type: The software event - Add and Delete.
• Software Name: The software name. Ex.) AhnLab V3 Endpoint Security 9.0
• Publisher: The software published. Ex.) AhnLab, Inc.
• Version: The software version. Ex.) 1.0.0.1
• File Size: The software file size.

Hardware Asset Change History

Display the agent's hardware asset change history. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User and Contents).

• Event Type: The hardware event - Change and Add.
• Hardward Type: The hardware type - CPU, memory, BIOS, hard disk (HDD), display and network. Ex.) CPU
• Contents: The hardware change details. Ex) 3.40GHz

Malware Infection Information

Display the malware infection logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Malware Name, Infected File Path, Hash Value, Status, Owner, Accessed Computer and Infected Computer).

• Malware Name: The malware name. Ex.) Eicar
• Infected File Path: The infected file path. Ex.) C:\Temp\temp\eicar.com
• Hash Value: The malware's hash value.
• Status: The malware status - Detect and Repair.
• Scan Type: The malware scan type. Ex.) Real-time or Manual
• Owner: The owner of the infected file.
• Accessed Computer: The user that accessed the infected file.
• Infected Computer: The user that infected the file.

Scan/Real-time Scan

Display the scan and real-time scan logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Contents and Details).

• Details: The scan and real-time scan event details.

Internet Security

Display the personal firewall and network intrusion prevention logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Contents and Details).

• Contents: The internet security event.
• Details: The internet security event details.

V3 Update

Display the update logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Contents and Details).

• Contents: The update event.
• Details: The update event details.

Device Control

Display the V3 ES 9.0 device control logs. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Related Features and Contents).

• Related Features: The event's feature.
• Contents: The device control event.

EDR Agent Events

Display the EDR agent event. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department and Contents).

• Task: The EDR agent's task log Install, Delete, Update and Integrity Check.

EDR History

Display the EDR history. Enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User, Department, Process and Target).

• Type: Display the type - file, process, registry, system or network.
• Process: The details on the behavior process.
• File Name: The process name. Ex.) searchfilterhost.exe
• File Path: The process file path. Ex.) C:\Windows\system32\searchindexer.exe
• Hash Value: The file hash value. Hash value changes according to algorithm and is used to identify file.
• File Size (bytes): The file size.
• Target: The process target - file, process, registry, system or network.
• Host Address: The connected network's host address.
• IP Address: The connected network's IP address.
• URL: The connected network's URL.
• File Name: The process name. Place the mouse cursor on the file name to view the details on the process, The On-Demand Scan button will be activated. When you click On-Demand Scan, the message, "Do you want to send the On-demand Scan to the selected process?", will appear. Click Yes to send the On-Demand Scan command to the agent. The On-Demand Scan result is displayed on On-Demand Scan.
• File Path: The file path.
• Hash Value: The file hash value.
• File Size (bytes): The file size.
• Cmd line: The factor executed with the process. Ex.) "C:\Windows\system32\SearchFilterHost.exe" 0 748 752 760 8192 756 .
• Registry Key: The registry key. Ex.) [HKLM\SYSTEM\ControlSet001\Control\SESSION MANAGER]"SetupExecute"=""

• Contents: The EDR behavior process. Ex.) Created a process, downloaded a data file

Note

For more information on behavior detection, refer to Detection.

Search for Agent Logs

To search for agent logs:

1. On top of the web page, click Logs.
2. Select the Logs > Agent tab.
3. Select the event type and enter the keyword to search in the search conditions (Agent ID, IP Address, Computer Name, Last Logged in User and Department).

4. Click Search( ).
5. Specify the period to view the logs on the right.

6. Check the logs.

Note

Select the period to Refresh the logs - Every 10 seconds, Every 30 seconds, Every 60 seconds or Every 90 seconds.

Export

Save the logs as a file.

1. On top of the web page, click Logs.
2. Select the Logs > Agent tab.
3. Enter a search keyword or specify the search period to view logs.
4. Click Export to save the file in csv, xlsx or pdf format.

Remove Logs

To delete logs:

1. On top of the web page, click Logs.
2. Select the Logs > Agent tab.
3. Enter a search keyword or specify the search period to view logs to delete.
4. Click Remove Logs.

Reference

• Log Transfer
• Management Commands
• On-Demand Scan