Operation logging EtherSensor Agent

<< Click to Display Table of Contents >>

Navigation:  Sensor Settings > EtherSensor Agent > Working with the Agent >

Operation logging EtherSensor Agent

EtherSensor Agent logs its activity to the [INSTALLDIR]\log directory in the following files:

The svcagent.log file stores information about the main actions performed by the EtherSensor Agent service.

The ethersensor_agent.exe.log file stores information about the events generated inside the EtherSensor Agent logging service.

The processinfo.log file stored information about the current processes tracked by EtherSensor Agent.

Log files (svcagent.log, ethersensor_agent.exe.log) are XML files with the following contents:

<Message time="2012-03-23T17:47:48.148+04:00" level="information">
 <Client channelname="MICROOLAPAGENT"
         processname="ethersensor_agent.exe"
         modulename="ethersensor_agent.exe" />
 <Text>Start of the application.</Text>
</Message>

Message tag

Is the root tag of the message saved to a log file. The time attribute stores the message sending time, the level attribute defines the message sending priority (e.g. information for an information message, error for an error message).

Client tag

This tag describes the message sender. It has the following attributes: channelname - name of the message channel, processname - name of the sender process, modulename - name of the module within the process which created the message.

Text tag

Message text.

The processinfo.log file is an XML file with the following contents:

<?xml version="1.0" encoding="UTF-8"?>
<Processes>
 
 <Process pid="4136" name="chrome.exe">
   <User uuid="32014294-5bbf-11e1-b8f5-005056c00808"
         name="Home-PC\Home"/>
   <Sessions local="0" remote="311"/>
 </Process>
 
 <Process pid="636" name="svchost.exe">
   <User uuid="3a45de5b-5be6-11e1-b8f5-005056c00808"
         name="HOME\HOME-PC$"/>
   <Sessions local="0" remote="3"/>
 </Process>
 
 <Process pid="948" name="firefox.exe">
   <User uuid="32014294-5bbf-11e1-b8f5-005056c00808"
         name="Home-PC\Home"/>
   <Sessions local="2" remote="741"/>
 </Process>
 
 <Process pid="1584" name="googletalk.exe">
   <User uuid="32014294-5bbf-11e1-b8f5-005056c00808"
         name="Home-PC\Home"/>
   <Sessions local="0" remote="89"/>
 </Process>
 
 <Process pid="2860" name="uTorrent.exe">
   <User uuid="32014294-5bbf-11e1-b8f5-005056c00808"
         name="Home-PC\Home"/>
   <Sessions local="100" remote="27084"/>
 </Process>
 
 <Process pid="3076" name="vmware.exe">
   <User uuid="32014294-5bbf-11e1-b8f5-005056c00808"
         name="Home-PC\Home"/>
   <Sessions local="4" remote="1"/>
 </Process>
 
 <Process pid="3908" name="NisSrv.exe">
   <User uuid="fb91c5e7-5eec-11e1-b226-005056c00808"
         name="NT AUTHORITY\LOCAL SERVICE"/>
   <Sessions local="0" remote="1"/>
 </Process>
</Processes>

Processes tag

Is the main tag of the displayed list of tracked processes.

Process tag

The Process tag is nested within the Processes tag. This tag describes the tracked process. It has the following attributes: pid - process ID in the execution environment, name - name of the tracked process.

User tag

The User tag is nested within the Process tag. This tag describes the local system user the credentials of which are used to run the tracked process. It has the following attributes: uuid - user ID, name - user name.

Sessions tag

The Sessions tag is nested within the Process tag. This tag describes tracked connections of the process. It has the following attributes: local - the number of local connections within the process or with other processes, remote - the number of remote connections made by this process.