About Logs and Log Types

Endpoint Application Control logs events related to applications, endpoints, policies, and servers.

To learn about tags applied to event logs, see About Event Log Tags.

Endpoint Application Control separates logs into log types based on the sources of events. Log content may be used to verify server performance or monitor incidents, or for forensics, auditing, and other purposes. Search the different log types on the Query Logs screen.

See Query Logs Screen.

Table 1. Log Type Content Examples

Log Type

Content Examples

Policy actions

  • Application allows and blocks

  • Endpoint names

  • Policy names

  • User names

Endpoint inventories

  • Application names

  • Endpoint names

  • Full paths

  • User names

  • Versions

Known applications

  • AIR Scores

  • Categories

  • Usage

  • Vendors

  • Versions

Administrator actions

  • Administrator names

  • Event groups

  • Messages

  • Severities

  • Time of events

Agent messages

  • Endpoint names

  • Event groups

  • Messages

  • Severities

  • Time of events

  • User names

Server messages

  • Event groups

  • Messages

  • Servers

  • Severities

  • Time of events