understand_logs

Using Logs

Although Control Manager receives data from various log types, Control Manager allows users to query the log data directly from the Control Manager database. Users can then specify filtering criteria to gather only the data they need.

Control Manager also introduces log aggregation. Log aggregation can improve query performance and reduce the network bandwidth managed products require when sending logs to Control Manager. However, this comes at a cost of lost data through aggregation. Control Manager cannot query data that does not exist in the Control Manager database.

Understanding Control Manager Generated Logs

The Control Manager logs are separated into: License and Control Manager Information.

Control Manager Logs

Category Log

Description

License Information

These logs record license information for Control Manager and managed products registered to the Control Manager server.

Product License Status
Product License Information Summary
Detailed Product License Information

Control Manager Information

These logs record user actions and product events.

User Access Information
Control Manager Event Information
Command Tracking Information
Detailed Command Tracking Information

Understanding Managed Product Logs

Managed product logs contain information about the performance of your managed products. You can obtain information for specific products or groups of products administered by the parent or child server. With Control Manager’s data query on logs and data filtering capabilities, administrators can focus on the information they need.

Managed products generate different kinds of logs depending on their function.

Managed Product Logs

Log Category

Description

Product Information

Product information logs provide information on subjects ranging from user access and events on managed products to component deployment and update status.

Managed Product Information
Component Information

Security Threat Information

Security threat logs provide information on known and potential security threats detected on your network.

Virus/Malware Information
Spyware/Grayware Information
Content Violation Information
Spam Violation Information
Policy/Rule Violation Information
Web Violation/Reputation Information
Suspicious Threat Information
Overall Threat Information

More logs mean abundant information about the Control Manager network. However, these logs occupy disk space. You must balance the need for information with your available system resources.