Querying Agent Event Logs Parent topic

Querying refines the list of displayed agent event logs.

Procedure

  1. Go to LogsAgent Events in the navigation at the top of the web console.
    The Agent Events screen appears.
  2. Click the drop-down list under Agent Events.
    A list of criteria to search by appears.
  3. Select the type of criteria to search by.
    Appropriate search fields appear for the selected criteria.
  4. Follow the appropriate steps depending on the selected criteria:
    Option Description
    All Events
    Displays all events logged by agents
    Time Period
    Do one of the following:
    • Select a listed time range.
    • Specify a custom time range.
      1. Go to Custom in the list.
      2. Specify your custom time range.
      3. Click Search.
    Level
    Select an event level.
    Source
    Select an event source.
    Event
    Select a specific event.
    Endpoint
    Type the beginning or all of an endpoint host name and click Search.
    Tags
    Type all or part of the tag and click Search.
    IP Address
    Type the IPv4 address and click Search.
    IP Range
    Type the IPv4 address range and click Search.
    Blocked File Name
    Type all or part of a file name and click Search.
    Blocked File Hash
    Type a file hash and click Search.
    Marked
    Select Open or Closed.
    Integrity Monitoring
    1. Select one of the following:
      • File or folder
      • Registry key or value
    2. Type the search criteria and click Search.
    Your search results appear in the list of events.
Related information