Logging Settings
-
This area lets you specify how logs should be collected by the communication client (CC) and security client (XCS).
-
For example, you can choose max. log size, log format and location, and extended log options.
Configure 'Logging' settings
-
Click 'Assets' > 'Configuration Templates' > 'Profiles'
-
Open the Windows profile you want to work on
Click the 'Logging Settings' tab then 'Edit', if it has already been added to the profile
OR
Click 'Add Profile Section' > 'Logging Settings' if it hasn't yet been added
The settings screen contains two tabs:
-
Communication Client (CC) - Configure CC log collection settings
-
Xcitium Client - Security (XCS) - Configure XCS log collection settings
Form Element |
Description |
---|---|
Write to Local Log Database (Xcitium Format) |
The log is saved in native Xcitium format on the
local endpoint. You can select the events for which logs are collected and stored:
|
Write to Syslog Server |
CC logs are written to a remote syslog server. If enabled, specify the hostname/IP address and port of the server. |
Host * |
The host name or IP address of the syslog server. |
Port * |
The port number on the syslog server to which CC should forward the logs. |
Action when file log size reaches limit: |
Specify behavior when the log file reaches a certain size. |
Keep on updating it removing the oldest records |
When the max. log size is reached, CC will remove the oldest entries to make way for new entries. |
Move it to |
CC will save the log file to a specific folder when it reaches the maximum size. CC will then start a new log file. |
The path to the folder for old log files * |
If 'Move it to' is enabled, type a destination path for the log file. |
Crash dump collection |
Xcitium creates a dump file if the communication client crashes on an endpoint. The file contains details about the crash which can help our technicians diagnose and fix the issue. This file is automatically forwarded to Xcitium servers. If enabled, you can choose the log type:
No confidential or user data is included in either 'Full' or 'Mini' logs. (Default = Disabled) |
Form Element |
Description |
---|---|
Write to Local Log Database (Xcitium Format) |
The log is saved in native Xcitium format on
the local endpoint.
|
Write to Syslog Server |
Xcitium log events are written to a remote syslog server. If enabled you have to specify the hostname/IP address and port number settings for the server. |
Host * |
The host name or IP address of the syslog server. |
Port * |
The port number of the syslog server. |
Write to Log File (CEF Format) |
Logs are saved locally on the endpoint in Common Event Format (CEF) file format. If enabled, please specify the location of the CEF file. |
Path |
Enter the storage location path of the CEF file. |
Write to remote server (JSON format) |
Logs are saved in JavaScript Object Notation (JSON) format on a remote server. If enabled, please specify the hostname/IP address of the server, its connection port and the security token. |
Host * |
Enter the host name or IP address of the remote server. |
Port * |
Type the port number of the remote sever Xcitium to connect to. |
Token* |
Enter the security token to access the remote server. |
Log file size (MB) |
Specify the maximum limit for the size of the log file (Default = 100 MB). |
Action when file log size reaches limit: |
Specify behavior when the log file reaches a certain size. |
Keep on updating it removing the oldest records |
Once the log file reaches the maximum size, the file will be appended with the new log entries and the oldest entries will be deleted depending on the size of the new entries. |
Move it to |
Choose this option if you wish to move and save the log file when it reaches the maximum size. |
The path to the folder for old log files * |
If 'Move it to' is enabled, type a destination path for the log file. |
Send anonymous program statistics to Xcitium |
If enabled, select the types of statistics sent from the following options: |
Crash dumps |
XCS sends dump files to Xcitium if the
application crashes or there is a BSOD (blue screen of death) on
the endpoint. This is useful for analysis and troubleshooting. |
Telemetry Reports |
Will send to Xcitium a daily log about the files you scan with XCS. We use this data to improve Xcitium and XCS.
|
Fields marked * are mandatory.
-
Click the 'Save' button to apply your changes.
-
Click 'Delete' or 'Edit' to remove / edit the logging settings section. See 'Edit Configuration Profiles' for more details about editing the parameters