Log Files
Things do not always work the way they should. When that happens, uberAgent does not keep you in the dark. Its log files show you exactly what is going on.
Agent Log
Explanation
This is the log file of uberAgent’s main component, the system service/daemon.
Location
Windows
The agent log file uberAgent.log
is stored in the SYSTEM account’s Temp
directory, which typically resolves to C:\Windows\Temp
.
macOS
The default location for the uberAgent.log
file is /Library/Logs/uberAgent
.
Agent Configuration Log
Explanation
This is the log file of the system service/daemon`s configuration.
Location
Windows
The configuration log file uberAgentConfiguration.log
is stored in the SYSTEM account’s Temp
directory, which typically resolves to C:\Windows\Temp
.
macOS
The default location for the uberAgentConfiguration.log
file is /Library/Logs/uberAgent
.
In-Session Helper Log
Explanation
This is the log file of uberAgent’s in-session helper component which is used for collecting information from within user sessions.
Location
Windows
The in-session helper log file uAInSessionHelper.log
is stored in the SYSTEM account’s Temp
directory, which typically resolves to C:\Windows\Temp
.
macOS
The default location for the uAInSessionHelper.log
file is ~/Library/Logs/uberAgent
.
Chrome/Firefox Browser Extension In-Session Helper Log
Explanation
This is the log file of uberAgent’s in-session helper instances that are acting as communication gateways between the agent and the Chrome and Firefox browser extensions.
Location
Windows
The Chrome/Firefox extension in-session helper log file uAInSessionHelper.log
is stored in the user account’s Temp
directory, which typically resolves to C:\Users\USERNAME\AppData\Local\Temp
.
macOS
The default location for the uAInSessionHelper.log
file is ~/Library/Logs/uberAgent
.
IE Browser Add-on Log
Explanation
This is the log file of uberAgent’s Internet Explorer add-on.
Location
The IE add-on’s log file uberAgentIEExtension.log
is stored in the user account’s low-integrity Temp
directory, which typically resolves to C:\Users\USERNAME\AppData\Local\Temp\Low
.
If Enhanced Protection Mode is enabled and OS is Windows 8 (or newer), the IE add-on’s log file is stored in C:\Users\USERNAME\AppData\Local\Packages\windows_ie_ac_001\AC\Temp
. For Windows 7 the log files’ location is the same as described in the previous paragraph.
Sandbox Log
Explanation
This is the log file of uberAgent’s XPC Service that wraps potentially unsafe API calls.
Location
macOS
The default location for the uberAgentSandbox.log
file is /Library/Logs/uberAgent
.
More Information
Enabling Debug Mode
Unless debug mode is enabled uberAgent logs only important events like errors. To enable debug mode make sure the following settings are present in the configuration:
[Miscellaneous]
debugMode = true
File Size and Log Rotation
When the size of the log file grows to 10 MB uberAgent archives it. This is done by appending the current timestamp to the filename and starting a new empty log file. uberAgent keeps the four newest archive files. When four archive files are present and a fifth file is archived the oldest archive file is deleted. This log rotation mechanism guarantees that the total log file size never exceeds 50 MB.
The number of log files to keep around can be changed via the configuration parameter LogFileCount
.
Log Format
Log file entries always have the same structure, explained in the following table:
Timestamp | Severity | Domain | Thread Owner | Thread ID | Source | Message |
---|---|---|---|---|---|---|
Timestamp in the machine’s time zone | Possible entries: DEBUG, INFO, WARN, ERROR |
The computer’s Active Directory domain | Windows: the name of the computer account macOS: the user root |
The ID of the thread that logged the message | Message source. For example LicenseCheck or ReceiverStatistics | Actual message to be logged |
Here is an example:
2018-10-04 11:19:51.076 +0100,INFO ,VASTLIMITS,PC1$,4432,ReceiverStatistics,Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0
Timestamp = 2018-10-04 11:19:51.076 +0100
Severity = INFO
Domain = VASTLIMITS
Machine = PC1
Thread ID = 4432
Source = ReceiverStatistics
Message = Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0
Notepad++ Syntax Highlighter
Even though we take great care to optimize the log for readability it is sometimes hard to find the needle in the haystack. That is why we created an uberAgent log syntax highlighter for Notepad++. It highlights the key information, making it easier to find what you are searching for.
Splunk It!
As text-based log files, uberAgent’s logs are ideal candidates for processing by Splunk. We have built the uberAgent Log Collector specifically for that purpose.