Documentation

Contents
Contents
Contents
Contents

Log Files

Things do not always work the way they should. When that happens, uberAgent does not keep you in the dark. Its log files show you exactly what is going on.

Agent Log

Explanation

This is the log file of uberAgent’s main component, the system service.

Location

The agent log file uberAgent.log is stored in the SYSTEM account’s Temp directory, which typically resolves to C:\Windows\Temp.

In-Session Helper Log

Explanation

This is the log file of uberAgent’s in-session helper component which is used for collecting information from within user sessions.

Location

The in-session helper log file uAInSessionHelper.log is stored in the SYSTEM account’s Temp directory, which typically resolves to C:\Windows\Temp.

Chrome/Firefox Browser Extension In-Session Helper Log

Explanation

This is the log file of uberAgent’s in-session helper instances that are acting as communication gateways between the agent and the Chrome and Firefox browser extensions.

Location

The Chrome/Firefox extension in-session helper log file uAInSessionHelper.log is stored in the user account’s Temp directory, which typically resolves to C:\Users\USERNAME\AppData\Local\Temp.

IE Browser Add-on Log

Explanation

This is the log file of uberAgent’s Internet Explorer add-on.

Location

The IE add-on’s log file uberAgentIEExtension.log is stored in the user account’s low-integrity Temp directory, which typically resolves to C:\Users\USERNAME\AppData\Local\Temp\Low.

If Enhanced Protection Mode is enabled and OS is Windows 8 (or newer), the IE add-on’s log file is stored in C:\Users\USERNAME\AppData\Local\Packages\windows_ie_ac_001\AC\Temp
For Windows 7 the log files’ location is the same as described in the previous paragraph.

More Information

Enabling Debug Mode

Unless debug mode is enabled uberAgent logs only important events like errors. To enable debug mode make sure the following settings are present in the configuration:

[Miscellaneous]
debugMode = true

File Size and Log Rotation

When the size of the log file grows to 10 MB uberAgent archives it. This is done by appending the current timestamp to the filename and starting a new empty log file. uberAgent keeps the four newest archive files. When four archive files are present and a fifth file is archived the oldest archive file is deleted. This log rotation mechanism guarantees that the total log file size never exceeds 50 MB.

The number of log files to keep around can be changed via the configuration parameter LogFileCount.

Log Format

Log file entries always have the same structure, explained in the following table:

Timestamp Severity Domain Machine Thread ID Source Message
Timestamp in the machine’s time zone Possible entries:
DEBUG, INFO, WARN, ERROR
The computer’s Active Directory domain The name of the computer account The ID of the thread that logged the message Message source. For example LicenseCheck or ReceiverStatistics Actual message to be logged

Here is an example:

2018-10-04 11:19:51.076 +0100,INFO ,VASTLIMITS,PC1$,4432,ReceiverStatistics,Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Timestamp = 2018-10-04 11:19:51.076 +0100
Severity  = INFO
Domain    = VASTLIMITS
Machine   = PC1
Thread ID = 4432
Source    = ReceiverStatistics
Message   = Splunk; localhost:19500 - Events in queue: 11961, queue size: 3073.1 KB, sent: 0, added to queue: 361, rejected from queue: 0

Notepad++ Syntax Highlighter

Even though we take great care to optimize the log for readability it is sometimes hard to find the needle in the haystack. That is why we created an uberAgent log syntax highlighter for Notepad++. It highlights the key information, making it easier to find what you are searching for.

Splunk It!

As text-based log files, uberAgent’s logs are ideal candidates for processing by Splunk. We have built the uberAgent Log Collector specifically for that purpose.