The Log File

Things do not always work the way they should. When that happens, uberAgent for Splunk does not keep you in the dark. Its log file shows you exactly what is going on.

uberAgent.log

Location

The log file uberAgent.log is stored in the Temp directory. Since uberAgent is typically run from the local system account %TEMP% resolves to C:\Windows\Temp.

Enabling Debug Mode

Unless debug mode is enabled uberAgent logs only important events like errors. To enable debug mode make sure the following lines are present in the configuration file uberAgent.conf:

[Miscellaneous]
debugMode = true

File Size and Log Rotation

When the size of the log file grows to 10 MB uberAgent archives it. This is done by appending the current timestamp to the filename and starting a new empty log file. uberAgent keeps the four newest archive files. When four archive files are present and a fifth file is archived the oldest archive file is deleted. This log rotation mechanism guarantees that the total log file size never exceeds 50 MB.

The number of log files to keep around can be changed via the configuration parameter LogFileCount.

Splunk It!

Being a text-based log file uberAgent is an ideal candidate for processing by Splunk. We have built the uberAgent Log Collector specifically for that purpose.

Content

The get an idea of the log file format take a look at this excerpt:

2014-09-15 17:31:29.879 +0200,INFO ,HK,PC19$,9184,InitializeLogFile,======================================================================================
2014-09-15 17:31:29.880 +0200,INFO ,HK,PC19$,9184,InitializeLogFile,Starting uberAgent.exe (2.0.0.597; 2014-09-15 17:27:46.000 +0200) on PC19
2014-09-15 17:31:29.880 +0200,INFO ,HK,PC19$,9184,InitializeLogFile,======================================================================================
2014-09-15 17:31:29.896 +0200,INFO ,HK,PC19$,8428,ServiceMain,Running as a service
2014-09-15 17:31:29.900 +0200,INFO ,HK,PC19$,8428,DetermineValues,Determined OS version: Windows 8.1 Pro, 6.3, 9600, 9600.17085.amd64fre.winblue_gdr.140330-1035
2014-09-15 17:31:29.905 +0200,INFO ,HK,PC19$,8428,DetermineValues,Determined Active Setup files: , , , , , 
2014-09-15 17:31:29.909 +0200,INFO ,HK,PC19$,8428,DetermineValues,Determined AppSetup files: <>
2014-09-15 17:31:29.914 +0200,INFO ,HK,PC19$,8428,GetComputerStartupTime,Determined computer startup time: 2014-09-12 22:03:58.866
2014-09-15 17:31:29.918 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Reading config file 
2014-09-15 17:31:29.923 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: debugMode = true
2014-09-15 17:31:29.927 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: receiver type = 
2014-09-15 17:31:29.932 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: receiver protocol = 
2014-09-15 17:31:29.936 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: receiver server = 
2014-09-15 17:31:29.941 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: LogonDetail = enabled
2014-09-15 17:31:29.945 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: BootDetail = enabled
2014-09-15 17:31:29.949 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: ShutdownDetail = enabled
2014-09-15 17:31:29.954 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: StandbyDetail = enabled
2014-09-15 17:31:29.958 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: ProcessStartup = enabled
2014-09-15 17:31:29.959 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.967 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer name = 
2014-09-15 17:31:29.972 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer comment = 
2014-09-15 17:31:29.976 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: interval = <30000>
2014-09-15 17:31:29.981 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.985 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.989 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.992 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.995 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:29.997 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.000 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.002 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.005 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer name = 
2014-09-15 17:31:30.007 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer comment = 
2014-09-15 17:31:30.009 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: interval = <30000>
2014-09-15 17:31:30.012 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.014 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.017 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer name = 
2014-09-15 17:31:30.019 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: timer comment = 
2014-09-15 17:31:30.022 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Read value: interval = <30000>
2014-09-15 17:31:30.024 +0200,INFO ,HK,PC19$,8428,AddUaMetric,Read value: timer UA metric = 
2014-09-15 17:31:30.027 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Adding to application mapping table:  = [Windows OS]
2014-09-15 17:31:30.029 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Adding to application mapping table:  = [Windows OS]
2014-09-15 17:31:30.032 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Adding to application mapping table:  = [Windows OS]
2014-09-15 17:31:30.034 +0200,INFO ,HK,PC19$,8428,ReadConfigFile,Adding to application mapping table:  = [Windows OS]

Questions?

Do you have questions that were not answered here? Please ask us, we are happy to help!