Log Management
Overview
Logging provides a detailed account of all significant user and system events. You can either work with a centralized overview of events in the folder view, or use the User Activity Log and the Asset Activity Log pages for specialized logs.
Folder View
The folder view is split into two sections:
- The top half shows the content of the folder you are currently in, or information about a selected agent.
- The bottom half contains the Events table, where you can review logs for the current folder, as well as subfolders and included items.
Events
The Events table contains both user and asset activity logs. Items are displayed in chronological order, with the newest events at the top by default. Scroll down to load additional events.
You can refresh the table to view the latest entries.
The table contains information organized in the following columns:
- Time: The exact timestamp when the event occurred
- Type: The nature of the event (for example, Session Started, Agent Registered)
- Target: The machine associated with the action
- User: The username or user ID associated with the action
- Description: A simple explanation of what occurred (for example, Access to "Desktop ("ExamplePC\ExampleUser") started)
Filter Panel
Clicking the filter icon (orange funnel) opens an advanced filtering window, allowing you to narrow down the logs. You can filter by:
- Date (from / to): Set a date range to view logs within a specific time window.
- User: Filter logs by a specific user.
- Minimum log level: Filter based on the severity or importance of events.
- Log type: Focus on specific event categories.
Clicking Apply confirms and applies the filters and Close cancels the filter panel without applying changes.
Log Details
Clicking any log entry opens a detailed view in JSON format. This is useful for support or advanced debugging.
Some example fields include:
- source_entity: User or system entity that performed the action.
- type: Event type such as "users.actions.login".
- timestamp_ms / written_timestamp: Millisecond precision timestamps.
- user_name / login / directory_name: Contextual metadata about the event.
- log_entry_id: Unique identifier for the event.
This detailed view helps correlate backend IDs with user-friendly names, folders, and event metadata.
Best Practices
- Regularly review logs for unauthorized access attempts or unexpected activity.
- Use filters when auditing specific users or dates.
- Use the log details view for compliance reporting or technical audits.