Home    SecuLution Dokumentation back next
Welcome
SecuLution technique and terminology
Quick start
Test setup in 30 minutes
Best practice in everyday use
Full setup and deployment in 5 hours
Installation of components
Install Appliance
AdminWizard installation
Agent installation
Syslog server installation
Initial configuration tasks
Configure basic settings
Agent configuration
Configure automated tasks
Manage whitelist
Initial whitelist generation
Import trustworthy software
Learn mode
Check deployment and learning progress
Audit
Add entries to whitelist
Drag'n'drop
Individual lernmode
Import from directory
PermanentLernUser
Log alarms
Cleanup whitelist
Manually delete unused entries
Delete entries using a pattern
Clean up classifications
Managed Whitelist
Managed Whitelist
Actions
Actions
Referring rules to objects
Offline mode
Offline mode
Devices
USB device management
USB device encryption
RCM
Agent deployment (RemoteClientManagement)
ArpWatch
ArpWatch
Logs
Logs
FAQ
setup.ini

Logs

SecuLution provides information about events in the "logs" tab.

Limited local logs

The Appliance reserves a limited amount of memory for logs which are shown in the "Logs" tab of the AdminWizard. Log events are also sent to an external server (not provided by SecuLution) using the standard "syslog" protocol.

Logging threshold

Each log entry has a level property which represents the severity. Under the "Server configuration" tab, in the "Logging options" tab, a threshold can be defined so that only events with an equal or greater severity than the filter setting will be logged.

LogLevels

LogLevel Description
EMERG (8) • Error checking the integrity of the Appliance
ALERT (7) • More licenses are being used than were purchased
CRIT (6) • Appliance shutdown
• A "deny" rule has been applied
ERR (5) • unsuccessful attempts to: change the password, activate a new whitelist, apply a patch, set a loglevel, set default deny
• internal server error
WARNING (4) • login of administrator
• successful attempts to: change the password, activate a new whitelist, apply a patch, set a loglevel, set default deny
• A hash that was not listed in the whitelist was checked by an Agent. In case the "action" is "Default deny", the hash was blocked. In case the "action" is "Allow", the hash has been added to the whitelist (e.g. learn mode or PLU).
NOTICE (3) • Appliance starting
• Appliance bootup complete
• Learn mode timeout, resuming normal operation
• A hash that was listed in the whitelist was checked by an Agent, but there was no action configured for the computer or user. (e.g. "Allow" rule only applies to certain users and the user trying to use the program was not allowed)
INFO (2) • A hash was checked and "action" was "allow".