Agent Activity Logs; Agent Policy Settings - McAfee EPOLICY ORCHESTRATOR 4.0.2 Product Manual

Distributing Agents to Manage Systems

Agent activity logs

Agent activity logs
The agent log files are useful for determining agent status or troubleshooting. Two log files
record agent activity, both are located in the agent installation folders on the managed system.
Agent activity log
The agent activity log is an XML file named agent_<system>.xml where <system> is the
NetBIOS name of the system on which the agent is installed. This log file records agent activity
related to thingssuch as policy enforcement, agent-server communication, and event forwarding.
You can define a size limit of this log file.
On the Logging tab of the McAfee Agent policy pages, you can configure the level of agent
activity that is recorded.
Detailed agent activity log
The detailed agent activity log is named agent_<system>.log file where <system> is the
NetBIOS name of the system on which the agent is installed. In addition to the information
stored in the agent activity log, the detailed activity log contains troubleshooting messages.
This file has a 1MB size limit. When this log file reaches 1MB, a backup copy is made
(agent_<system>_backup.log).

Agent policy settings

Agent policy settings determine agent performance and behavior in your environment, including:
• How often the agent calls in to the server.
• How often the agent enforces policies on the managed system.
• How often the agent delivers event files to the server.
• Where the agent goes for product and update packages.
Before distributing a large number of agents throughout your network, consider carefully how
you want the agent to behave in the segments of your environment. Although you can configure
agent policy after agents are distributed, McAfee recommends setting agent policy prior to the
distribution to prevent unnecessary resource impact.
For complete descriptions of options on the agent policy pages, click ? on the page displaying
the options. However, some of the most important policy settings are discussed here.
Priority event forwarding
The agent and security software on the managed system generate software events constantly
during normal operation. These can range from information events about regular operation,
such as when the agent enforces policies locally, to critical events, such as when a virus is
detected and not cleaned. These events are sent to the server at each agent-server
communication and stored in the database. A typical deployment of ePolicy Orchestrator in a
large network can generate thousands of these events an hour. Most likely, you won't want to
see each of these.
Typically, you may want to know about higher severity events immediately. You can configure
the agent to forward events that are equal to or greater than a specified severity immediately
(specific event severities are determined by the product generating the events). If you plan to
McAfee ePolicy Orchestrator 4.0.2 Product Guide 69