Reviewing Endpoint Security Logs

In this installment of the Tips and Insights series, Jim Coyle describes how to obtain Endpoint Security logs, search for errors and requests to download the agent diagnostics in the event you ever need to do some troubleshooting.

Hi I’m Jim Coyle. I’m a Channel Engineer here at FireEye. In this video I’d like to share a tip on how to obtain Endpoint Security logs, search for errors and requests to download the agent diagnostics in the event you ever need to do some troubleshooting. First we need to navigate to the folder where the FireEye Endpoint agent is installed. Typically this is found under c:\Program Files\FireEye\xagt. Next all we need to do is request the log to be generated and output to a text file. In this case demolog.text. Now we can open a log and search for any errors.

Additionally further troubleshooting the issue needs to be escalated to FireEye support. We can pull the agent diagnostics from the controller itself. Simply log onto the controller and select hosts from the top menu bar. In the search you can search by hostname, domain, aging ID or IP address. Put a check in the box next to the particular host and under the actions drop down menu select agent diagnostics and then go. Now we need to head over to our acquisitions and wait for the diagnostic to be available for download.

And that’s how you obtain a local agent log as well as pull the agent diagnostics. Stay tuned for more tips and insights from FireEye.

Scroll to Top