Log File Locations of the ZeroLock® Agent

Overview of ZeroLock® Agent Log File Locations

    The Zerolock Agent (ZA), consists of two parts, Tyr and Baldur.  Tyr monitors processes and manages the communications to the ZeroLock Management Console (ZMC).  Baldur is the behavior analysis engine.  When referring to the ZeroLock Agent logs, we mean the tyr.log and zerolock_log.

    Logs are great sources of information.  For example, when troubleshooting ZeroLock Agent connection issues to the ZMC, you should look in the Tyr log as that is where communication data between the agent and the ZMC is stored.

    Similarly, if you are interested in determining the cause of false positives or failures to detect, the zerolock_log (Baldur) may provide insight as this is where detection, response, and telemetry (data) is logged.

     

    Agent Log File Locations

    The installation method determines the locations of the logs.  

    Container

    • Tyr log
      var/lib/docker/volumes/zerolock_opt/_data/zerolock/zerolock-tyr/tyr.log
    • Baldur log (zerolock_log)
      var/lib/docker/volumes/zerolock_opt/_data/zerolock/zerolock-baldur/log/zerolock_log

    Native

    • Tyr log
      /opt/zerolock/zerolock-tyr/tyr.log
    • Baldur log (zerolock_log) 
      /opt/zerolock/zerolock-baldur/log/zerolock_log

    Note:  Accessing these logs requires sudo privileges.