Overview of ZeroLock Agent Log File Locations
The Zerolock Agent (ZA), consists of two parts, Tyr and Baldur. Tyr monitors processes and manages the communications to the ZeroLock Management Console (ZMC). Baldur is the behavior analysis engine. When referring to the ZeroLock Agent logs, we mean the tyr.log and zerolock_log.
Logs are great sources of information. For example, when troubleshooting ZeroLock Agent connection issues to the ZMC, you should look in the Tyr log as that is where communication data between the agent and the ZMC is stored.
Similarly, if you are interested in determining the cause of false positives or failures to detect, the zerolock_log (Baldur) may provide insight as this is where detection, response, and telemetry (data) is logged.
Agent Log File Locations
The installation method determines the locations of the logs.
Container
- Tyr log
var/lib/docker/volumes/zerolock_opt/_data/zerolock/zerolock-tyr/tyr.log
- Baldur log (zerolock_log)
var/lib/docker/volumes/zerolock_opt/_data/zerolock/zerolock-baldur/log/zerolock_log
Native
- Tyr log
/opt/zerolock/zerolock-tyr/tyr.log
- Baldur log (zerolock_log)
/opt/zerolock/zerolock-baldur/log/zerolock_log
Note: Accessing these logs requires sudo privileges.