ServiceNow offers a robust logging system of the events that take place within your system. You can retrieve your logs as well as your log archives using the app. We’ve detailed the main steps you’ll need below.
How to Retrieve Logs with the Browser
To browse your system log entries and download the log files, you can retrieve them in your ServiceNow Log File Browser.
To access this follow the path for System Logs > Utilities > Node Log File Browser.
Types of System Logs
ServiceNow maintains a number of logs that detail different types of events.
Filtering Your Searches
Inside the Log File Browser you can filter your searches for more specificity using these fields:
Archived Logs and Log History
There are various tables that store logs and the system uses a specific schedule depending on the table. below are the log archiving schedules:
Logs Archived Daily
- Event [ecc_event]
- Queue [ecc_queue]
Logs Archived Weekly
- Event [sysevent]
- Log [syslog]
- Transaction Log [syslog_transaction]
Logs Archived Monthly (Every 30 Days)
- Email [sys_email]
Archived logs can be retrieved from your log history by following the path System Logs > Utilities > Node Log File Download. Once there, select an archive from the list and hit Download.
Note that to retrieve logs for a different node, you will need to navigate there under System Diagnostics > Stats.
Metron has experience integrating Cybereason with multiple security platforms. If you are considering any custom solution, please send a note to friends@metronlabs.com.