Dear Outrageous,
Use the Agent Logs option to collect DLP agent service and operational log files from an Endpoint Prevent detection server. This option is available only for Endpoint Prevent servers. To collect agent logs using this option, you must have already pulled the log files from individual agents to the Endpoint Prevent detection server using a Pull Logs action.
Use the agent overview screen to select individual agents and pull selected log files to the Endpoint Prevent detection server. Then use the Agent Logs option on this page to collect the log files.
When the logs are pulled from the endpoint computer, they are stored on the Endpoint Server in an unencrypted format. After you collect the logs from the Endpoint Server, the logs are deleted from the Endpoint Server and are stored only on the Enforce Server. You can only collect logs from one endpoint computer at a time.
Pull Logs Action
Allows you to pull service logs and operational logs for the agent. You can pull either the service logs, or the operational logs, or both sets of logs.
Pulling agent logs is a two-step process:
Pull the agent logs from the endpoint computer to the Endpoint Server
Collect the agent logs from the Endpoint Server through the Enforce Server
You can summarize the agent overview page by a number of criteria including agent configuration, server name, and agent IP address. Additionally, you can filter the agent events by specific sets of criteria relating to the Symantec DLP Agent. Summarizing and filtering the agents lets you view the agent data in the order that you want. For example, you can summarize the agents by the associated agent configuration and then filter those configurations by the most recently updated agents.