Audit Agents Reference
Reference for the per-Site Audit Agents catalog, including its purpose, status display, deletion behavior, and operational signals.
Menu path
Admin Center > Site Settings > Tasks and services > Audit agents.
Purpose
This list shows every Audit Agent currently registered for the Site. It is the admin-side confirmation point after agent deployment and the first place to check when a remote endpoint stops reporting.
The top section provides Audit Agent downloads for:
- Windows
- macOS
- Linux
List view
The grid lists the Audit Agents registered for the current Site. It includes agent identification, connection status, network information, recent activity, audit status, schedule details, and the current Log level.
Hover over the status icon to see the current status: Online, Offline, or Scheduled for deletion.
Use the view controls to choose which columns appear in the grid.
Agent configuration
Open an Audit Agent record and click Configuration to configure:
- Check interval for configuration changes (in minutes) — how often the agent checks for configuration updates.
- Log level — the amount and severity of diagnostic information written to the agent log.
The selected logging level appears in the Log level column in the Audit Agents grid.
Log levels
| Log level | Description |
|---|---|
| Debug | Full diagnostic output. |
| Info | General operational messages. This is the default level. |
| Warning | Non-critical issues. |
| Error | Errors affecting agent functionality. |
| Error Critical | Critical failures only. |
Debug log collection
When Debug is selected, the agent automatically uploads its debug logs and updater logs to AlloyScan. A Download logs button appears next to Configuration, allowing an administrator to download the most recent archive.
AlloyScan keeps only the latest uploaded archive, which contains up to the last 24 hours of logs by default. If the log level is changed from Debug, the download becomes unavailable until Debug is enabled again and a new archive is generated.
At other log levels, logs remain on the agent host and are not uploaded to AlloyScan. To view them locally, use the Audit Agent system tray menu to open the logs.
Deletion behavior
If an agent comes back online while scheduled for deletion, it self-uninstalls. If it remains offline until expiry, AlloyScan removes the registration record from the server side.
Operational signals
| Signal | What to check |
|---|---|
| Newly deployed endpoint does not appear | Confirm outbound HTTPS/443 reachability from the endpoint and wait for first registration and audit. |
| Agent shown as Offline | Check endpoint availability and confirm the agent is still installed and running locally. |
| Endpoint present in Inventory but stale | Compare the agent's last observed activity with device audit history. |
Relationship to Audit Agent settings
The inactivity window and related retention behavior are controlled from Admin Center > Site Settings > Settings > Audit agent settings. The agents list is the observable result surface; the settings page controls the policy.