Managing logs

Gather your Automation Anywhere bot logging data in one central location for better and more efficient consumption.

Logging data is generated throughout the Automation Anywhere product. For logging to be more useful, we recommend that you consolidate your logs into one central machine or area.

For additional information about the generated logs, see Auditing and Logging.

Windows built-in logging strategy

Windows has a built-in form of centralized logging. To setup a single machine that pulls all logging data from other machines into a single location using subscriptions:

  1. Open Event Viewer on the machine to be used for central logging.
  2. Subscribe to Logging Events from each of the other source computers.

Splunk strategy

To be practical and useful, logging methods need to: collect logging events across all systems and apps, provide a holistic view of the entire environment, and display the collected logs in a single area or tool. Tools, such as Splunk, aggregate various types of logs from various sources into one central location.

Splunk collecting logs
Splunk's light-weight software agent, Universal Forwarder, can be installed on most operating systems and networking environment. The Universal Forwarders monitor logs as they are generated and forward them to the Splunk Indexing Server, all in real-time. Splunk deployment is both easy and scalable. More importantly, it provides the top level view of the whole enterprise and provides drill-down options into all of your logging data.
Splunk log view options
Note: Automation Anywhere does not provide any Splunk-specific configuration. However, the Control Room application audit logs can be imported into Splunk by configuring the Control Room database activity table as a source.

Log event types

There are three event types.

Infrastructure logging
Network, router, switch, firewall, gateways, etc.
Systems logging
Windows Event Viewer, Web Server Logs, and machine logs.
Application logging
  • Control Room
  • Bot Runner
  • Bot Creator (Dev Client)
  • BotFarm
  • Credential Vault
  • Bot Insight for analytics

Log retention

How long you retain collected logs is typically determined by company policy, and typically defined in terms of currently active (hot), accessible backup (warm), and historical records (cold).

Hot storage
The current, active log files. Stored on the server where they were generated or where they are collected. Keep these files locally, on your servers, for at least a month.
Warm storage
Corporate-wide backups that are generally available for at least one year. Typically, are moved from warm storage to cold storage after five years.
Cold storage
Long term archive storage such as the use of magnetic tape that survives the test of time. These are the files that are moved from warm storage, five years after origination date.

Log rotation

Log rotation is highly recommended where dated log files are archived. This ensures logs are kept a manageable file size in the file system. Recommended rotation is every 24 hours, that is, archive the log file every 24 hours. If your system generates a lot of log data, adjust the frequency of the log rotation. Alternatively, choose a combination method based on your environment. For example:
Log Rotation by Time
Create a single new log file per 24 hours.
Log Rotation by Size
Create new log file based on the size of the log file.
Log Rotation by Bot
Some combination of both to limit size and time per log file.