Discovery Logs
What Are Discovery Logs?
Discovery Logs provide a complete record of every scan executed by your discovery agents. Each log entry captures what was scanned, which protocol was used, whether it succeeded or failed, and detailed diagnostic information to help troubleshoot issues.
Why Use Discovery Logs?
- Troubleshooting — Quickly identify why a scan failed (credentials, network, firewall, timeout)
- Agent Monitoring — Track agent health with success rates and performance metrics
- Audit Trail — Full history of all discovery activity with timestamps and results
- Network Diagnostics — Per-protocol results show exactly which ports are open and which protocols succeeded
- Export — Download logs as CSV for reporting and documentation
How to Access
Navigate to Discovery → Discovery Logs in the main menu.
Dashboard Overview
Summary Statistics
At the top of the page, summary cards display metrics for the selected time period:
| Card | Description |
|---|---|
| Total Scans | Total number of scans executed |
| Success Rate | Percentage of successful scans |
| Status Breakdown | Count per status with average duration |
Understanding Scan Statuses
Each scan results in one of seven statuses:
| Status | Meaning | Common Cause |
|---|---|---|
| Success | Scan completed with valid data collected | Credentials and network access working correctly |
| Failed | Scan encountered an error during execution | Credential issues, permission problems, or system errors |
| Timeout | Scan exceeded the time limit | Large system with many services, slow network, or overloaded target |
| Unauthorized | Target ports are open but credentials were rejected | Wrong username/password, expired credentials, or insufficient permissions |
| Unreachable | Host is down or not responding to network requests | Server powered off, wrong IP, or network routing issue |
| No Access | Host is up but service ports are closed or filtered | Firewall blocking required ports, service not running |
| RPC Error | RPC or firewall blocking (Windows-specific) | Windows Firewall blocking WMI/RPC ports, DCOM not configured |
Log Table
The main table shows one row per scan attempt with the following columns:
| Column | Description |
|---|---|
| Expand | Click to reveal full diagnostic details |
| Timestamp | When the scan was executed |
| Agent | Which discovery agent ran the scan |
| Target IP | IP address that was scanned |
| Scan Type | Protocol used (WMI, SSH, SNMP, vCenter, Kubernetes, AWS, Azure) |
| Status | Color-coded result status |
| Discovery Status | Message from the agent describing the outcome |
| Duration | How long the scan took |
| Quick Summary | Hostname, host status, protocol results, and port count |
Expanded Row Details
Click the expand arrow on any row to reveal three detailed sections:
General Information:
- Scan ID (unique identifier)
- Discovered hostname (if available)
- Operating system detected
- Agent version
- Error message (if scan failed)
Network Reachability:
- Host status (up, down, or unknown)
- ICMP ping response (responds or no response)
- Open TCP ports (listed individually)
- Open UDP ports (listed individually)
Protocol Scan Results: For each protocol attempted (WMI, SSH, SNMP, vCenter, etc.):
- Protocol status (success, failed, or skipped)
- Port reachability
- Probe method used
- Error details or reason for skipping
Scan Statistics:
- Services discovered count
- Applications found count
- Data size collected
- Open ports count
Filtering and Search
Time Range
Quick presets for common time windows:
| Preset | Range |
|---|---|
| 1h | Last hour |
| 6h | Last 6 hours |
| 24h | Last 24 hours (default) |
| 48h | Last 48 hours |
| 1w | Last week |
| Custom | Select specific start and end dates |
Filter Options
| Filter | Description |
|---|---|
| Agent ID | Search for a specific agent |
| Target IP | Search for a specific IP address |
| Scan Type | Filter by protocol: WMI, SSH, SNMP, vCenter, Kubernetes, AWS, Azure |
| Status | Filter by result: Success, Failed, Timeout, Unauthorized, Unreachable, No Access, RPC Error |
All filters work together (AND logic). Active filter count is shown on the filter toggle button.
Export
Click the Export button to download all visible logs as a CSV file. The export includes: timestamp, agent, target IP, scan type, status, discovery status, duration, error message, hostname, and operating system.
Common Use Cases
Why Did a Scan Fail?
- Filter by Target IP and set status to Failed
- Expand the failed log entry
- Check the Error Message for the specific failure reason
- Review Network Reachability — is the host up? Are the required ports open?
- Check Protocol Results — which protocol failed and why?
Is My Agent Working?
- Filter by Agent ID
- Review the success rate in the summary cards
- Look for patterns — are failures concentrated at specific times or IPs?
- Check agent version to ensure it's up to date
Which Hosts Are Unreachable?
- Set the status filter to Unreachable
- Review the list of hosts that didn't respond
- Export the list for network team investigation
- Cross-reference with your CMDB to identify impacted CIs
Diagnosing Credential Issues
- Filter by status Unauthorized
- Group results by scan type (WMI vs SSH vs SNMP)
- Check if the issue affects all targets or specific ones
- Verify credentials in the credential management settings
Firewall and RPC Issues (Windows)
- Filter by status RPC Error or No Access
- Expand the log entry and check Network Reachability
- Look for specific ports that are closed or filtered:
- Port 135 (RPC Endpoint Mapper)
- Port 445 (SMB)
- Dynamic RPC range (49152-65535)
- Coordinate with your network team to open required ports
Relationship to Other Features
vs. Scan Data
| Feature | Purpose |
|---|---|
| Discovery Logs | Metadata and diagnostics about scan execution (did it work? why did it fail?) |
| Scan Data | Full detailed information collected during successful scans (devices, apps, services) |
Discovery Logs tell you what happened during a scan. Scan Data contains what was found.
Discovery Schedules and Agents
Every scan triggered by a discovery schedule automatically generates a log entry. You don't need to create logs manually — they're a byproduct of agent activity.
Log Retention
Discovery logs are retained for 30 days by default. Older logs are automatically cleaned up to manage storage. Administrators can adjust the retention period or trigger manual cleanup if needed.
Best Practices
Regular Monitoring
- Check the success rate daily to catch agent or network issues early
- Investigate any sudden drop in success rate — it often indicates credential expiry or network changes
- Review timeout logs to identify systems that may need longer scan windows
Troubleshooting Approach
- Start with the status filter to focus on the type of failure
- Use the expanded details to get protocol-level diagnostics
- Check network reachability before investigating credential issues — the host must be reachable first
- Compare with recent successful scans of the same target to identify what changed
Audit and Compliance
- Export logs periodically for compliance documentation
- Use the timestamp and agent fields to verify that scheduled scans are running as expected
- Keep the log retention period aligned with your audit requirements
Related Topics
- Discovery Overview — How network discovery works
- Scheduling — Configure scan schedules
- Troubleshooting — Common discovery issues and solutions
- Credential Management — Manage scan credentials