Troubleshooting Resources for Mac - Administrator Guide - 8.2 - Cortex XDR Agent - Cortex XDR - Advanced Endpoint Protection - Cortex - Security Operations

Cortex XDR Agent Administrator Guide

Product
Cortex XDR Agent
Cortex XDR
Version
8.2
Creation date
2023-06-29
Last date published
2024-07-16
Category
Administrator Guide
Abstract

Refer to the following troubleshooting resources for the Cortex XDR agent for Mac.

Resource

Description

Processes

Launch Daemons:

  • /Applications/Cortex XDR.app/Contents/MacOS/Cortex XDR

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/pmd

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/authorized

Launch Agents:

  • /Library/Application Support/PaloAltoNetworks/Traps/bin/Cortex XDR Agent.app/Contents/MacOS/Cortex XDR Agent

System Extensions:

  • com.paloaltonetworks.traps.securityextension

  • com.paloaltonetworks.traps.networkextension

Cortex XDR agent console log

Indicates information, warnings, and errors related to the agent console. The Console log is located in the following folder on the endpoint:

  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/agent/

  • macOS 10.12 and later releases—View logs from the Console application in /Library/Logs/PaloAltoNetworks/Cortex XDR/.

Cortex XDR agent service log

Indicates information, warnings, and errors related to Cortex XDR. The Service log is located in the following folder on the endpoint:

  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/

  • macOS 10.12 and later releases—View logs from the Console application in /Library/Logs/PaloAltoNetworks/Cortex XDR/.

Supervisor Command Line Tool (cytool)

Allows you to manage agent features and perform advanced troubleshooting on the local endpoint from a command line interface. For more information, see Cytool for Mac.Cytool for Mac