Learn more about collecting logs from a Broker VM to review them as part of an investigation.
Cortex XDR enables you to collect your Broker VM logs directly from the Cortex XDR management console.
You can collect logs by either regenerating the most up-to-date logs and downloading them once they are ready, or downloading the current logs from the last creation date reflected in the TIMESTAMP.
Select Broker VMs table in the Brokers tab.
→ → → to view theLocate your Broker VM, right-click and select either Generate New Logs or Download Logs (<TIMESTAMP>).
Note
The Download Logs (<TIMESTAMP>) is only displayed when you’ve downloaded your logs previously using Generate New Logs.
Logs are generated automatically, but can take up to a few minutes depending on the size of the logs.