Troubleshoot Engines - Administrator Guide - Cortex XSIAM - Cortex - Security Operations

Cortex XSIAM Administrator Guide

Product
Cortex XSIAM
Creation date
2024-07-16
Last date published
2024-12-04
Category
Administrator Guide
Abstract

Troubleshoot engines by accessing logs and viewing errors.

When troubleshooting engines, access the logs from SettingsConfigurationsEngines and select the engine from which you want to download the logs.

Debug Engines

The d1.log field appears whenever an engine is running. The d1.log field contains information necessary for your customer success team to debug any engine related issue. The field displays any error, as well as noting whether the engine is connected.

engine-debug.png

Engine 443 Error

This error might occur when a connection is established between an engine and , because, by default, Linux does not allow processes to listen on low-level ports.

Error Message

listen tcp :443: bind: permission denied

Solution

  • In the d1.conf file, change the port number to a higher one, for example, 8443.

  • Run this command: sudo setcap CAP_NET_BIND_SERVICE=+eip /path/to/binary. After running this command the server should be able to bind to low-numbered ports.