A log bundle is a zip file of additional logs available in the Cortex XSOAR system. These logs provide additional information that is useful in troubleshooting issues that arise in your Cortex XSOAR system. Send the log bundle zip file to Cortex XSOAR support to use for debugging purposes. After you create the log bundle, the logs will also appear in
Go to→ → .
To create the log bundle, click Download logs.
(Multi-tenant) - For multi-tenant deployments, download All logs.
The following are the logs that appear in the bundle.
Displays the total number of configured workers, the total number of workers that are busy, and the total number of available workers.
If you experience performance issues, check the workers log to check if all workers are busy. To increase the worker count, see Configure the Number of Workers for the Server for details.
Displays the active integrations and maps all the data types in the system. If there is a problem in the system, you can import this information to your system to try to troubleshoot the problem.
Displays the following information:
The version of Git.
The location of the Git binary on the system.
All commands supported by the installed version of Git.
The repository folder of the server, where the version of the server’s content are managed.
The port that is used when connecting to a remote repository
The branch that you are connected to in the remote repository, if you are connected to a remove repository.
A list of all the configurations that are in the repository.
Cortex XSOAR uses telemetry to collect specific usage data. This data is analyzed and used to improve Cortex XSOAR, and to identify common usage to help drive the product roadmap. This log displays if telemetry is enabled.
anonymous- telemetry is enabled.
no telemetry- telemetry is disabled.
By default, telemetry is enabled.
For information on telemetry, see Telemetry.
Displays the actual data of any existing pre-process rules. Use this information if the pre-process rules are not working as expected, or if incidents are dropped or wrongfully closed .
Displays the metadata for the marketplace paid pack subscriptions, such as the company’s balance or the subscription status of each paid pack. View the content of this log if questions arise about the company’s marketplace pack subscriptions.
Displays the exact amount of usage of the general resources of the system at the time you create the log. This information includes operating system usage, kernel usage, memory usage, CPU usage, etc.
Displays all the programs used in the network and contains the record of user and process access calls to objects, attempts at authentication, and other network activity.
Displays the activities of the training machine learning in the platform. If the training of the model fails, look in this log to understand the error. The error can be a script execution error or a Docker error. For a Docker error, search for demisto/dl. For a script error, search for DBotBuildPhishingClassifier or one of the following subscripts: GetIncidentsByQuery, DBotPreProcessTextData, DBotTrainTextClassifierV2, WordTokenizerNLP. Note that errors that appear may be general Docker errors because all of the scripts and subscripts run in Docker.
Displays the licensing information, including the license validation date, number of users permitted in the system, the amount of users currently using the system, etc.
Displays the installed packs from Marketplace.
Go is used to retrieve information about the environment of the server, such as how many CPUs are used, how many goroutines (threads) are used, etc. This log displays the location of all Go routines in the code.
Displays how much free disk space there is in the file system. Displays all the folders that Cortex XSOAR uses and the total usage of the disk space for each folder. Can indicate there is not enough available disk space.
Displays the version and build number for Cortex XSOAR, and the version of the server SHA and web-client.
Displays the activities for all playbook integrations, automations, and incident types. These activities also appear in the server log.
Displays the configuration of the server. This information also appears in the→ → page in Cortex XSOAR.
Displays the configuration of the database.
Displays the generic server configurations.
Displays information about Bolt disk and index usage.