Logs Overview - Administrator Guide - 6.10 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Cortex XSOAR
Creation date
Last date published
Administrator Guide

The Cortex XSOAR logs provide information about events that occur in the system. These logs are a valuable tool in troubleshooting issues that might arise in your Cortex XSOAR environment. The Cortex XSOAR logs are located in /var/log/demisto/.


Additional Cortex XSOAR logs are available when you create a log bundle. For information about log bundles, see Create a Log Bundle.




The server log is automatically created and maintained by the server. It consists of a list of all activities performed by the server. It is constantly updated. This is the main log to view if there are problems in the system.

To quickly locate error messages, search for error in the log. Often, the error messages shown in the log do not indicate a serious problem. Serious errors will appear in the UI as well as in the server log.


Displays a list of all activities associated with Elasticsearch. The elastic log exists only when a Cortex XSOAR environment uses Elasticsearch. Use the information in this log to troubleshoot Elasticsearch issues.


The d1 log appears when a Cortex XSOAR Engine is running. The d1 log contains information necessary to debug Engine related issue. The log displays Engine related errors, as well as noting if the Engine is connected.