Cortex XSOAR logs information you can use for troubleshooting using log bundles, server logs, Elasticsearch logs, and engine log bundles.
The Cortex XSOAR logs provide information about events that occur in the system. These logs are a valuable tool in troubleshooting issues that might arise in your Cortex XSOAR environment. The Cortex XSOAR logs are located in /var/log/demisto/
.
Note
Additional Cortex XSOAR logs are available when you create a log bundle. For information about log bundles, see Create a Log Bundle.
Log | Description |
---|---|
server | The server log is automatically created and maintained by the server. It consists of a list of all activities performed by the server. It is constantly updated. This is the main log to view if there are problems in the system. To quickly locate error messages, search for |
elastic | Displays a list of all activities associated with Elasticsearch. The elastic log exists only when a Cortex XSOAR environment uses Elasticsearch. Use the information in this log to troubleshoot Elasticsearch issues. |
d1 | The d1 log appears when a Cortex XSOAR Engine is running. The d1 log contains information necessary to debug Engine related issue. The log displays Engine related errors, as well as noting if the Engine is connected. |
d2 | The d2 log appears whenever a Cortex XSOAR Agent is running. The d2.log contains information necessary to debug any Agent related issue. The log displays Agent related errors, as well as noting whether the Agent was correctly installed. |