Create a Log Bundle - Administrator Guide - 6.6 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.6
Creation date
2022-09-29
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Create a log bundle of additional logs for troubleshooting in Cortex XSOAR.

A log bundle is a zip file of additional logs available in the Cortex XSOAR system. These logs provide additional information that is useful in troubleshooting issues that arise in your Cortex XSOAR system. Send the log bundle zip file to Cortex XSOAR support to use for debugging purposes. After you create the log bundle, the logs will also appear in /var/log/demisto/.

  1. Go to SettingsAboutTroubleshooting.

  2. To create the log bundle, click Download logs.

    (Multi-tenant) - For multi-tenant deployments, download All logs.

    The following are the logs that appear in the bundle.

    Log

    Description

    workers

    Displays the total number of configured workers, the total number of workers that are busy, and the total number of available workers.

    If you experience performance issues, check the workers log to check if all workers are busy. To increase the worker count, see Configure the Number of Workers for the Server and Engine for details.

    web-app

    Displays the active integrations and maps all the data types in the system. If there is a problem in the system, you can import this information to your system to try to troubleshoot the problem.

    version_control

    Displays the following information:

    • The version of Git.

    • The location of the Git binary on the system.

    • All commands supported by the installed version of Git.

    • The repository folder of the server, where the version of the server’s content are managed.

    • The port that is used when connecting to a remote repository

    • The branch that you are connected to in the remote repository, if you are connected to a remove repository.

    • A list of all the configurations that are in the repository.

    telemetry

    Cortex XSOAR uses telemetry to collect specific usage data. This data is analyzed and used to improve Cortex XSOAR, and to identify common usage to help drive the product roadmap. This log displays if telemetry is enabled.

    • anonymous - telemetry is enabled.

    • no telemetry - telemetry is disabled.

    By default, telemetry is enabled.

    For information on telemetry, see Telemetry.

    preprocessRules

    Displays the actual data of any existing pre-process rules. Use this information if the pre-process rules are not working as expected, or if incidents are dropped or wrongfully closed .

    os

    Displays the exact amount of usage of the general resources of the system at the time you create the log. This information includes operating system usage, kernel usage, memory usage, CPU usage, etc.

    network

    Displays all the programs used in the network and contains the record of user and process access calls to objects, attempts at authentication, and other network activity.

    ml

    Displays the activities of the training machine learning in the platform. If the training of the model fails, look in this log to understand the error. The error can be a script execution error or a Docker error. For a Docker error, search for demisto/dl. For a script error, search for DBotBuildPhishingClassifier or one of the following subscripts: GetIncidentsByQuery, DBotPreProcessTextData, DBotTrainTextClassifierV2, WordTokenizerNLP. Note that errors that appear may be general Docker errors because all of the scripts and subscripts run in Docker.

    license_data

    Displays the licensing information, including the license validation date, number of users permitted in the system, the amount of users currently using the system, etc.

    installedpacks

    Displays the installed packs from Marketplace.

    go_stats

    Go is used to retrieve information about the environment of the server, such as how many CPUs are used, how many goroutines (threads) are used, etc. This log displays the location of all Go routines in the code.

    filesystem

    Displays how much free disk space there is in the file system. Displays all the folders that Cortex XSOAR uses and the total usage of the disk space for each folder. Can indicate there is not enough available disk space.

    env

    Displays the version and build number for Cortex XSOAR, and the version of the server SHA and web-client.

    content

    Displays the activities for all playbook integrations, automations, and incident types. These activities also appear in the server log.

    confserver

    Displays the configuration of the server. This information also appears in the SettingsAboutTroubleshooting page in Cortex XSOAR.

    confdb

    Displays the configuration of the database.

    conf

    Displays the generic server configurations.

    bolt_stats

    Displays information about Bolt disk and index usage.