Logs Server Configurations - Administrator Guide - 6.9 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.9
Creation date
2022-09-29
Last date published
2024-04-08
End_of_Life
EoL
Category
Administrator Guide
Abstract

Server configurations for logs.

Key

Description

Default

http.access.log.enabled

Whether to enable or disable the log. For more information, see Configure the Access Log for HTTPS Requests.

false

log.accesslog.filename

The filename of the log. For more information, see Configure the Access Log for HTTPS Requests.

access_log

log.accesslog.rolling.backups

The number of backups. For more information, see Configure the Access Log for HTTPS Requests.

3

log.accesslog.rolling.maxage

The number of days to preserve the log file. For more information, see Configure the Access Log for HTTPS Requests.

0

log.accesslog.rolling.maxfilesize

The maximum number of megabytes when a new file is created. For more information, see Configure the Access Log for HTTPS Requests.

10

log.http.traffic

Whether to write to logs the http requests and responses to/from integrations (only in debug). Relevant for integrations in JavaScript. Set to true.

false

log.rolling.backups

Number of backup files. Change if you want to store a different number of backup files. For more information, see Configure the Server Log.

3

log.rolling.maxage

The maximum number of days to retain old log files based on the timestamp encoded in their filename.

Note

A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc. For more information, see Configure the Server Log.

0: Not to remove old log files based on age.

log.rolling.maxfilesize

The maximum log file size. Large files may affect performance, like 1GB. For more information, see Configure the Server Log.

Log rotation at 10 MB

LogFile

Changes the default engine log file: /var/log/demisto/d1.log

Needs to be in the same directory as the Engine configuration file. If you change it, it might not be found easily when debugging.

N/a

preprocesslogs.file

For troubleshooting, you might need to identify which pre-process rule was triggered. This configuration stores pre-process logs in a separate file. Relevant for v6.5 and above. For more information, see ???.

false

syslog.enabled

Enables syslog. For more information, see Send the Audit Trail to an External Log Service.

false

syslog.filter

Adds filter. Values: object or action. For more information, see Send the Audit Trail to an External Log Service.

N/a

syslog.format

For example, RFC3164, RFC5424. Default is empty, which uses a custom format that is a combination of both formats. For more information, see Send the Audit Trail to an External Log Service.

Empty

syslog.host

Name of the syslog server. For more information, see Send the Audit Trail to an External Log Service.

N/a

syslog.port

The destination port. For more information, see Send the Audit Trail to an External Log Service.

Default is a number for LOG_INFO with LOG_DAEMON.

syslog.priority

Default is a number for LOG_INFO with LOG_DAEMON. If you want to change the default, contact Cortex XSOAR Customer Support. For more information, see Send the Audit Trail to an External Log Service.

N/a

syslog.protocol

The syslog protocol.

Values:

  • tcp

  • udp

  • tcp+tls

  • unix

For more information, see Send the Audit Trail to an External Log Service.

unix (for localhost syslogging)

syslog.tag

The syslog tag. For more information, see Send the Audit Trail to an External Log Service.

Demisto

demisto.audits.purge.delay

How often to check the audit log. Default is every 24 hours.

24

demisto.audits.purge.retention

Number of days to save the audit log.

365

demisto.audits.purge

Whether to purge audit logs

False