View errors and take action on the System Diagnostics page for Cortex XSOAR On-prem.
The System Diagnostics page enables you to identify and fix potential issues before they become system-critical. By default, the System Diagnostics page shows trends from the last 24 hours, but you can also select the last hour, 6 hours, 12 hours, 3 days, or 7 days.
Note
Only administrators can view the system diagnostics page.
Download log bundles
To help with debugging issues, you can download the log bundle by clicking in the upper right hand corner. The log bundle contains information about the system from the current state up to the past ten days, and it should be included when opening a support ticket.
Nodes
Four widgets present information regarding nodes.
Node | Description |
---|---|
Nodes - CPU | Trend graph showing CPU consumption. The trend graph shows an increase as system usage increases. Temporary peaks might correlate with system delays or slowness. We recommend increasing CPU resources when you reach system limits. |
Nodes - Memory | Trend graph showing memory consumption. The trend graph shows an increase as memory usage increases. Temporary peaks might correlate with system delays or slowness. We recommend increasing memory resources when you reach system limits. |
Nodes - Storage | Trend graph showing storage usage. The trend graph shows an increase as storage usage increases. Temporary peaks might correlate with system delays or slowness. We recommend increasing storage resources when you reach system limits. |
Active Nodes Snapshot | Shows a list of all active nodes and their status - Connected or Disconnected. |
Storage Groups
Storage Groups display a graph illustrating storage group utilization. The trend graph shows an increase as storage usage grows. A rapid surge in storage utilization might indicate a change in system usage.
We recommend increasing storage capacity or performing a data cleanup when utilization reaches 80%.
Playbooks in Queue
The Playbooks in Queue widget shows a graph that includes manually and automatically triggered playbooks and displays how many playbooks were waiting in the queue over the displayed period. The playbook queues are designed to manage playbook executions efficiently and prevent system overload. A rapid surge in the graph values might indicate a temporary peak of triggered playbooks and cause playbooks to take longer to execute and may slow UI performance.
If the queue count is constantly higher than 0, contact Customer Support to discuss scaling options.
Cortex Connectivity Snapshot
The Connectivity Snapshot shows the connection status between your Cortex XSOAR tenant and the external gateway. If the status is Disconnected you cannot upgrade Cortex XSOAR, access the Marketplace, or update Docker images.
Components Snapshot
The Components Snapshot shows the status of a Cortex XSOAR component.
Status | Action |
---|---|
Healthy | None |
Warning |
|
Error |
Note
For some components, such as storage, if the system reaches a critical level, Cortex XSOAR will no longer function, and you will not be able to access the System Diagnostics page.
We recommend monitoring system components on an ongoing basis to avoid critical-level issues.
The components include:
Component | Description |
---|---|
API | The API request handlers |
Storage | System storage and files |
Databases | System databases |
Telemetry | System telemetry collection |
Automation layer | Automation resources and components handler |
Playbook Engines | Task queue and priority handling |
System Scheduler | System scheduled tasks and prioritization handlers |
External Gateways | External resource and connection handling |
System Orchestrators | System initialization |
Execution Environments | Task execution |