Configure the Server Log - Administrator Guide - 6.8 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.8
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Configure the server log for maximum size, log level, number of files to backup and days to retain log files, in Cortex SXSOAR.

You can configure the log level, the number of backups, the number of days to retain log files, and the maximum size of the server log.

By default, the log level of the server log is Info. The following are the log level options:

  • Fatal - indicates truly catastrophic situations. Not usually used.

  • Error - provides information about a serious issue that represents the failure of something important in the application.

  • Warning - indicates that there might be a problem.

  • Info - displays normal application behavior and milestones.

  • Debug - provides detailed diagnostic information. Debug causes the system to write many logs about the operational outcome of several procedural processes and subprocesses. The debug level is resource intensive. You should set the log level to debug only on advice from the technical support, customer success teams, or problem-specific documentation.

  • Trace - extremely detailed information. Not often used.

You can configure the log level of the server log in the UI or in the /etc/demisto.conf file. If you configure the log level in the UI, you can only select the following log levels: Warning, Info, Debug.

The maximum size of the server log is 10 MB by default. Although you can change this value, it is recommended not to exceed 10 MB. When the server log is full, it is saved as a backup and a new server log is created. The default number of backup files is 3.

  1. To configure the log level of your server log:

    • In the UI, go to SettingsAboutTroubleshooting and select the log level from the Log Level drop down list.

    • In the /etc/demisto.conf file, add the key log.level and the new log level.

  2. To configure the maximum size of the log file, the number of files to retain, and the number of days to retain log files:

    1. In the UI, go to SettingsAboutTroubleshooting.

    2. Add the following keys with their new value: log.rolling.backups, log.rolling.maxfilesize.

      Key

      Value

      log.rolling.maxfilesize

      The maximum size in MB to retain log files based. Default is 10 MB.

      log.rolling.backups

      The maximum number of log files to retain. Default is 3.

      log.rolling.maxage

      The maximum number of days to retain old log files based on the time stamp encoded in the file name. Default is 0 (not to retain old log files based on age).

      Note

      A day is defined as 24 hours and may not exactly correspond to calendar days due to daylight savings, leap seconds, etc.

    When changing the configuration settings, bear in mind your available disk space. Increasing the values, may have an adverse impact.