End-of-Life (EoL)

Create a Log Bundle

log bundle troubleshooting
A log bundle is a zip file of additional logs available in the Cortex XSOAR system. These logs provide additional information that is useful in troubleshooting issues that arise in your Cortex XSOAR system. Send the log bundle zip file to Cortex XSOAR support to use for debugging purposes. After you create the log bundle, the logs will also appear in
/var/log/demisto/
.
  1. Go to
    Settings
    About
    Troubleshooting
    .
  2. To create the log bundle, click
    Download logs
    .
    The following are the logs that appear in the bundle.
    Log
    Description
    workers
    Displays the total number of configured workers, the total number of workers that are busy, and the total number of available workers.
    If you experience performance issues, check the workers log to check if all workers are busy. To increase the worker count, see Configure the Number of Workers for the Server and Engine for details.
    web-app
    Displays the active integrations and maps all the data types in the system. If there is a problem in the system, you can import this information to your system to try to troubleshoot the problem.
    version_control
    Displays the following information:
    • The version of Git.
    • The location of the Git binary on the system.
    • All commands supported by the installed version of Git.
    • The repository folder of the server, where the version of the server’s content are managed.
    • The port that is used when connecting to a remote repository
    • The branch that you are connected to in the remote repository, if you are connected to a remove repository.
    • A list of all the configurations that are in the repository.
    telemetry
    Cortex XSOAR uses telemetry to collect specific usage data. This data is analyzed and used to improve Cortex XSOAR, and to identify common usage to help drive the product roadmap. This log displays if telemetry is enabled.
    • anonymous
      - telemetry is enabled.
    • no telemetry
      - telemetry is disabled.
    By default, telemetry is enabled.
    For information on telemetry, see Cortex XSOAR Telemetry.
    preprocessRules
    Displays the actual data of any existing pre-process rules. Use this information if the pre-process rules are not working as expected, or if incidents are dropped or wrongfully closed .
    packsubscriptionsinfo
    Displays the metadata for the marketplace paid pack subscriptions, such as the company’s balance or the subscription status of each paid pack. View the content of this log if question arise about the company’s marketplace pack subscriptions.
    os
    Displays the exact amount of usage of the general resources of the system at the time you create the log. This information includes operating system usage, kernel usage, memory usage, CPU usage, etc.
    network
    Displays all the programs used in the network and contains the record of user and process access calls to objects, attempts at authentication, and other network activity.
    ml
    Displays the activities of the training machine learning in the platform. If the training of the model fails, look in this log to understand the error. The error can be a script execution error or a Docker error. For a Docker error, search for demisto/dl. For a script error, search for DBotBuildPhishingClassifier or one of the following subscripts: GetIncidentsByQuery DBotPreProcessTextData DBotTrainTextClassifierV2 WordTokenizerNLPNote that errors that appear may be general Docker errors because all of the scripts and subscripts run in Docker.
    license_data
    Displays the licensing information, including the license validation date, number of users permitted in the system, the amount of users currently using the system, etc.
    installedpacks
    Displays the installed packs from Marketplace.
    go_stats
    Go is used to retrieve information about the environment of the server, such as how many CPUs are used, how many goroutines (threads) are used, etc. This log displays the location of all Go routines in the code.
    filesystem
    Displays how much free disk space there is in the file system. Displays all the folders that Cortex XSOAR uses and the total usage of the disk space for each folder. Can indicate there is not enough available disk space.
    env
    Displays the version and build number for Cortex XSOAR, and the version of the server SHA and web-client.
    content
    Displays the activities for all playbook integrations, automations, and incident types. These activities also appear in the server log.
    confserver
    Displays the configuration of the server. This information also appears in the
    Settings
    About
    Troubleshooting
    page in Cortex XSOAR.
    confdb
    Displays the configuration of the database.
    conf
    Displays the generic server configurations.
    bolt_stats
    Displays information about Bolt disk and index usage.

Recommended For You