Cortex XSOAR logs information you can use for troubleshooting.
log bundles server log elasticsearch log engine log bundle
The Cortex XSOAR logs provide information
about events that occur in the system. These logs are a valuable
tool in troubleshooting issues that might arise in your Cortex XSOAR
environment. The Cortex XSOAR logs are located in
/var/log/demisto/
.
Additional Cortex XSOAR logs are available when you create
a log bundle. For information about log bundles, see Create a Log Bundle.
Log
Description
server
The server log is automatically created and
maintained by the server. It consists of a list of all activities
performed by the server. It is constantly updated. This is the main
log to view if there are problems in the system.
To quickly locate
error messages, search for
error
in the log.
Often, the error messages shown in the log do not indicate a serious problem.
Serious errors will appear in the UI as well as in the server log.
elastic
Displays a list of all activities associated
with Elasticsearch. The elastic log exists only when a Cortex XSOAR
environment uses Elasticsearch. Use the information in this log
to troubleshoot Elasticsearch issues.
d1
The d1 log appears when a Cortex XSOAR Engine
is running. The d1 log contains information necessary to debug Engine
related issue. The log displays Engine related errors, as well as
noting if the Engine is connected.
d2
The d2 log appears whenever a Cortex XSOAR
Agent is running. The d2.log contains information necessary to debug
any Agent related issue. The log displays Agent related errors,
as well as noting whether the Agent was correctly installed.
