Create a Log Bundle
Create a log bundle of additional logs for troubleshooting in Cortex XSOAR.
A log bundle is a zip file of additional logs available in the Cortex XSOAR system. These logs provide additional information that is useful in troubleshooting issues that arise in your Cortex XSOAR system. Send the log bundle zip file to Cortex XSOAR support to use for debugging purposes. After you create the log bundle, the logs will also appear in
- Go to.SettingsAboutTroubleshooting
- To create the log bundle, clickDownload logs.(Multi-tenant) - For multi-tenant deployments, downloadAll logs.The following are the logs that appear in the bundle.LogDescriptionworkersDisplays the total number of configured workers, the total number of workers that are busy, and the total number of available workers.If you experience performance issues, check the workers log to check if all workers are busy. To increase the worker count, see Configure the Number of Workers for the Server and Engine for details.web-appDisplays the active integrations and maps all the data types in the system. If there is a problem in the system, you can import this information to your system to try to troubleshoot the problem.version_controlDisplays the following information:
telemetryCortex XSOAR uses telemetry to collect specific usage data. This data is analyzed and used to improve Cortex XSOAR, and to identify common usage to help drive the product roadmap. This log displays if telemetry is enabled.
- The version of Git.
- The location of the Git binary on the system.
- All commands supported by the installed version of Git.
- The repository folder of the server, where the version of the server’s content are managed.
- The port that is used when connecting to a remote repository
- The branch that you are connected to in the remote repository, if you are connected to a remove repository.
- A list of all the configurations that are in the repository.
By default, telemetry is enabled.For information on telemetry, see Cortex XSOAR Telemetry.preprocessRulesDisplays the actual data of any existing pre-process rules. Use this information if the pre-process rules are not working as expected, or if incidents are dropped or wrongfully closed .packsubscriptionsinfoDisplays the metadata for the marketplace paid pack subscriptions, such as the company’s balance or the subscription status of each paid pack. View the content of this log if question arise about the company’s marketplace pack subscriptions.osDisplays the exact amount of usage of the general resources of the system at the time you create the log. This information includes operating system usage, kernel usage, memory usage, CPU usage, etc.networkDisplays all the programs used in the network and contains the record of user and process access calls to objects, attempts at authentication, and other network activity.mlDisplays the activities of the training machine learning in the platform. If the training of the model fails, look in this log to understand the error. The error can be a script execution error or a Docker error. For a Docker error, search for demisto/dl. For a script error, search for DBotBuildPhishingClassifier or one of the following subscripts: GetIncidentsByQuery DBotPreProcessTextData DBotTrainTextClassifierV2 WordTokenizerNLPNote that errors that appear may be general Docker errors because all of the scripts and subscripts run in Docker.license_dataDisplays the licensing information, including the license validation date, number of users permitted in the system, the amount of users currently using the system, etc.installedpacksDisplays the installed packs from Marketplace.go_statsGo is used to retrieve information about the environment of the server, such as how many CPUs are used, how many goroutines (threads) are used, etc. This log displays the location of all Go routines in the code.filesystemDisplays how much free disk space there is in the file system. Displays all the folders that Cortex XSOAR uses and the total usage of the disk space for each folder. Can indicate there is not enough available disk space.envDisplays the version and build number for Cortex XSOAR, and the version of the server SHA and web-client.contentDisplays the activities for all playbook integrations, automations, and incident types. These activities also appear in the server log.confserverDisplays the configuration of the server. This information also appears in thepage in Cortex XSOAR.SettingsAboutTroubleshootingconfdbDisplays the configuration of the database.confDisplays the generic server configurations.bolt_statsDisplays information about Bolt disk and index usage.
- anonymous- telemetry is enabled.
- no telemetry- telemetry is disabled.
Recommended For You
Recommended videos not found.