Logs Overview - Administrator Guide - 6.5 - Cortex XSOAR - Cortex - Security Operations

Cortex XSOAR Administrator Guide

Product
Cortex XSOAR
Version
6.5
Creation date
2022-09-28
Last date published
2024-03-21
End_of_Life
EoL
Category
Administrator Guide
Abstract

Cortex XSOAR logs information you can use for troubleshooting using log bundles, server logs, Elasticsearch logs, and engine log bundles.

The Cortex XSOAR logs provide information about events that occur in the system. These logs are a valuable tool in troubleshooting issues that might arise in your Cortex XSOAR environment. The Cortex XSOAR logs are located in /var/log/demisto/.

Note

Additional Cortex XSOAR logs are available when you create a log bundle. For information about log bundles, see Create a Log Bundle.

Log

Description

server

The server log is automatically created and maintained by the server. It consists of a list of all activities performed by the server. It is constantly updated. This is the main log to view if there are problems in the system.

To quickly locate error messages, search for error in the log. Often, the error messages shown in the log do not indicate a serious problem. Serious errors will appear in the UI as well as in the server log.

elastic

Displays a list of all activities associated with Elasticsearch. The elastic log exists only when a Cortex XSOAR environment uses Elasticsearch. Use the information in this log to troubleshoot Elasticsearch issues.

d1

The d1 log appears when a Cortex XSOAR Engine is running. The d1 log contains information necessary to debug Engine related issue. The log displays Engine related errors, as well as noting if the Engine is connected.

d2

The d2 log appears whenever a Cortex XSOAR Agent is running. The d2.log contains information necessary to debug any Agent related issue. The log displays Agent related errors, as well as noting whether the Agent was correctly installed.