Manage Logging of Traps Components Using Cytool

Using cytool, you can start, stop, or flush the logging of Traps drivers and services (cyverak, cyvrmtgn, cyvrfsfd, cyvrlpc, cyvrreport, cyserver, signver, cyrprtui, cytray, cyverau, cyinjct, cyvrtrap, cyvera, ntnativeapi, winutils, tda, tdawork, analyzer, tlaservice, tlaworker, and tlacore). This enables you to troubleshoot one or more components and log errors, warnings, or information to a log file which you can then view using the Windows Event Viewer. You can also specify the maximum file size of the log, in MB. Cytool outputs the ETL trace logs to the
C:\Program Files\Palo Alto Networks\Traps\
folder.
  1. Open a command prompt as an administrator and navigate to the Traps folder (see Access Cytool).
  2. To start logging a Traps component, use the following command:
    C:\Program Files\Palo Alto Networks\Traps>
    cytool log start <components> [None | Critical | Error | Warning | Information | Verbose [log_size]] <max_log_size>
    where
    <components>
    is either an
    *
    to start logging on all Traps services, or one or more Traps services encased in quotes and separated by spaces, for example
    "cyverak cyvrfsfd"
    .
    The following example displays output for using cytool to log Errors on the cyverak and cyvrmtgn files to a log file with a maximum file size of 20 MB.
    C:\Program Files\Palo Alto Networks\Traps>
    cytool log start "cyverak cyvrmtgn" Error 20
    Log session started.
  3. Stop or flush the active log sessions:
    • To stop logging a Traps component, use the following command:
      C:\Program Files\Palo Alto Networks\Traps>
      cytool log stop
      Log session stopped.
    • To flush active log sessions to disk, use the following command:
      C:\Program Files\Palo Alto Networks\Traps>
      cytool log flush
      Log session flushed to directory C:\ProgramData\Cyvera\Logs.

Related Documentation