%20(1)-x8Y.png)
Accessing Logs (On-Prem only)
Log files are now created on an hourly basis and kept for 7 days. You can access log files on the server and download them in one click.
This article provides more information on the types of information that will be stored as log files, and how and where to access them.
Where are these log files stored?
At the top level, the log files are stored under* /var/logs/siemplify*.
If we drill down, we can find the following logs under their names.
For example:
Chronicle SOAR connectors: “/var/logs/siemplify/connector name”
Chronicle SOAR jobs: “/var/logs/siemplify/job name”
Chronicle SOAR integrations: “/var/logs/siemplify/Integrations/integration name”
Chronicle SOAR Services: “/var/logs/siemplify/service name”
Chronicle SOAR Services
The following services will have log files in a dedicated folder:
- Python Connector instances (each connector)
- Python Integrations (each integration)
- Python Jobs
- Indexer service
- Playbook actions service
- Connector service
- Python execution service
- App service
- ETL service
How often are these log files created?
Log files are created on an hourly basis per log component and stored in a daily folder. Each file stores the log records as created from HH:00:00 to HH:59:59. The daily folder name format is the date – according to server localization settings
Note that log files are only kept for 7 days. After this time, the log folders are deleted.
How can I change the error level of logs?
- Navigate to Settings > Advanced > Logs.
- Choose from the following: Error (most critical), Warning (includes error), Info (Info includes any log record, including errors, warnings and many other system log records). Note that in this screen, you can also select to see Elastic logs. The level of logs that you choose here will apply to both Chronicle SOAR service logs and Elastic logs (if enabled). The change applies to log files from that moment on.
How can I see all the current logs?
- Navigate to Settings > Advanced > Logs.
- Click Download to download a zip file containing all the logs for the last ten hours.
- Alternatively, select a Time Range from the drop-down list and click Export to download a zip file containing all the error logs for the defined time frame.
- In addition, you can access the files directly from the server via the command line.
