Palo Alto Networks Knowledgebase: How to collect Traps Agent support files (logs) from the Endpoint

How to collect Traps Agent support files (logs) from the Endpoint

Created On 02/07/19 23:34 PM - Last Updated 02/07/19 23:35 PM
Advanced Endpoint Protection Traps
Traps Version
When opening a Traps support case, please provide the relevant Traps support files (logs). There are two common ways of collecting Traps agent logs from the Endpoint.

Send Support File from Agent Console

  1. Connect to the Endpoint (EP).
  2. Open the Agent Console
Open Agent Console.jpg


Click Send Support File.

  1. Connect to the Endpoint Security Manager (ESM) Console.
  2. Follow next flow: Monitor > Data Retrieval. There you can find the Endpoint Computer Logs that were uploaded.


  3. Click on Download and Save. Please do not rename the Logs File Name. Download.jpg


  4. Open the folder and upload the Logs Zipped file to the case.
Example of the files in the Zip file: 
files in the Log Zip file.jpg


  1. Collect Send Support File on the Endpoint when no connection to server or Upload State Failed.


    When the Traps Agent does not have a connection to the ESM server


    Or there is a connection indication on the Traps agent console but 'Upload State Failed' can be seen on the ESM Console at: Monitor > Data Retrieval.


    The logs can be found on the EndPoint at C:\ProgramData\Cyvera\Everyone\Temp for Windows Vista and above.

    For windows XP at C:\Documents and Settings\All Users\Application Data\Cyvera\Everyone\Temp.




Collect Endpoint Support Files with GetLogsUtil

Limitation: when Sprot is enabled on the Endpoint the Logs file created by the GetLogsUtil will not include ClientPolicy.XML that should be included in cases related to Events, Rules, Policy and compatibility related issues.

ClientPolicy.XML can be found at:

Windows Vista and above in C:\ProgramData\Cyvera\LocalSystem .

Windows XP at C:\Documents and Settings\All Users\Application Data\Cyvera\LocalSystem


  1. Download the file attached at the end of this article to the Endpoint.

     attached at end.jpg

  2. Extract the file
  3. Next is the result of extracting it from the downloads folder to C:\Users\Win7_86\GetLogs_3.3.1.8791 folder.2016_GetLogs_deployed.jpg
  4. Run CMD as Administrator. 


  5. Go to the path you have deployed GetLogsUtilAgent into by "cd Path".
    Example : cd C:\Users\Win7_86\GetLogs_3.3.1.8791


  6. Then run next command in CMD : "GetLogsUtilAgent.exe ."
    The result will be a Zipped Logs file where GetLogsUtilAgent is deployed
    The customer can choose the destination of the logs with the next command: "GetLogsUtilAgent.exe destination".


  7. Please upload the Logs Zipped file that was created to the Case.


    Example of what the Logs Zipped file includes:
    Logs Zipped Files.jpg


    When the GetLogsUtil is deployed on a network folder it can be used from the different Endpoints that have access.

  • Print
  • Copy Link

Choose Language