Palo Alto Networks Knowledgebase: How to collect Traps Agent support files (logs) from the Endpoint

How to collect Traps Agent support files (logs) from the Endpoint

5891
Created On 02/07/19 23:34 PM - Last Updated 02/07/19 23:35 PM
Advanced Endpoint Protection Traps
Resolution
Traps Version 3.3.1.7983
When opening a Traps support case, please provide the relevant Traps support files (logs). There are two common ways of collecting Traps agent logs from the Endpoint.

Send Support File from Agent Console

  1. Connect to the Endpoint (EP).
  2. Open the Agent Console
Open Agent Console.jpg

 

Click Send Support File.
Send_support_file.jpg

Send_support_sending.jpg
  1. Connect to the Endpoint Security Manager (ESM) Console.
  2. Follow next flow: Monitor > Data Retrieval. There you can find the Endpoint Computer Logs that were uploaded.
    Log_in_esm.jpg

     

  3. Click on Download and Save. Please do not rename the Logs File Name. Download.jpg

     

  4. Open the folder and upload the Logs Zipped file to the case.
Example of the files in the Zip file: 
files in the Log Zip file.jpg

 

  1. Collect Send Support File on the Endpoint when no connection to server or Upload State Failed.

     

    When the Traps Agent does not have a connection to the ESM server
    Agent_no_connection_to_server.jpg

     

    Or there is a connection indication on the Traps agent console but 'Upload State Failed' can be seen on the ESM Console at: Monitor > Data Retrieval.
    Agent_connected.jpg

    While
    Uploadstart_failed.jpg

    The logs can be found on the EndPoint at C:\ProgramData\Cyvera\Everyone\Temp for Windows Vista and above.
    Logs_found_on_EP.jpg

    For windows XP at C:\Documents and Settings\All Users\Application Data\Cyvera\Everyone\Temp.
    Windows_XP.jpg

 

 

 

Collect Endpoint Support Files with GetLogsUtil

Limitation: when Sprot is enabled on the Endpoint the Logs file created by the GetLogsUtil will not include ClientPolicy.XML that should be included in cases related to Events, Rules, Policy and compatibility related issues.

ClientPolicy.XML can be found at:

Windows Vista and above in C:\ProgramData\Cyvera\LocalSystem .

Windows XP at C:\Documents and Settings\All Users\Application Data\Cyvera\LocalSystem

 

  1. Download the file attached at the end of this article to the Endpoint.

     attached at end.jpg

  2. Extract the file GetLogs_3.3.1.8791.zip.
  3. Next is the result of extracting it from the downloads folder to C:\Users\Win7_86\GetLogs_3.3.1.8791 folder.2016_GetLogs_deployed.jpg
  4. Run CMD as Administrator. 
    CMD_runas_admin.jpg

     

  5. Go to the path you have deployed GetLogsUtilAgent into by "cd Path".
    Example : cd C:\Users\Win7_86\GetLogs_3.3.1.8791

     

  6. Then run next command in CMD : "GetLogsUtilAgent.exe ."
    The result will be a Zipped Logs file where GetLogsUtilAgent is deployed
    Logs_were_created.jpg
    The customer can choose the destination of the logs with the next command: "GetLogsUtilAgent.exe destination".

     

  7. Please upload the Logs Zipped file that was created to the Case.

     

    Example of what the Logs Zipped file includes:
    Logs Zipped Files.jpg

     

    When the GetLogsUtil is deployed on a network folder it can be used from the different Endpoints that have access.


Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClPSCA0&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Choose Language