Palo Alto Networks Knowledgebase: How to Collect Traps Agent Logs from the ESM Console
How to Collect Traps Agent Logs from the ESM Console
Created On 09/25/18 19:03 PM - Last Updated 02/07/19 23:50 PM
Traps Version 220.127.116.1169
When opening a Traps support case, please provide the relevant Traps logs for the support engineer. This article shows how to collect Traps agent logs from the Endpoint Security Manager (ESM) console.
Step 1. Log in to the ESM console.
Step 2. Go to Settings > Agent > Actions.
Step 3. Choose Add > Tasks * > Agent Data > Retrieve collected Logs from the agent.
Step 4. Choose the Objects tab and select in it the relevant computers to collect their logs. Click Apply.
Please make sure to select specific computers. Do not leave the Objects tab empty as it will apply to all endpoints, which is not recommended.
Step 5. Check that a new Action Rule was created.
Step 6. Only after the relevant agent has successfully checked in and theupload state has changed to 'Finished,' can you download the logs with next flow: Monitor > Data Retrieval > Checking Upload State is Finished > Download.
When the customer has access to the Endpoint and does not want to wait for a heartbeat period to elapse, the user can initiate a heartbeat by clicking 'Check-in now' in the Agent Console.
The Traps Agent logs will include logs as shown in this example: