Palo Alto Networks Knowledgebase: How to Collect Traps Agent Logs from the ESM Console

How to Collect Traps Agent Logs from the ESM Console

4613
Created On 02/07/19 23:49 PM - Last Updated 02/07/19 23:50 PM
Resolution

Traps Version 3.3.0.6169

 

When opening a Traps support case, please provide the relevant Traps logs for the support engineer. This article shows how to collect Traps agent logs from the Endpoint Security Manager (ESM) console.

 

Step 1. Log in to the ESM console.

Log_in.jpg

 

 

Step 2. Go to Settings > Agent > Actions.

Settings_Agent_Actions.jpg

 

Step 3. Choose Add > Tasks * > Agent Data  > Retrieve collected Logs  from the agent.

Add_Tasks_Agent_data_Retrive_collected_logs.jpg

 

 

Step 4. Choose the Objects tab and select in it the relevant computers to collect their logs. Click Apply.

Please make sure to select specific computers. Do not leave the Objects tab empty as it will apply to all endpoints, which is not recommended.

Objects_Apply.jpg

 

 

Step 5.  Check that a new Action Rule was created.

Action_rule.jpg

 

 

 

Step 6. Only after the relevant agent has successfully checked in and the upload state has changed to 'Finished,' can you download the logs with next flow: Monitor > Data Retrieval > Checking Upload State is Finished > Download.

 

Download.jpg

 

 

When the customer has access to the Endpoint and does not want to wait for a heartbeat period to elapse, the user can initiate a heartbeat by clicking 'Check-in now' in the Agent Console.

 

Check_in_now.jpg

 

The Traps Agent logs will include logs as shown in this example: 

Logs_example.jpg

 

 

 

 

 

 



Attachments
Actions
  • Print
  • Copy Link

    https://knowledgebase.paloaltonetworks.com/KCSArticleDetail?id=kA10g000000ClTsCAK&refURL=http%3A%2F%2Fknowledgebase.paloaltonetworks.com%2FKCSArticleDetail

Attachments
Choose Language