Prisma Cloud Compute: How to collect debug data
8955
Created On 11/18/19 17:56 PM - Last Modified 03/04/22 21:43 PM
Objective
Start here to troubleshoot component-specific issues. The articles in this section show how to resolve commonly encountered issues.
Environment
- SaaS
- Self-Hosted 19.11 or later
Procedure
Collect debug data
Debug data helps us identify the root cause of a problem, and provide a timely resolution. If you contact Twistlock Support with an issue, you’ll be asked to collect debug data from your Twistlock setup and send it to us. The twistcli utility collects and creates an archive of debug data, including log files, and then uploads it to our file server, where our support team can access it.
If the source of the issue is not clear, or if the issue occurs on multiple machines, then capture debug data from the host running Console and at least one host running Defender.
If you’re seeing an error in the Console’s web interface, send the web console output. The steps vary by browser. In Chrome, open Developer Tools, click the Console tab, and copy any errors listed there.
Finally, we don’t collect sensitive personal information in the debug logs. Nonetheless, some organizations have stringent policies about how data should be handled. Twistlock support dumps are human-readable, so you can unpack, inspect, and sanitize them to your standards before sending them to us.
Collecting Console’s debug logs
The simplest way to collect Console’s debug logs is from the UI itself. Go to Manage > View Logs > Console and click Download debug logs. To upload the logs directly to Twistlock support, click Upload debug logs to Twistlock support.
Collecting Defender’s debug logs
To collect Defender’s debug logs, go to Manage > Defenders > Manage. Find the Defender of interest in the table of deployed Defenders, click Actions > Logs, then click Download this log. To upload the logs directly to Twistlock support, click Upload log to Twistlock support.
Collecting debug logs with twistcli
The twistcli tool cannot collect Console debug logs when it runs in a cluster and uses a persistent volume for storage. When Console runs in a cluster, collect debug logs directly from the Console UI instead.
Procedure
- Copy twistcli to the host where the problem is occurring.
- Run twistcli to collect the debug data from your Twistlock setup.
$ sudo ./twistcli support dump
Dumping debug data
Saving logs for container /twistlock_defender_2_2_73
.
.
Saving system information
Copying data folder
Done. Created twistlock_dump_1505548448.tar.gz
Dumping debug data
Saving logs for container /twistlock_defender_2_2_73
.
.
Saving system information
Copying data folder
Done. Created twistlock_dump_1505548448.tar.gz
Sending debug data to Twistlock
The twistcli tool lets you send debug logs and other files to Twistlock. A common workflow is to collect debug logs, sanitize them, then share them with Twistlock.
Files are sent over HTTPS to a write-only directory on Twistlock’s file server. When the upload is completed, the Twistlock Support team is notified.
Procedure
- Send a file to Twistlock Support with twistcli.
$ twistcli support upload --file <FILE>
- Enter your access token.
- Your file is uploaded.
Uploading file to Twistlock support
123.68 KiB / 11.26 MiB [>-----------------------------] 1.07% 648.45 KiB/s 0s
123.68 KiB / 11.26 MiB [>-----------------------------] 1.07% 648.45 KiB/s 0s
Results
When the upload is complete, a confirmation message is printed:
File has been uploaded as customer/twistlock_dump_1505548448_1505549527.tar.gz
Sending debug data to Twistlock as an attachment
You can also send debug files to Twistlock by attaching them to your support case. Desk has a limit of 20 MB for uploaded files, so if you need to send more than 20MB of data, use twistcli instead.
Procedure
- Navigate to http://support.twistlock.com/.
- Click Open case.
- Attach your debug data archive.