Logcollect utility

Logcollect is the log collection utility for the Xshield agents installed on the managed assets and the CT Connectors. You can run this utility locally or remotely from the Xshield UI. Run this utility to fetch various native logs and logs generated for Xshield agents. When you run this utility, the packaged logs are fetched from the following location on the assets and Connectors.

	File location
Linux asset	/var/opt/colortokens/lgm
macOS asset	/Library/Logs/ColorTokens/lgm/
Windows asset	C:\windows\System32\logfiles\ColorTokens\LGM
CT Connector	/var/opt/colortokens/lgm

Collect logs locally

Windows asset

Open the CMD console (as an administrator) and run the C:\Program Files\ColorTokens\LGM>”logcollect.exe collect” command.

Linux asset

Run the /opt/colortokens/lgm/sbin#./logcollect collect command.

Collect logs remotely

Running the Logcollect utility from the UI downloads the logs to the instance. When you download the logs to a local computer, they are downloaded in ZIP or TAR format.

Go to Assets page or Xaccess > Connectors page.
Click an asset or CT Connector and click Request logs in the fly panel.
Click Click to Download logs to download them locally.

Logs collected from managed assets

The Logcollect utility collects the following files depending on the OS of the asset.

The details about the operating system and memory on the asset, from the systeminfo.txt file.
The details of the CPU (name, load percentage), number of cores, and the number of logical processors, from the cpu.txt file.
The outputs from the following commands (stored in the network.txt file) on a Windows asset – ipconfig /all, route print, netstat -an, interface statistics, ps, netsh advfirewall Firewall show rule name=all, and tasklist /v (user information included).
The outputs from the following commands (stored in the network.txt file) on a Linux asset – ifconfig -a, route -n, netstat -an, interface statistics, top, uptime, iptables, and ps aufx (user information included).
The information about the print active peer table, print node db, print relay db, print Media Access Control Table (MAC) table, and print NDP table for ct-lgm instances on the asset, stored in the devconsole.txt file.
The core dump files located at /var/lib/systemd/coredump on a Linux asset and C:\\Windows\\Minidump OR C:\\Windows\\MEMORY.DMP on a Windows asset.
The third-party drivers installed on a Windows asset, as listed in the driverinstalled.txt file.
The native system logs and event logs.

Logs collected from CT Connectors

The Logcollect utility collects the following files for CT Connectors.

The details about the operating system and memory on the Connector, from the systeminfo.txt file.
The details of the CPU (name, load percentage), number of cores, and the number of logical processors, from the cpu.txt file.
The outputs from the following commands (stored in the network.txt file) on a Windows asset – ipconfig /all, route print, netstat -an, interface statistics, ps, netsh advfirewall Firewall show rule name=all, and tasklist /v (user information included).
The outputs from the following commands (stored in the network.txt file) on a Linux asset – ifconfig -a, route -n, netstat -an, interface statistics, top, uptime, iptables, and ps aufx (user information included).
The information about the print active peer table, print node db, print relay db, print Media Access Control Table (MAC) table, and print NDP table for ct-lgm instances on the Connector, stored in the devconsole.txt file.
The core dump files located at /var/lib/systemd/coredump.
The native system logs and event logs.

Contents of the /etc, /var, and /opt directories on the Connector
Log files such as bgpInfo.txt, logcollect.log, syslog.txt, and vpnconnection.txt

Set log preferences

You can add some additional files to the assets and CT Connectors to set some logging preferences on them. This can help you with troubleshooting issues.