Log examination Skip Navigation

Log examination

In case of issues, such as when the post install test does not result in observable output, then you will need to examine splunkd.log and cylance.log files in the $SPLUNK_HOME/var/ logs/ splunk directory.
To generate more detailed log data, edit the log level in the config.py file (about line 54) in the bin directory (requires command-line access). For example, change:
self.log_level = ‘WARNING’
self.log_level = ‘DEBUG’
Available Log Levels
  • INFO
The default is WARNING. DEBUG will report on most events (generates many log messages) and CRITICAL (same as the level FATAL) will report only the most severe of events (generates few log messages).
To control various aspects of log file generation, you can configure parameters in the config.py:
  • Filename – Default is cylance.log
  • Level – Described above
  • Size – Default is 1000000 (i.e. one million bytes or one megabyte). When the file size exceeds this number, a new log file is created (i.e. logging rotates to a new log file).
  • Rotations – How many log files will be created before the oldest is overwritten.