SOAR Platform log file configuration
The SOAR Platform logs various client and server activities in log files.
/usr/share/co3/logs/Log files in this directory include:
- catalina.out. Tomcat Catalina output file.
- client.log. Main SOAR Platform log file.
- client_access_log.log. Tomcat-based log that tracks all HTTP requests that are made to the SOAR Platform server.
- monitoring.log. SOAR Platform log file that contains timing-related information.
PostgreSQL logs database access in log files that are located in the following directory.
/var/lib/pgsql/12/data/logMost logs roll daily and the rolled file is named with the date that it was rolled. The daily folder contains the rolled client.log and monitoring.log files.
By default, the SOAR client log files (client.log and monitoring.log) use a timestamp that includes only the current time of day. It is because the logs roll over daily and the date of the log is included in the file name. However, you can change the date format to keep it consistent across all of your logs by creating a file named logback-custom-pre.xml in the /crypt folder of the SOAR system. Then, add the following property.
<included>
<property name="customTimeStamp" value=MyFormat/>
</included>MyFormat is a valid logback time and date stamp format. For example,
%d{yyyy-MM-dd HH:mm:ss.SSS} generates log messages with the following date
format.
2022-01-14 16:34:39.218 [main] INFO ...The file must be readable by the co3 group, so you might need to change the group that is associated with the file by using the following command.
sudo chgrp co3 /crypt/logback-custom-pre.xmlTo implement your changes immediately, restart the Resilient® service with the following command.
sudo systemctl restart resilient.service