Links

How to gather Binalyze AIR logs for Troubleshooting

Binalyze AIR Console and Binalyze AIR Agent generate the activities log, errors log, and warnings log. These logs can be used to discover and solve problems by the users and the Binalyze AIR Support Team. The log files are stored in separate files on the Console and endpoint machines.
Investigators and analysts can download these log files either by using the Binalyze AIR Console user interface or by connecting the console/endpoint machines directly (find more details below).

1. Collecting Binalyze AIR Console Log Files

Binalyze AIR Console log files

Binalyze AIR Console categorizes and stores the log files under three separate files as listed below:
  • Binalyze.AIR.Console.log
  • Binalyze.AIR.Console.UI.log
  • Binalyze.AIR.Console.API.log
The log files that are generated by the Binalyze AIR Console are stored under the directory that is given below.
/opt/binalyze-air/volumes/app/binalyze-air/logs/

Downloading Binalyze AIR Console Logs and log files

Investigators and analysts can download Binalyze AIR Console log files either by using Binalyze AIR Console user interface or by connecting the console machines directly.

By using the command line interface

  1. 1.
    Log in directly or connect remotely to Binalyze AIR Console machine with SSH
  2. 2.
    Browse to the folder /opt/binalyze-air/volumes/app/binalyze-air/logs/
  3. 3.
    Download the files by using SCP or view the contents of the files with tail, cat, or other CLI tools.

By using the user interface

  1. 1.
    Click on the gear icon at the top right corner of the screen
  2. 2.
    Click on Settings
  3. 3.
    Click on General
  4. 4.
    Click on the Download Log Files button (on the right side of the Logging section).
All three log files will be compressed as a single zip file and downloaded.
Binalyze AIR Console Logs are rotated regularly, and only the last log files will be downloaded by using the Download Log Files action.
The log level of the Binalyze AIR Console can be changed according to the need. For example, if there is an issue in the Binalyze AIR Console, the log level can be changed to Debug or to HTTP to explore the issue better. The log levels can be configured from the same page that the log files are downloaded.
The log levels are explained below:
Debug: Debugging logs are used for troubleshooting and debugging purposes. When it is activated, it generates a very detailed and great amount of log records. This may affect the system's performance and may use too much disk space. Therefore, this level should be used carefully and only until the problem is resolved. Then it should be pulled back to the info level. Debug level covers both HTTP and info levels.
HTTP: HTTP logs are used for troubleshooting purposes. When it is activated, it generates HTTP requests in addition to standard logging. HTTP level covers info level.
Info: Default required log level.

2. Collecting Binalyze AIR Agent Log Files

Binalyze AIR Agent Log Files

Binalyze AIR Agent categorizes and stores the log files under seven separate files as listed below. All associated log records are stored in the related log file.
  • TACTICAL.Log.txt
  • TACTICAL.Process.Log.txt
  • TACTICAL.Error.txt
  • AIR.Log.txt
  • AIR.Process.Log.txt
  • DRONE.log
  • DRONE.Process.log
The log files that are generated by Binalyze AIR Agents are stored under the directory that is given below.
Windows
C:\Program Files (x86)\Binalyze\AIR\agent
Linux
/opt/binalyze/air/agent
macOS
/opt/binalyze/air/agent

By using the command line interface

  1. 1.
    Log in directly or connect remotely to the endpoint that Binalyze AIR Agent installed by the appropriate remote device management tool
  2. 2.
    Browse to the directory which is mentioned above according to the associated operating system
  3. 3.
    Download the files or view the contents of the files with relevant tools.

By using the user interface

  1. 1.
    Open the main menu (shown on the left side of the page)
  2. 2.
    Click on Endpoint on that menu
  3. 3.
    Find the endpoint of interest
  4. 4.
    Click on the Logs at the right end of the raw
  5. 5.
    Click Log Retrieval button.
This action creates a Task for collecting logs. After this log retrieval task is finished, the Task status will be changed to Completed, and it can be downloaded by clicking the icon on the right side of the Completed. All seven log files will be compressed as a single zip file and can be downloaded.
The logs can be deleted by clicking the three-button menu on the right side of the Task raw. The Log Retrieval tasks can also be accessed in the Tasks section.