Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Create and access a list of your products
  • Manage your Dell EMC sites, products, and product-level contacts using Company Administration.
Sign In Create an Account Premier Sign In Partner Program Sign In
Contact Us

Article Number: 000195101

How to Collect Logs for Secureworks Taegis XDR Agent

Summary: Logs may be collected for the Secureworks Taegis XDR agent by following these instructions.

This article may have been automatically translated. If you have any feedback regarding its quality, please let us know using the form at the bottom of this page.

Article Content

Instructions

This article discusses the methods for collecting the Secureworks Taegis XDR agent logs.

Affected Products:

  • Secureworks Taegis XDR

Affected Operating Systems:

  • Windows
  • Linux

Click Windows or Linux for the log collection process.

Windows

A user can troubleshoot the Secureworks Taegis XDR agent by manually collecting logs for:

  • Install logs: Used to troubleshoot installation issues.
  • Agent logs: Used to troubleshoot activation, communication, and behavior issues.

Click the appropriate logging type for more information.

To collect install logs:

  1. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type %temp% and then click OK.

Run UI

Note: %temp% is the Windows variable for C:\Users\[USERNAME]\AppData\Local\Temp.
  1. Capture the MSI logs named MSIXXXXX.LOG.

Example log files to be captured

Note: The XXXXX is randomly generated letters and numbers.

To collect agent logs:

  1. Create a temporary log folder that is titled Logs.
  2. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type C:\Program Files (x86)\Dell SecureWorks\Red Cloak and then click OK.

Run UI

  1. Sort by type to display all .log files.

Example log files

  1. Copy all .log and .dmp files to the Logs folder (Step 1).
  2. Right-click the Windows start menu and then click Run.

Run

  1. In the Run UI, type C:\Program Files (x86)\Dell SecureWorks\Ignition\ and then click OK.

Dell SecureWorks Ignition directory

  1. Copy all .log files to the Logs folder (Step 1).
  2. Right-click the Logs folder from Step 1, select Send to, and then click Compressed (zipped) folder.

Adding logs to a zipped folder

Linux

A user can troubleshoot the Secureworks Taegis XDR agent by manually collecting logs for:

  • Install logs: Used to troubleshoot installation issues.
  • Agent logs: Used to troubleshoot activation, communication, and behavior issues.

Click the appropriate logging type for more information.

When installation is run on a Linux endpoint, any errors are displayed as text on the screen. There are no log files to be collected.

Example error displayed during installation

To collect agent logs:

To successfully offload logs, the Secureworks Taegis XDR agent requires:

  • A third-party FTP (file transfer protocol) client
    • Examples of an FTP client include (but are not limited to):
      • Filezilla
      • WinSCP
      • CuteFTP
  • A storage device (outside of the Linux server)
  1. In the FTP client, log in with an FTP user to the Linux server.

Logging in with an FTP client

  1. Go to /opt/secureworks/redcloak/log and then save all files from that folder locally.

Example log files to be saved

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Article Properties

Affected Product

Secureworks

Last Published Date

10 Feb 2023

Version

5

Article Type

How To

Back to Top