1. Overview

Start here to troubleshoot component-specific issues. The articles in this section show how to resolve commonly encountered issues.

2. Collect debug data

Debug data helps us identify the root cause of a problem, and provide a timely resolution. If you contact Twistlock Support with an issue, you’ll be asked to collect debug data from your Twistlock setup and send it to us. The twistcli utility collects and creates an archive of debug data, including log files, and then uploads it to our file server, where our support team can access it.

If the source of the issue is not clear, or if the issue occurs on multiple machines, then capture debug data from the host running Console and at least one host running Defender.

If you’re seeing an error in the Console’s web interface, send the web console output. The steps vary by browser. In Chrome, open Developer Tools, click the Console tab, and copy any errors listed there.

Finally, we don’t collect sensitive personal information in the debug logs. Nonetheless, some organizations have stringent policies about how data should be handled. Twistlock support dumps are human-readable, so you can unpack, inspect, and sanitize them to your standards before sending them to us.

3. Collecting Console’s debug logs

The simplest way to collect Console’s debug logs is from the UI itself. Go to Manage > View Logs > Console and click Download debug logs. To upload the logs directly to Twistlock support, click Upload debug logs to Twistlock support.

4. Collecting Defender’s debug logs

To collect Defender’s debug logs, go to Manage > Defenders > Manage. Find the Defender of interest in the table of deployed Defenders, click Actions > Logs, then click Download this log. To upload the logs directly to Twistlock support, click Upload log to Twistlock support.

5. Collecting debug logs with twistcli

The twistcli tool cannot collect Console debug logs when it runs in a cluster and uses a persistent volume for storage. When Console runs in a cluster, collect debug logs directly from the Console UI instead.

Procedure

  1. Copy twistcli to the host where the problem is occurring.

  2. Run twistcli to collect the debug data from your Twistlock setup.

    $ sudo ./twistcli support dump
    Dumping debug data
    Saving logs for container /twistlock_defender_2_2_73
    .
    .
    Saving system information
    Copying data folder
    Done. Created twistlock_dump_1505548448.tar.gz

If your organization prohibits sharing detailed debug data, capture a more minimal set of data by running:

$ sudo grep -i "error" /var/lib/twistlock/log/defender.log > defender.log
$ sudo grep -i "error" /var/lib/twistlock/log/console.log > console.log

Then manually sanitize the output prior by removing IP addresses, hostnames, and any other sensitive data.

6. Sending debug data to Twistlock

The twistcli tool lets you send debug logs and other files to Twistlock. A common workflow is to collect debug logs, sanitize them, then share them with Twistlock.

Files are sent over HTTPS to a write-only directory on Twistlock’s file server. When the upload is completed, the Twistlock Support team is notified.

Procedure

  1. Send a file to Twistlock Support with twistcli.

    $ twistcli support upload --file <FILE>
  2. Enter your access token.

  3. Your file is uploaded.

    Uploading file to Twistlock support
    123.68 KiB / 11.26 MiB [>-----------------------------]   1.07% 648.45 KiB/s 0s

Results

When the upload is complete, a confirmation message is printed:

File has been uploaded as customer/twistlock_dump_1505548448_1505549527.tar.gz

7. Sending debug data to Twistlock as an attachment

You can also send debug files to Twistlock by attaching them to your support case. Desk has a limit of 20 MB for uploaded files, so if you need to send more than 20MB of data, use twistcli instead.

Procedure

  1. Navigate to http://support.twistlock.com/.

  2. Click Open case.

  3. Attach your debug data archive.