Where do I find API call log on Resilient (Version: 42.2.41) ? I don't see it in client.log or ciruits logs 

------------------------------
Irek Romaniuk
------------------------------

Are you looking for Resilient/SOAR REST API calls from a particular integration?
If you are running an integration server they should show up in the circuits log.
If you are running App Host: go to the Apps tab in Administrator Settings, go to the App and hit Download Logs button.

In the [resilient] section of the app.config set to debug mode to get more info:
loglevel = DEBUG

Hope that helps!

------------------------------
AnnMarie Norcross
------------------------------

Original Message:
Sent: Tue July 05, 2022 12:07 PM
From: Irek Romaniuk
Subject: Resilient API log ?

Where do I find API call log on Resilient (Version: 42.2.41) ? I don't see it in client.log or ciruits logs 

------------------------------
Irek Romaniuk
------------------------------

Hi Irek,

See https://www.ibm.com/support/pages/node/1846545 which provides the paths to a great many log files that the various applications write to. In your case you want /usr/share/co3/logs/client_access_log<YYYY-MM-DD>.log which is the webserver log. It contains all the API calls to SOAR and for each it writes using a pattern.

The pattern we use is:

pattern="%h %l %u %t &quot;%r&quot; %s %b %D %{count_db_queries}r %{query_execution_time}r [%{res_user_email}s] %I"

Translates to:

"remote host name" %l "Requested URL path" "Date & TIME" "GET /rest/orgs/201 HTTP/1.1" *"HTTP status code"* "Bytes sent" "Time taken to process the request, in millis'"* {count_db_queries} {query_execution_time} [email address] "current Request thread name"

{count_db_queries} = number of database queries
{query_execution_time} = value in total time executing the database queries

The pattern may change in future versions.

------------------------------
BEN WILLIAMS
------------------------------

Original Message:
Sent: Tue July 05, 2022 05:36 PM
From: AnnMarie Norcross
Subject: Resilient API log ?

Are you looking for Resilient/SOAR REST API calls from a particular integration?
If you are running an integration server they should show up in the circuits log.
If you are running App Host: go to the Apps tab in Administrator Settings, go to the App and hit Download Logs button.

In the [resilient] section of the app.config set to debug mode to get more info:
loglevel = DEBUG

Hope that helps!

------------------------------
AnnMarie Norcross

Original Message:
Sent: Tue July 05, 2022 12:07 PM
From: Irek Romaniuk
Subject: Resilient API log ?

Where do I find API call log on Resilient (Version: 42.2.41) ? I don't see it in client.log or ciruits logs 

------------------------------
Irek Romaniuk
------------------------------

I'm getting the following response from the Resilient API in one of my integrations running in app host. I grabbed this from the app's logs:

2023-02-17 04:17:00,679 CRITICAL [funct_gen_close_incident_tasks] 1092746:
Traceback (most recent call last):
File "/opt/app-root/lib64/python3.9/site-packages/resilient/co3.py", line 730, in get_put
res = super(SimpleClient, self).get_put(uri, apply_func, co3_context_token, timeout)
File "/opt/app-root/lib64/python3.9/site-packages/resilient/co3base.py", line 684, in get_put
obj = self._get_put(uri, apply_func, co3_context_token=co3_context_token, timeout=timeout)
File "/opt/app-root/lib64/python3.9/site-packages/resilient/co3base.py", line 664, in _get_put
BasicHTTPException.raise_if_error(response)
File "/opt/app-root/lib64/python3.9/site-packages/resilient/co3base.py", line 84, in raise_if_error
raise BasicHTTPException(response)
resilient.co3base.BasicHTTPException: 'resilient' API Request FAILED:
Response Code: 500
Reason: Unknown Reason. 

<!DOCTYPE html>
<html lang="en"><head>
<meta charset="utf-8">
<title>IBM Security QRadar SOAR</title>
<meta name="description" content="">
<meta name="author" content="">
<link rel="stylesheet" href="/css/external.css">
</head>

<body>
<div class="container ct">
<h1 class="ct logo-text">IBM <strong>Security</strong> QRadar SOAR</h1>
<div class="hero-unit ct">

<p>An error occurred.</p>

<p>
For additional support, please contact your system administrator.
</p>
</div>
</div>
<footer>
<p class="ct">&#169; Copyright IBM Corporation 2023</p>
</footer>
</body></html>

I'm hoping to find a log file on the resilient side that will give me more details about the error that happened, but I have yet to find it. I have tried a majority of the logs mentioned in https://www.ibm.com/support/pages/node/1846545. I've skipped some of them that I don't think would be related - perhaps I'm skipping the one I need.

I was able to find the request in the `/usr/share/co3/logs/client_access_log<YYYY-MM-DD>.log` file, but it doesn't tell me anything other than the path of the request and that the response was a 500:

<IP_ADDR>- - [16/Feb/2023:22:17:00 -0600] "PUT /rest/orgs/201/incidents/53344 HTTP/1.1" 500 680 4957 - - [e9faad2b-5983-494a-84a3-05add1378d20] https-jsse-nio2-443-exec-24

I'm hoping there's a log somewhere that would contain a stack trace or details of what error actually happened. If anyone knows of a log file that would contain that please let me know!

Thanks.

------------------------------
Liam Mahoney
------------------------------

Original Message:
Sent: Wed July 06, 2022 02:31 AM
From: BEN WILLIAMS
Subject: Resilient API log ?

Hi Irek,

See https://www.ibm.com/support/pages/node/1846545 which provides the paths to a great many log files that the various applications write to. In your case you want /usr/share/co3/logs/client_access_log<YYYY-MM-DD>.log which is the webserver log. It contains all the API calls to SOAR and for each it writes using a pattern.

The pattern we use is:

pattern="%h %l %u %t &quot;%r&quot; %s %b %D %{count_db_queries}r %{query_execution_time}r [%{res_user_email}s] %I"

Translates to:

"remote host name" %l "Requested URL path" "Date & TIME" "GET /rest/orgs/201 HTTP/1.1" *"HTTP status code"* "Bytes sent" "Time taken to process the request, in millis'"* {count_db_queries} {query_execution_time} [email address] "current Request thread name"

{count_db_queries} = number of database queries
{query_execution_time} = value in total time executing the database queries

The pattern may change in future versions.

------------------------------
BEN WILLIAMS

Original Message:
Sent: Tue July 05, 2022 05:36 PM
From: AnnMarie Norcross
Subject: Resilient API log ?

Are you looking for Resilient/SOAR REST API calls from a particular integration?
If you are running an integration server they should show up in the circuits log.
If you are running App Host: go to the Apps tab in Administrator Settings, go to the App and hit Download Logs button.

In the [resilient] section of the app.config set to debug mode to get more info:
loglevel = DEBUG

Hope that helps!

------------------------------
AnnMarie Norcross

Original Message:
Sent: Tue July 05, 2022 12:07 PM
From: Irek Romaniuk
Subject: Resilient API log ?

Where do I find API call log on Resilient (Version: 42.2.41) ? I don't see it in client.log or ciruits logs 

------------------------------
Irek Romaniuk
------------------------------