Troubleshooting & Execution

Disabling Automated Updates

By default, LogScale tries to provide the latest the LogScale collector installers, if you have connection issues or the server is not connected to the internet, you may need to disable automatic updates.

LOG_COLLECTOR_UPDATE_SERVER=disabled

Set the server setting to disabled In this case, updates are disabled. This is useful in air-gapped environments.
Not set. In this case, LogScale uses our update server via a URL defined in the code.

Enabling HTTP

We strongly encourage all users to use https:// and the LogScale Collector enforces using https:// for URLs, however it is possible to send to http:// addresses by supplying the command line flag.

bash

--allow-insecure-http

Note

This is only for testing purposes and not supported in production.

Configuring Checkpoints

By default, the configuration file points to the directory var/lib/logscale-collector as the storage for checkpoints. To change this setting you can:

Stop the LogScale Collector service
shell
```
--logscale-collector.service
```
Delete the database.db file to reset the state of the installation.
Restart the LogScale Collector service.

Troubleshooting

You can troubleshoot the Falcon LogScale Collector using Using Console Stderr or the Debug Log.

Using Console Stderr

The LogScale Collector sends information to stderr if run from the CLI, the information is sent using JSON format and the detail level is controlled by the log-level. The log-level can be specified using two different approaches (highest priority first):

Using a command line argument:
shell
```
--log-level debug
```
Configuring a log-level in the configuration file (yaml):logLevel: debug

The following log-levels are supported:

trace (highest verbosity)
debug
info
warn
error (default)
fatal

The --log-pretty command line argument enables pretty-printing of console output for all logs, it has no effect on logs sent to LogScale, they use JSON format.

Debug Log

The Falcon LogScale Collector debug log can be sent to a LogScale instance by setting the HUMIO_DEBUG_LOG_ADDRESS and HUMIO_DEBUG_LOG_TOKEN environment variables, note that on Linux the environment variables can be configured in /etc/default/logscale-collector, while on Windows the environment variables have to be configured in system properties, for macOS see Setting environment variables on macOS.

ini

HUMIO_DEBUG_LOG_ADDRESS=https://<your-humio-instance>
HUMIO_DEBUG_LOG_TOKEN=<your-ingest-token>

To stop sending the debug log the environment variables need to be undefined.

Debug Environment Variables

Name	Description	Default
`HUMIO_DEBUG_LOG_LEVEL`	You can use this environment variable to set the level of the logs sent to debug log.	Trace
`HUMIO_DEBUG_LOG_ADDRESS`	Required, the address of your LogScale instance.
`HUMIO_DEBUG_LOG_TOKEN`	Required, specify the ingest token for your repository.
`HUMIO_DEBUG_LOG_INSECURE`	If true, disables HTTPS certificate verification when sending debug logs.	False
`HUMIO_DEBUG_LOG_CACERT`	Specify a PEM encoded CA certificate to trust when sending debug logs.
`HUMIO_DEBUG_LOG_CAFILE`	Specify a file containing a PEM encoded CA certificate to trust when sending debug logs.
`HUMIO_DEBUG_LOG_ALLOW_HTTP`	If true, allows sending debug logs to addresses beginning with http://	False
`HUMIO_DEBUG_LOG_PROXY`	Specify a proxy to use when sending debug logs. Defaults to auto, which is the system proxy if available. Specify system to use the system proxy or fail, Specify an address such as http://10.1.1.1:3128 to use a specific proxy.	Auto

Setting environment variables on macOS

To set the environment variable on Mac when running the LogScale Collector as a service, you need to: modify the LaunchDaemon description file, located in /Library/LaunchDaemons/com.crowdstrike.logscale-collector.plist. Add the EnvironmentVariables dict with the three variables above the Label key.

xml

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>EnvironmentVariables</key>
    <dict>
        <key>HUMIO_DEBUG_LOG_ADDRESS</key>
        <string>https://your-humio-instance</string>
        <key>HUMIO_DEBUG_LOG_TOKEN</key>
        <string>ingest-token</string>
        <key>HUMIO_DEBUG_LOG_LEVEL</key>
        <string>trace</string>
   </dict>
    <key>Label</key>
...