Troubleshooting & Execution

The following sections describe methods of troubleshooting your LogScale Collector instances and some more advanced configuration settings.


LogScale Collector service name variations:

Disable Automated Updates

By default, LogScale tries to provide the latest the LogScale collector installers, if you have connection issues or the server is not connected to the internet, you may need to disable automatic updates.

  • Set the server setting to disabled In this case, updates are disabled. This is useful in air-gapped environments.

  • Not set. In this case, LogScale uses our update server via a URL defined in the code.

Enable HTTP

We strongly encourage all users to use https:// and the LogScale Collector enforces using https:// for URLs, however it is possible to send to http:// addresses by supplying the command line flag.



This is only for testing purposes and not supported in production.

Configuring Checkpoints

By default, the configuration file points to the directory var/lib/logscale-collector as the storage for checkpoints. To change this setting you can:

  1. Stop the LogScale Collector service which is called:

  2. Delete the database.db file to reset the state of the installation.

  3. Restart the LogScale Collector service.


You can troubleshoot the Falcon LogScale Collector using Using Console Stderr or the Debug Log.

Using Console Stderr

The LogScale Collector sends information to stderr if run from the CLI, the information is sent using JSON format and the detail level is controlled by the log-level. The log-level can be specified using two different approaches (highest priority first):

  • Using a command line argument:

    --log-level debug

  • Configuring a log-level in the configuration file (yaml):logLevel: debug

The following log-levels are supported:

  • trace (highest verbosity)

  • debug

  • info

  • warn

  • error (default)

  • fatal

The --log-pretty command line argument enables pretty-printing of console output for all logs, it has no effect on logs sent to LogScale, they use JSON format.

Debug Log

The Falcon LogScale Collector debug log can be sent to a LogScale instance by setting the HUMIO_DEBUG_LOG_ADDRESS and HUMIO_DEBUG_LOG_TOKEN environment variables, note that on Linux the environment variables can be configured in /etc/default/logscale-collector, while on Windows the environment variables have to be configured in system properties, for macOS see Setting environment variables on macOS.


To stop sending the debug log the environment variables need to be undefined.

Debug Environment Variables

Name Description Default
HUMIO_DEBUG_LOG_LEVEL You can use this environment variable to set the level of the logs sent to debug log. Trace
HUMIO_DEBUG_LOG_ADDRESS Required, the address of your LogScale instance.  
HUMIO_DEBUG_LOG_TOKEN Required, specify the ingest token for your repository.  
HUMIO_DEBUG_LOG_INSECURE If true, disables HTTPS certificate verification when sending debug logs. False
HUMIO_DEBUG_LOG_CACERT Specify a PEM encoded CA certificate to trust when sending debug logs.  
HUMIO_DEBUG_LOG_CAFILE Specify a file containing a PEM encoded CA certificate to trust when sending debug logs.  
HUMIO_DEBUG_LOG_ALLOW_HTTP If true, allows sending debug logs to addresses beginning with http:// False
HUMIO_DEBUG_LOG_PROXY Specify a proxy to use when sending debug logs. Defaults to auto, which is the system proxy if available. Specify system to use the system proxy or fail, Specify an address such as to use a specific proxy. Auto

Setting environment variables on macOS

To set the environment variable on Mac when running the LogScale Collector as a service, you need to: modify the LaunchDaemon description file, located in /Library/LaunchDaemons/com.crowdstrike.logscale-collector.plist. Add the EnvironmentVariables dict with the three variables above the Label key.

<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "">
<plist version="1.0">