Troubleshooting the Orchestrator
The On-Premise Orchestrator facilitates the parsing of messages from the SIEM/Monitoring tool to the SafeTitan cloud infrastructure to be processed. This process happens in the background without user input, so it is useful to verify that processing has taken place and that no failure has occurred.
To ensure that Orchestrator has received requests and has parsed and processed them successfully, you can check a a log that Orchestrator generates. The log tracks all requests made as well as debug information on the processing. The log file is generated and placed in the same folder as the Orchestrator installation and is in the format log-{date}.txt. An example of a log sequence is shown below:
2020-09-09 19:07:32.853 +01:00 [Information] Processing message with type dtex and trigger alert
2020-09-09 19:07:33.121 +01:00 [Information] OrchestratorConfigurationService:GetSettings: Making request to CRA API for settings
2020-09-09 19:07:36.963 +01:00 [Information] OrchestratorConfigurationService:GetSettings: API request returned success.
2020-09-09 19:07:37.370 +01:00 [Information] Username found: CraOrchestrator.Services.DTO.UserDetail
2020-09-09 19:07:37.440 +01:00 [Information] OrchestratorConfigurationService:GetSettings: Making request to CRA API for settings
2020-09-09 19:07:38.087 +01:00 [Information] OrchestratorConfigurationService:GetSettings: API request returned success.