Skip to content
  • There are no suggestions because the search field is empty.

Autonomo 4 Troubleshooting - Where are the logs? How do I read the logs? (internal)

Event View has a Troverlo Autonmo log, and 10 views to help with troubleshooting

Context

  1. There is a LOT of data pushed into logs.
  2. Logs are not meant for customers to self-diagnose. They are intended to help Troverlo employees to troubleshoot customer problems.
  3. Types of logs
    1. Windows Event Viewer in Windows 10/11 allows applications to log to a central location and provides a robust interface to see, search, filter, export and config how large files should be (or they should roll them over (called archive) or overwrite old data when they reach their limit).
      1. We have now moved all our client logs here to improve the experience for troubleshooting and to make it less obvious for customers to poke their nose into the data.
      2. This is what will be discussed in this document
    2. Azure has server-side logs to diagnose issues
      1. At some point, I will document some examples of that too.
      2. There is config in Azure to turn things on/off to get more details information.
    3. Installers have logs
      1. By default we have them defined in syntax to run for Quiet and Intune
      2. When running UI, a /l <filename> can be added after the name of the installer. Example:

        1. TroverloAutonomoV4.4.9.msi /l autonomo-install4.4.9.log

          NOTE - this does NOT show any logging for custom actions we take

  4. Review the section titled Autonomo operational background info at Autonomo 4 - Operational insights (Internal). Look specifically at "Gathering Logs."

Failing to access the Troverlo server

This can happen w the installer or the service. First things to check

  1. Is there a Wi-Fi adapter?
    1. Is it enabled?
    2. Is it radio on?
    3. This is used to scan for Wi-Fi data (ie Assets and APs)

  2. Is there a Wi-Fi Direct Adapter?

    1. Is it enabled?

    2. This is used by Autonomo to beacon.

    3. We do NOT do peer-to-peer connections.

    4. Validation steps

      1.Select the Windows key

      2.Type “Device”

      3.Select “Open”

      4.Select “View”

      5.Select “Show hidden devices”

      6.Click on Network – you should see 2 or 3 “Microsoft Wi-Fi direct Virtual Adaptor #<>”

  3. Is the port we are using to access our platform in the cloud accessable?

    1. Protocol: https, Domain: api.find.troverlo.com, Port: 443

    2. Autonomo uses this port to access Troverlo's APIs to authenticate (using customer's credentials), to register (create, update and archive) the Asset and to post Observations to the Troverlo platform.

    3. Validation steps

      1. Typing “ping api.find.troverlo.com” on a cmd window

Event Viewer

How do I launch event viewer?

  1. Click on Windows key + X, then select Event Viewer
    2. This will launch event viewer
    3. image-png-Jun-24-2024-10-08-54-5566-PM

Where is the Troverlo Autonomo Log in Event View?

  1. It is under the folder called "Applications and Service Logs"

Where is the Troverlo Autonomo Log on my hard drive and what it the name/extention?

  1. C:\Windows\System32\winevt\Logs\Troverlo Autonomo.evtx

What is a data source in Event View?

  1. It is the name of the application or service that is logging

What data sources are available in the Troverlo Autonomo log in Event View?

  1. There are 2 for the Autonomo Service and 2 for the Wifi Mgr and for 16 the Health Manager (so 20 total)

Are all the data sources on by default?

  1. No, the Debug sources have to be turned on via config.json file parameter.
    1. See Autonomo 4 - How to turn on debug log sources
  2. This data is for Development when doing support, its data requires knowledge of the source code.
  3. The goal is that default logging should allow most issues to be debugged.

What is a View?

  1. It is a user-configured filter of a log that is anticipated to be used frequently, so it is saved into a "View."

Where are the Autonomo views?

  1. There are 10, they are found under the "Customer Views" -> "Troverlo Autonomo Views" folders:
  2. The views segment the data based on the service and the 2 application sources

Why would I use the log vs the views?

  1. Troverlo Autonomo log has all the Autonomo data in timestamp order.
    1. The troubleshooter can see the sequence of events within the Autonomo system and interacting with the server-side platform via MQTT.
      1. For more insights - see the section titled Autonomo operational background info at Autonomo 4 - Operational insights (Internal)
    1. The debug data sources for the service and the 5 applications are not found in the Troverlo Views, so have to come here to see that data.

    2. There are tools in Event View to help the user find what is desired within the log.

  2. The Troverlo Views allow the troubleshooter to focus on one module at a time.

Can I create my own view?

  1. Yes, go to the "Action" panel on the right side and click on "Create Custom View"
  2. Then define what you want in a view and the name 

When do I need to refresh the logs?

  1. Select "refresh" in the "Action" panel on the right.
  2. Generally only if you have been doing analysis for a while and want to see if new events have arrived or if the Event Viewer was left open.
  3. When you enter a log or a view, it refreshes by default

What is a filter?

  1. Select "filter" in the "Action" panel on the right.
  2. It is a way to help the user find what is desired within the log.
  3. The user can filter based on time, date, type of event, event source, event ID., task category

What event levels do we support?

  1. Error, Warning and Information

Where can I find the list of event IDs and task category by Source?

  1. logEntries.yaml
    1. Over time this will be built out to have "recommended actions."
    2. This data comes from the code, so it is auto-generated to keep it accurate.
    3. This file in the directory Autonomo is installed into (by default ~\program files\troverlo\autonomom)
  2. These are for internal consumption only, they describe each log entry by each log source.

What does "find" do?

  1. Select "find" in the "Action" panel on the right.
  2. Allows the user to find text within an event.
  3. But it is really slow if you get a evtx file from a customer
    1. Better suggestion -> if looking for a specific word, go to the logEntries.yaml file and search for it. Then search by Event ID on the Windows Event Logging app.

Can I export to other formats?

  1. Select the "Save Select Events" in the "Action" panel on the right.
  2. Yes, the user can filter, then save to a evtx (default), text, csv or xml file format
    1.  

How do I open a saved file from a customer's Asset?

  1. Just double-click on the file with File Explorer - it has to be a evtx formatted file.
  2. It will open in Saved Logs folder on bottom

How big is the file?

  1. Default is 1g, but it rolls over the oldest values
  2. The user can change size of the file
  3. The user can change if it overwirtes, etc

How big is the file after I compress it?

  1. It compresses about 90% or more