1. Overview

Start here to troubleshoot component-specific issues. The articles in this section show how to resolve commonly encountered issues.

2. Collect debug data

Debug data helps us identify the root cause of a problem, and provide a timely resolution. If you contact Prisma Cloud Support with an issue, you’ll be asked to collect debug data from your Prisma Cloud setup and send it to us. The twistcli utility collects and creates an archive of debug data, including log files, and then uploads it to our file server, where our support team can access it.

If the source of the issue is not clear, or if the issue occurs on multiple machines, then capture debug data from the host running Console and at least one host running Defender.

If you’re seeing an error in the Console’s web interface, send the web console output. The steps vary by browser. In Chrome, open Developer Tools, click the Console tab, and copy any errors listed there.

Finally, we don’t collect sensitive personal information in the debug logs. Nonetheless, some organizations have stringent policies about how data should be handled. Prisma Cloud support dumps are human-readable, so you can unpack, inspect, and sanitize them to your standards before sending them to us.

3. Collecting Console’s debug logs

The simplest way to collect Console’s debug logs is from the UI itself. Go to Manage > View Logs > Console and click Download debug logs. To upload the logs directly to Prisma Cloud support, click Upload debug logs to Prisma Cloud support.

4. Collecting Defender’s debug logs

To collect Defender’s debug logs, go to Manage > Defenders > Manage. Find the Defender of interest in the table of deployed Defenders, click Actions > Logs, then click Download this log. To upload the logs directly to Prisma Cloud support, click Upload log to Prisma Cloud support.

5. Collecting debug logs with twistcli

The twistcli tool cannot collect Console debug logs when it runs in a cluster and uses a persistent volume for storage. When Console runs in a cluster, collect debug logs directly from the Console UI instead.


  1. Copy twistcli to the host where the problem is occurring.

  2. Run twistcli to collect the debug data from your Prisma Cloud setup.

    $ sudo ./twistcli support dump
    Dumping debug data
    Saving logs for container /twistlock_defender_2_2_73
    Saving system information
    Copying data folder
    Done. Created twistlock_dump_1505548448.tar.gz

If your organization prohibits sharing detailed debug data, capture a more minimal set of data by running:

$ sudo grep -i "error" /var/lib/twistlock/log/defender.log > defender.log
$ sudo grep -i "error" /var/lib/twistlock/log/console.log > console.log

Then manually sanitize the output prior by removing IP addresses, hostnames, and any other sensitive data.

6. Sending debug data to Prisma Cloud

The twistcli tool lets you send debug logs and other files to Prisma Cloud. A common workflow is to collect debug logs, sanitize them, then share them with Prisma Cloud.

Files are sent over HTTPS to a write-only directory on Prisma Cloud’s file server. When the upload is completed, the Prisma Cloud Support team is notified.


  1. Send a file to Prisma Cloud Support with twistcli.

    $ twistcli support upload --file <FILE>
  2. Enter your access token.

  3. Your file is uploaded.

    Uploading file to Prisma Cloud support
    123.68 KiB / 11.26 MiB [>-----------------------------]   1.07% 648.45 KiB/s 0s


When the upload is complete, a confirmation message is printed:

File has been uploaded as customer/twistlock_dump_1505548448_1505549527.tar.gz