How to Collect Logs for Secureworks Taegis XDR Agent

Summary: Learn how to collect logs for the Secureworks Taegis XDR agent by following these step-by-step instructions for Windows or Linux.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

This article discusses the methods for collecting the Secureworks Taegis XDR agent logs.

Affected Products:

  • Secureworks Taegis XDR

Affected Operating Systems:

  • Windows
  • Linux

Click Windows or Linux for the log collection process.

Windows

Troubleshoot the Secureworks Taegis XDR agent by manually collecting logs.

  • Install logs: Used to troubleshoot installation issues
  • Agent logs: Used to troubleshoot activation, communication, and behavior issues

Click the appropriate logging type for more information.

Install

  1. Right-click the Windows start menu and then click Run.
    Run
  2. In the Run UI, type %temp% and then click OK.
    Run UI
    Note: %temp% is the Windows variable for C:\Users\[USERNAME]\AppData\Local\Temp.
  3. Capture the MSI logs named MSIXXXXX.LOG.
    Example log files to be captured
    Note: The XXXXX is randomly generated letters and numbers.

Agent

  1. Create a temporary log folder that is titled Logs.
  2. Right-click the Windows start menu and then click Run.
    Run
  3. In the Run UI, type C:\Program Files (x86)\Dell SecureWorks\Red Cloak and then click OK.
    Run UI
  4. Sort by type to display all .log files.
    Example log files
  5. Copy all .log and .dmp files to the Logs folder (Step 1).
  6. Right-click the Windows start menu and then click Run.
    Run
  7. In the Run UI, type C:\Program Files (x86)\Dell SecureWorks\Ignition\ and then click OK.
    Dell SecureWorks Ignition directory
  8. Copy all .log files to the Logs folder (Step 1).
  9. Right-click the Logs folder from Step 1, select Send to, and then click Compressed (zipped) folder.
    Adding logs to a zipped folder

Linux

Troubleshoot the Secureworks Taegis XDR agent by manually collecting logs.

  • Install logs: Used to troubleshoot installation issues
  • Agent logs: Used to troubleshoot activation, communication, and behavior issues

Install

When installation is run on a Linux endpoint, any errors are displayed as text on the screen. There are no log files to be collected.
Example error displayed during installation

Agent

To successfully offload logs, the Secureworks Taegis XDR agent requires:

  • A third-party FTP (file transfer protocol) client
    • Examples of an FTP client include (but are not limited to):
      • Filezilla
      • WinSCP
      • CuteFTP
  • A storage device (outside of the Linux server)
  1. In the FTP client, log in with an FTP user to the Linux server.
    Logging in with an FTP client
  2. Go to /opt/secureworks/redcloak/log and then save all files from that folder locally.
    Example log files to be saved

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

Affected Products

Secureworks
Article Properties
Article Number: 000195101
Article Type: How To
Last Modified: 18 Jul 2025
Version:  6
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.