Difference between Advanced debugging logs and logs collected from tenant.

Question

I recently encountered the below mentioned issue and would like to have better understanding of the same.

I have collected advanced debugging logs from the users system, where in the option of “Start” for outer capture was disabled, still I collected the logs and those were as expected.

However when I tried collecting the same logs from the tenant for that user, I observed the logs were different and some of the captures which were present in the previously collected advanced debugging logs from the system were missing in the logs collected from the tenant.

Attaching the screenshots for reference:

Events triggered for the date and time : 2024/07/17 14:47:00.213

Logs collected from the tenant :

Advanced debugging logs collected from the device for the same time :

Need to understand why the captured even for the same timestamp are different.

Page 1 / 1

@Iftesam ,

I’m not sure if this is expected behavior or not. My understanding is that the log collection feature from the tenant should zip up the same log files and upload them to Netskope. I’d suggest opening a support case for support and/or engineering to validate if this is behaving as expected and troubleshoot further.

@sshiflett

Thanks for the update!

Reply

sshiflett · Answer

@Iftesam,I’m not sure if this is expected behavior or not. My understanding is thatthe log collection feature from the tenant should zip up the same log files and upload them to Netskope. I’d suggest opening a support case for support and/or engineering to validate if this is behaving as expected and troubleshoot further.

Reply

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded