Xiid Logs
Xiid maintains logs locally for every software component within the platform. Logs are stored in standard JSON log formats and can be easily consumed and analyzed by SIEM systems.
Installation Logs
When installing any Xiid software, there are logs stored in the operating system's temporary directory. These logs contain additional information regarding the installation process. If you encounter any issues with your installation of Xiid's software, these logs are useful in determining the root cause of the issue.
Location
| Operating System | Path |
|---|---|
| Windows | C:\Windows\Temp |
| macOS | /tmp/ |
| Linux | /tmp/ |
| BSD | /tmp/ |
Connector
The Xiid Connectors run two separate services, as mentioned in the Connectors Documentation. The Geonode Service and the Connector Service both maintain their own separate logs. The Geonode Service logs contain information regarding the geocluster database and nodes. The Connector Service logs contain information regarding the usage of the platform.
Geonode Service Logs
The Geonode Service log file name is main.log and you will also see main.{date}.log which are previous log files.
Location
| Operating System | Path |
|---|---|
| Windows | C:\ProgramData\Xiid\XIID-geonode\logs |
| macOS | N/A |
| Linux | /var/logs/Xiid/XIID-geonode |
| BSD | N/A |
Common Log Statements
The following log statements are helpful in troubleshooting and understanding Geonode Service.
| Log Level | Log Text | Explanation | Context |
|---|---|---|---|
| Info | "Serve":"XIID-geonode","ver":"4.0.0[2025-09-10_12:14:25]" | Indicates the version of the Geonode Service currently running | [2025-09-10_12:14:25] indicates the build date and time of the executable |
| Info | "https bind":"0.0.0.0:10463" | Indicates the network interface that the geonode service is bound to | :10463 indicates the port the service is bound to |
| Info | "certificate":"/etc/xdg/Xiid/XIID-geonode/certs/{cert}.crt","loaded":true} | Indicates where the SSL certificates are loaded from | "loaded":true indicates that the Certificate file (.crt) and Private Key (.key) match |
Connector Service Logs
The Connector Service has three primary log files: h2conn-Events.json, h2conn-grpc.json, and h2conn-Http.json.
The h2conn-Events.json maintains logs on actions taken through the Connector UI as well as events related to Commander and STLink services connected to it.
The h2conn-grpc.json maintains logs on the API calls coming from Commanders and STLinks.
The h2conn-Http.json maintains logs on specific connection information to the service in standard network log format.
Location
| Operating System | Path |
|---|---|
| Windows | C:\ProgramData\Xiid\XIID-H2connector\logs |
| macOS | N/A |
| Linux | /var/logs/Xiid/XIID-H2connector |
| BSD | N/A |
Commander
The Xiid Commander has two primary log files: h2comm-Events.json and http.log.
The h2comm-Events.json maintains logs related to events in the Commander Portal as well as the interactions with the Xiid Connectors.
Location
| Operating System | Path |
|---|---|
| Windows | C:\ProgramData\Xiid\XIID-h2commander\logs |
| macOS | N/A |
| Linux | /var/log/Xiid/XIID-H2commander |
| BSD | N/A |
STLink
The STLink has two primary log files, h2conn-Events.json and http.log, which maintains logs on the STLink service and connections.
The h2conn-Events.json maintains logs related to actions the STLink takes, such as binding to addresses and handling incoming and outgoing connections.
The http.log maintains HTTP/S REST API logs for the STLink in standard JSON log format. These logs are generally less useful for basic troubleshooting or auditing actions.
Location
| Operating System | Path |
|---|---|
| Windows | C:\ProgramData\Xiid\XIID-h2stlink\logs |
| macOS | /var/log/Xiid/XIID-H2stlink |
| Linux | /var/log/Xiid/XIID-H2stlink |
| BSD | /var/log/Xiid/XIID-H2stlink |
Common Log Statements
| Log Level | Log Text | Explanation | Context |
|---|---|---|---|
| Info | "HandleReadChannel":"127.x.x.x:443 100008f59" | Indicates that a SealedTunnel connection was established | 127.x.x.x:443 indicates the address and port that the client connected to |
| Error | "StartListener":"binding already exists"} | Indicates one of the bindings assigned to this STLink is currently in use and consequently the STLink cannot bind to that address | - |
| Error | "StartListener-accept":"1M6K1PYSXXXXXRQT603N8XJ1MD-4C375WC3DFSASRJ4DEDJ89QXNQ bindTo: 127.x.x.x:443","error":"accept tcp 127.x.x.x:443: use of closed network connection" | Indicates that connection was made to a SealedTunnel binding but was immediately disconnected. | 127.x.x.x:443 indicates the address and port in which the connection originated and then was closed |