[ZT] warp-diag summary and detections (#24750)

ranbel · web-flow · commit c20a69565030 · 2025-08-28T16:20:21.000-04:00
* dex partials

* update warp-diag page

* create partial

* fix link

* edit intro
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles.mdx
@@ -127,7 +127,7 @@ warp-cli settings
 
 The device profile UUID is shown in the `Profile ID` field.
 
-Alternatively, if you do not have access to the CLI, you can use [DEX remote captures](/cloudflare-one/insights/dex/remote-captures/) to generate a WARP diagnostic log. The `warp-settings.txt` log file will contain the output of `warp-cli settings`.
+Alternatively, if you do not have access to the CLI, you can use [DEX remote captures](/cloudflare-one/insights/dex/remote-captures/) to collect WARP diagnostic logs from the Zero Trust dashboard. The device profile UUID is shown in your [WARP diagnostics summary](/cloudflare-one/insights/dex/remote-captures/#view-warp-diagnostics-summary-beta) under `Profile ID`.
 
 ## Selectors
 
diff --git a/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx b/src/content/docs/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs.mdx
@@ -6,7 +6,7 @@ sidebar:
   label: Diagnostic logs
 ---
 
-import { TabItem, Tabs, Stream } from "~/components";
+import { TabItem, Tabs, Render, Stream } from "~/components";
 
 The WARP client provides diagnostic logs that you can use to troubleshoot connectivity issues on a device.
 
@@ -29,9 +29,9 @@ The WARP client provides diagnostic logs that you can use to troubleshoot connec
 
 ## macOS/Windows/Linux
 
-### Retrieve logs
+### Collect logs via the CLI
 
-To view WARP logs on desktop devices:
+To collect WARP diagnostic logs on your desktop:
 
 <Tabs> <TabItem label="macOS">
 
@@ -65,9 +65,21 @@ This will place a `warp-debugging-info-<date>-<time>.zip` in the same folder you
 
 </TabItem> </Tabs>
 
-:::note
-You can also use Digital Experience Monitoring to run `warp-diag` commands on remote devices. For more information, refer to [Remote captures](/cloudflare-one/insights/dex/remote-captures/).
-:::
+### Collect logs via the dashboard
+
+<Render file="dex/pcaps-run-availability" product="cloudflare-one" />
+
+You can collect WARP diagnostic logs remotely from the Zero Trust dashboard by using Digital Experience Monitoring (DEX) [remote captures](/cloudflare-one/insights/dex/remote-captures/).
+
+<Render file="dex/pcaps-run" product="cloudflare-one" />
+
+#### Download remote captures
+
+<Render file="dex/pcaps-download" product="cloudflare-one" />
+
+#### View WARP diagnostics summary (beta)
+
+<Render file="dex/pcaps-view-warp-diag" product="cloudflare-one" />
 
 ### `warp-diag` logs
 
@@ -172,7 +184,7 @@ Always check the timestamps at the end of each log file to verify the time range
 
 ## iOS/Android/ChromeOS
 
-### Retrieve logs
+### Collect logs
 
 To view WARP logs on mobile devices:
 
diff --git a/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx b/src/content/docs/cloudflare-one/insights/dex/remote-captures.mdx
@@ -5,42 +5,15 @@ sidebar:
   order: 5
 ---
 
-import { Details } from "~/components";
+import { Details, Render } from "~/components";
 
-<Details header="Feature availability">
-
-| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/)   | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
-| ------------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
-| <ul> <li> Gateway with WARP </li> <li> Secure Web Gateway without DNS Filtering </li> </ul> | All plans                                                     |
-
-| System   | Availability | Minimum WARP version |
-| -------- | ------------ | -------------------- |
-| Windows  | ✅           | 2024.12.492.0        |
-| macOS    | ✅           | 2024.12.492.0        |
-| Linux    | ✅           | 2024.12.492.0        |
-| iOS      | ❌           |                      |
-| Android  | ❌           |                      |
-| ChromeOS | ❌           |                      |
-
-</Details>
+<Render file="dex/pcaps-run-availability" product="cloudflare-one" />
 
 Remote captures allow administrators to collect packet captures (PCAPs) and WARP diagnostic logs directly from end user devices. This data can be used to troubleshoot network problems, investigate security incidents, and identify performance bottlenecks.
 
 ## Start a remote capture
 
-To capture data from a remote device:
-
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
-2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
-3. Configure the types of captures to run.
-   - **PCAP**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
-   - **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
-     :::note
-     **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
-     :::
-4. Select **Start a capture**.
-
-DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
+<Render file="dex/pcaps-run" product="cloudflare-one" />
 
 ## Check remote capture status
 
@@ -53,11 +26,7 @@ To view a list of captures, go to **DEX** > **Remote captures**. The **Status**
 
 ## Download remote captures
 
-1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
-2. Find a successful capture.
-3. Select the three-dot menu and select **Download**.
-
-This will download a ZIP file to your local machine called `<capture-id>.zip`. DEX will store capture data according to our [log retention policy](/cloudflare-one/insights/logs/#log-retention).
+<Render file="dex/pcaps-download" product="cloudflare-one" />
 
 ### Device PCAP contents
 
@@ -73,6 +42,10 @@ You can analyze `.pcap` files using Wireshark or another third-party packet capt
 
 Refer to [WARP diagnostic logs](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) for a description of each file.
 
+## View WARP diagnostics summary (beta)
+
+<Render file="dex/pcaps-view-warp-diag" product="cloudflare-one" />
+
 ## Limitations
 
 - Packet captures are subject to the following limits:
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-download.mdx b/src/content/partials/cloudflare-one/dex/pcaps-download.mdx
@@ -0,0 +1,9 @@
+---
+{}
+---
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Find a successful capture.
+3. Select the three-dot menu and select **Download**.
+
+This will download a ZIP file to your local machine called `<capture-id>.zip`. DEX will store capture data according to our [log retention policy](/cloudflare-one/insights/logs/#log-retention).
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run-availability.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run-availability.mdx
@@ -0,0 +1,22 @@
+---
+{}
+---
+
+import { Details } from "~/components";
+
+<Details header="Feature availability">
+
+| [WARP modes](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/)   | [Zero Trust plans](https://www.cloudflare.com/teams-pricing/) |
+| ------------------------------------------------------------------------------------------- | ------------------------------------------------------------- |
+| <ul> <li> Gateway with WARP </li> <li> Secure Web Gateway without DNS Filtering </li> </ul> | All plans                                                     |
+
+| System   | Availability | Minimum WARP version |
+| -------- | ------------ | -------------------- |
+| Windows  | ✅           | 2024.12.492.0        |
+| macOS    | ✅           | 2024.12.492.0        |
+| Linux    | ✅           | 2024.12.492.0        |
+| iOS      | ❌           |                      |
+| Android  | ❌           |                      |
+| ChromeOS | ❌           |                      |
+
+</Details>
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-run.mdx b/src/content/partials/cloudflare-one/dex/pcaps-run.mdx
@@ -0,0 +1,22 @@
+---
+inputParameters: bestPractice
+---
+
+import { Render } from "~/components";
+
+Devices must be actively connected to the Internet for remote captures to run.
+
+To capture data from a remote device:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Select up to 10 devices that you want to run a capture on. Devices must be [registered](/cloudflare-one/connections/connect-devices/warp/deployment/) in your Zero Trust organization.
+3. Configure the types of captures to run.
+   - **Packet captures (PCAP)**: Performs packet captures for traffic outside of the WARP tunnel (default network interface) and traffic inside of the WARP tunnel ([WARP virtual interface](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/warp-architecture/#ip-traffic)).
+   - **WARP Diagnostics Logs**: Generates a [WARP diagnostic log](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) of the past 96 hours. To include a routing test for all IPs and domains in your [Split Tunnel configuration](/cloudflare-one/connections/connect-devices/warp/configure-warp/route-traffic/split-tunnels/), select **Test all routes**.
+     :::note
+     **Test all routes** will extend the time for diagnostics to run and may temporarily impact device performance during the test.
+     :::
+		 {props.bestPractice}
+4. Select **Run diagnostics**.
+
+DEX will now send capture requests to the configured devices. If the WARP client is disconnected, the capture will time out after 10 minutes.
diff --git a/src/content/partials/cloudflare-one/dex/pcaps-view-warp-diag.mdx b/src/content/partials/cloudflare-one/dex/pcaps-view-warp-diag.mdx
@@ -0,0 +1,32 @@
+---
+{}
+---
+
+import { Details } from "~/components";
+
+The WARP diagnostics summary highlights what Cloudflare determines to be the most important detection events in a `warp-diag` log. You can use the WARP diagnostic summary to help analyze your [log files](/cloudflare-one/connections/connect-devices/warp/troubleshooting/warp-logs/#warp-diag-logs) and identify the root cause of client issues. WARP diagnostic summaries are only available for logs [collected via the dashboard](#collect-logs-via-the-dashboard).
+
+To access your WARP diagnostic summary:
+
+1. In [Zero Trust](https://one.dash.cloudflare.com/), go to **DEX** > **Remote captures**.
+2. Locate an existing `warp-diag` log from the list or select **Run diagnostics** to generate a new `warp-diag` log.
+3. Select the three dots for the `warp-diag` log that you want to analyze, then select **View WARP Diag**.
+
+	The **Overview** tab will display an AI-generated summary of the results, a list of detection events, and basic device information.
+	<Details header="Explanation of the fields">
+	| Field | Description |
+	| ----- | ----------- |
+	| Detection type | A common WARP issue that can appear in the diagnostic logs. |
+	| Occurences | Number of times an issue was detected in the logs.  |
+	| Severity level | Indicates the impact of the issue on WARP client functionality. The severity levels are: <ul> <li> **Critical**: Issue causes complete loss of functionality. </li> <li> **Warning**: Issue causes degraded functionality but core features should still work. </li> <li> **No detection**: Issue was not detected in the logs. </li> </ul> |
+	| Operating system | OS and OS version of the device. |
+	| WARP version | [WARP release version](/cloudflare-one/connections/connect-devices/warp/download-warp/) |
+	| Profile ID | [WARP device profile](/cloudflare-one/connections/connect-devices/warp/configure-warp/device-profiles/) UUID|
+	| Service mode | [WARP mode](/cloudflare-one/connections/connect-devices/warp/configure-warp/warp-modes/) |
+	| Configuration name | Name of the [Zero Trust organization](/cloudflare-one/connections/connect-devices/warp/deployment/mdm-deployment/switch-organizations/) that WARP is connected to. |
+	| Device ID | ID generated by the WARP client. |
+
+	</Details>
+4. Select a detection type for more information about the event and recommended next steps.
+
+Cloudflare will store the `warp-diag` log and its summary per our [log retention policy](/cloudflare-one/insights/logs/#log-retention). To save a copy onto your local machine, [download the log file](#download-remote-captures) and go to the **JSON file** tab to copy the summary in JSON format.
