> For clean Markdown of any page, append .md to the page URL.
> For a complete documentation index, see https://docs.nvidia.com/nemoclaw/llms.txt.
> For full documentation content, see https://docs.nvidia.com/nemoclaw/llms-full.txt.
> For AI client integration (Claude Code, Cursor, etc.), connect to the MCP server at https://docs.nvidia.com/nemoclaw/_mcp/server.

# Monitor Sandbox Activity and Debug Issues

> Inspect sandbox health, trace agent behavior, and diagnose problems.

Use the NemoClaw status, logs, and TUI tools together to inspect sandbox health, trace agent behavior, and diagnose problems.

## Prerequisites

* A running NemoClaw sandbox.
* The OpenShell CLI on your `PATH`.

## Check Sandbox Health

Run the status command to view the sandbox state, gateway health, and active inference configuration:

```bash
nemohermes <name> status
```

For local Ollama and local vLLM routes, `nemohermes <name> status` also probes the host-side health endpoint directly.
This check catches a stopped local backend before you retry `inference.local` from inside the sandbox.

Key output fields include:

* Sandbox details show the configured model, provider, GPU mode, and applied policy presets.
* Gateway and process health show whether NemoClaw can still reach the OpenShell gateway and whether the in-sandbox agent process is running.
* Inference health for local Ollama and local vLLM shows `healthy` or `unreachable` together with the probed local URL.
* NIM status shows whether a NIM container is running and healthy when that path is in use.

Run `nemohermes <name> status` on the host to check sandbox state.
Use `openshell sandbox list` for the underlying sandbox details.

## View Blueprint and Sandbox Logs

Stream the most recent log output from the blueprint runner and sandbox:

```bash
nemohermes <name> logs
```

To follow the log output in real time:

```bash
nemohermes <name> logs --follow
```

The `logs` command shows lifecycle and gateway output.
It does not export the structured per-session agent state that OpenClaw stores under `.openclaw/agents/`.

## Inspect Agent Session State

OpenClaw stores structured session state inside the sandbox.
Use these files when you need an audit trail, a compliance review surface, or replay tooling that includes assistant messages and tool activity.

| File                                                                    | Purpose                                                                                                                                                                                               |
| ----------------------------------------------------------------------- | ----------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------- |
| `/sandbox/.openclaw/agents/main/sessions/<session-id>.jsonl`            | Per-session event log. Use this file for audit trails and compliance dashboards. Records can include assistant messages, `thinking` blocks, tool calls, tool results, token usage, and cost metadata. |
| `/sandbox/.openclaw/agents/main/sessions/<session-id>.trajectory.jsonl` | Lower-level trajectory data for fine-grained replay. This file can be large, so avoid using it for routine audit summaries.                                                                           |
| `/sandbox/.openclaw/agents/main/sessions/sessions.json`                 | Session index that maps known session keys to their persisted state.                                                                                                                                  |

To inspect the session directory from the host, run a sandbox command:

```console
$ nemohermes sandbox exec <name> -- ls -lh /sandbox/.openclaw/agents/main/sessions
```

To copy a session log for offline review, use the OpenShell sandbox download command:

```console
$ openshell sandbox download <name> /sandbox/.openclaw/agents/main/sessions/<session-id>.jsonl .
```

Treat exported session logs as sensitive data.
They can contain prompts, tool inputs, tool outputs, file paths, and cost metadata from the agent run.

## Monitor Network Activity in the TUI

Open the OpenShell terminal UI for a live view of sandbox network activity and egress requests:

```bash
openshell term
```

For a remote sandbox, SSH to the instance and run `openshell term` there.

The TUI shows the following information:

* Active network connections from the sandbox.
* Blocked egress requests awaiting operator approval.
* Inference routing status.

Refer to [Approve or Deny Agent Network Requests](../network-policy/approve-network-requests) for details on handling blocked requests.

## Test Inference

Run a test inference request to verify that the provider is responding:

```bash
nemohermes my-hermes connect
hermes
```

If the request fails, check the following:

1. Run `nemohermes <name> status` to confirm the active provider and endpoint.
   For local Ollama and local vLLM, check the `Inference` line first.
   If it shows `unreachable`, restart the local backend before retrying from inside the sandbox.
2. Run `nemohermes <name> logs --follow` to view error messages from the blueprint runner.
3. Verify that the inference endpoint is reachable from the host.

## Related Topics

* [Troubleshooting](../reference/troubleshooting) for common issues and resolution steps.
* [Commands](../reference/commands) for the full CLI reference.
* [Approve or Deny Agent Network Requests](../network-policy/approve-network-requests) for the operator approval flow.
* [Switch Inference Providers](../inference/switch-inference-providers) to change the active provider.