Collect High Debug Server Logs
search cancel

Collect High Debug Server Logs

book

Article ID: 286504

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect high debug App Control Server logs.

Environment

  • App Control Server: All Supported Versions

Resolution

Table of Contents

Gather Relevant Background Information:

    • What is the OS version and build of the application server where the App Control Server is installed?
    • What is the total system memory of the application server?
    • What is the total free disk space on the drive App Control Server is installed on?
    • What version of the App Control Server is currently installed?
    • Is the SQL database located on the same server as the App Control Server?
    • What version of SQL Server is hosting the App Control database? Is it patched to the latest Cumulative Update?
    • What error message or events are you receiving regarding this issue?
    • When did the error messages/events/issue start?
    • Were there any new changes on the server(s) or the network recently?

Gather Event Viewer and IIS Logs:

Gather High Debug App Control Server Logs:

If the Console is available:

  1. Log in to the App Control Console
  2. Navigate to https://ServerAddress/support.php > Diagnostics
  3. Click the Snapshot Server Logs button to write existing logs and start a fresh log file.
  4. Set Server Logging as follows:
    • Logging Duration: 30 Minutes
    • All Debug Levels: High
    • Enable SQL Trace: Checked
  5. Click Start logging & reproduce the issue.
  6. Return to https://ServerAddress/support.php > Diagnostics
  7. Click Stop Logging Now
  8. From the right-hand menu > Related Views > Available log files
  9. Download any/all Diagnostic Files generated with today's date:
    • API-TIMESTAMP.log
    • AppControlAD-TIMESTAMP.log
    • ReporterLog-TIMESTAMP.log
    • ServerLog-TIMESTAMP.bt9
      Important: There could be up to 20 ServerLog-TIMESTAMP files generated, download all.
    • SQLTrace-date-time.csv
  10. Zip all Server Logs generated as there will likely be many.
  11. Attach the IIS logs, Event Viewer Logs, and zip of all Server Logs generated to the support case.

If the Console is not available:

  1. Connect to the SQL server.
  2. Open SQL Server Management Studio (SSMS) as either the service account or a SQL full admin.
  3. Enable debug: 
    USE das; 
EXEC dbo.UpdateShepherdConfig 'ADDebugLevel', '6'
EXEC dbo.UpdateShepherdConfig 'API_DebugLevel', '6'
EXEC dbo.UpdateShepherdConfig 'DebugConsoleCommunication', 'true'
EXEC dbo.UpdateShepherdConfig 'DebugLevel', '6'
EXEC dbo.UpdateShepherdConfig 'ReporterLogLevel', '6'
EXEC dbo.UpdateShepherdConfig 'ScriptDebugLevel', '6'
  4. Reproduce the issue
  5. Return to SSMS and disable debug: 
    USE das; 
EXEC dbo.UpdateShepherdConfig 'ADDebugLevel', '0'
EXEC dbo.UpdateShepherdConfig 'API_DebugLevel', '0'
EXEC dbo.UpdateShepherdConfig 'DebugConsoleCommunication', 'false'
EXEC dbo.UpdateShepherdConfig 'DebugLevel', '0'
EXEC dbo.UpdateShepherdConfig 'ReporterLogLevel', '0'
EXEC dbo.UpdateShepherdConfig 'ScriptDebugLevel', '0'
  6. Gather the logs from the locations:
    • \Program Files (x86)\Bit9\Parity Console\WebUI\Logs\php_errors.log
    • \Program Files (x86)\Bit9\Parity Server\Reporter\ParityReporter.log
    • \Program Files (x86)\Bit9\Parity Server\ServerLog.bt9
  7. Attach the IIS logs, Event Viewer Logs, and the logs from step 6 to the support case.

Additional Information

  • App Control Server 8.8.6 and earlier: Restart the App Control Reporter service after collecting logs due to a known issue causing it to stop sending events after debugging finishes.
Powered by Wolken Software