How to Collect Logs for Linux System Crash
book
Article ID: 286675
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
How to collect diagnostics after a Linux system crash.
Environment
- App Control Agent: All Supported Versions
- Linux Operating System: All Supported Versions
Resolution
- Please collect and zip the crash dump files that are written by default to: /var/crash and /var/log
sudo tar cvfz /var/tmp/$HOSTNAME-CrashLogs.tgz /var/crash
sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log
- If the vmcore files are missing, please verify that the Kdump service is active using steps in this KB
- Check if the default path for writing crash logs has been modified in the config file: /etc/kdump.conf
- Collect the Agent Historical Logs:
cd /opt/bit9/bin
sudo ./b9cli --capture /var/tmp/$HOSTNAME-AgentLogs.tgz
- Output of the kernel version:
uname -r
Feedback
thumb_up
Yes
thumb_down
No