How to Collect Logs for Linux System Crash
search cancel

How to Collect Logs for Linux System Crash

book

Article ID: 286675

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to collect diagnostics after a Linux system crash.

Environment

  • App Control Agent: All Supported Versions
  • Linux Operating System: All Supported Versions

Resolution

  1. Please collect and zip the crash dump files that are written by default to: /var/crash and /var/log 
    sudo tar cvfz /var/tmp/$HOSTNAME-CrashLogs.tgz /var/crash
sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log
  2. If the vmcore files are missing, please verify that the Kdump service is active using steps in this KB
  3. Check if the default path for writing crash logs has been modified in the config file: /etc/kdump.conf
  4. Collect the Agent Historical Logs: 
    cd /opt/bit9/bin
sudo ./b9cli --capture /var/tmp/$HOSTNAME-AgentLogs.tgz
  5. Output of the kernel version: 
    uname -r
Powered by Wolken Software