App Control: How to Collect Logs for Linux System Crash
search cancel

App Control: How to Collect Logs for Linux System Crash

book

Article ID: 286675

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to collect diagnostics after a Linux system crash.

Environment

  • App Control Agent: All Supported Versions
  • Linux Operating System: All Supported Versions

Resolution

  1. Please collect and zip the crash dump files that are written by default to: /var/crash and /var/log
    sudo tar cvfz /var/tmp/$HOSTNAME-CrashLogs.tgz /var/crash
    sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log
    • If the vmcore files are missing, please verify that the Kdump service is active using steps in this KB
    • Please check if the default path for writing crash logs has been modified in the config file: /etc/kdump.conf
  2. Collect the Agent Historical Logs:
    cd /opt/bit9/bin
    sudo ./b9cli --capture /var/tmp/$HOSTNAME-AgentLogs.tgz
  3. Output of the kernel version:
    uname -r