To collect logs to troubleshoot a disconnected App Control agent.
netsh trace start capture=yes tracefile=%userprofile%\Desktop\Agent-Trace.etl persistent=yes
cd "C:\Program Files (x86)\Bit9\Parity Agent" dascli password GlobalPassword dascli disconnect
dascli setconfigprop max_rolling_trace_size_mb=500
dascli setconfigprop max_rolled_trace_logs_to_keep=4
dascli debuglevel 7 dascli nettrace 1 dascli connect dascli server
Current sever: appcontrol.domain.com:41002
Test-NetConnection -ComputerName <ServerAddress> -Port 41002 -InformationLevel "Detailed" > "C:\Temp\ConnectionTests.txt" Test-NetConnection -ComputerName <ServerAddress> -Port 443 -InformationLevel "Detailed" >> "C:\Temp\ConnectionTests.txt"
netstat -ano | findstr "41002" nslookup <ServerAddress> ping <ServerAddress> tracert <ServerAddress>
C:\Windows\SysWOW64\netsh.exe winhttp show proxy (for XP/Server 2003 use: proxycfg)
dascli capture "C:\Temp\%ComputerName%-DisconnectedLogs.zip"
dascli password GlobalPassword
dascli debuglevel 0
dascli nettrace 0
dascli setconfigprop max_rolling_trace_size_mb=50
dascli setconfigprop max_rolled_trace_logs_to_keep=0
netsh trace stop
cd /opt/bit9/bin
./b9cli --status
cd /Applications/Bit9/Tools ./b9cli --password 'GlobalCLIPassword' ./b9cli --disconnect
./b9cli --setconfigprop max_rolling_trace_size_mb=500
./b9cli --setconfigprop max_rolled_trace_logs_to_keep=4
./b9cli --debuglevel 4 ./b9cli --nettrace 1 ./b9cli --connect ./b9cli --status
./b9cli --debuglevel 0 ./b9cli --kerneltrace 2 ./b9cli --nettrace 0 sudo ./b9cli --capture /var/tmp/DisconnectedAgentLogs.zip
./b9cli --setconfigprop max_rolling_trace_size_mb=50
./b9cli --setconfigprop max_rolled_trace_logs_to_keep=0
system_profiler -detailLevel full > ~/Desktop/sysinfo.txt
cd /opt/bit9/bin ./b9cli --status
./b9cli --password GlobalCLIPassword ./b9cli --disconnect
./b9cli --setconfigprop max_rolling_trace_size_mb=500
./b9cli --setconfigprop max_rolled_trace_logs_to_keep=4
./b9cli --debuglevel 4 ./b9cli --kerneltrace 4 ./b9cli --nettrace 1 ./b9cli --connect ./b9cli --healthcheck ./b9cli --status
ping <SERVERADDRESS> nslookup <SERVERADDRESS> telnet <SERVERADDRESS> <SERVERPORT>Note: If the Telnet utility is unavailable the timeout utility (part of the coreutils package) could be used instead:
timeout 1 bash -c "</dev/tcp/ServerAddressHere/41002" echo $?An exit status of "0" indicates the Server Address is responding on the port specified (41002).
./b9cli --debuglevel 0 ./b9cli --kerneltrace 2 ./b9cli --nettrace 0 sudo ./b9cli --capture /var/tmp/DisconnectedAgentLogs.zip
./b9cli --setconfigprop max_rolling_trace_size_mb=50
./b9cli --setconfigprop max_rolled_trace_logs_to_keep=0
sudo tar cvfz /var/tmp/SystemLogs.tgz /v