Collect High Debug Agent Logs
search cancel

Collect High Debug Agent Logs

book

Article ID: 287534

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect high debug Agent logs.

Environment

  • App Control Console: All Supported Versions
  • App Control Agent: All Supported Versions

Resolution

Method 1: Remotely (All Platforms)

Notes:
  • In some instances the Agent's Trace Log may rollover and important troubleshooting information could be lost.
  • Be sure to set the Debug Duration in Step 3 to the least amount of time required to recreate the issue.
  • For these reasons, it is recommended to use the Local option.
  1. Log in to the Console and navigate to Assets > Computers > relevant Computer.
  2. From the right hand side select Other Actions > Delete Diagnostic Files on Computer.
  3. From the right hand side select "Set Debug Level"
    • Debug Level: High
    • Include Kernel: Checked
    • Debug Duration: 15 minutes
    • Upload when completed: Checked
  4. Recreate the issue.
  5. After about 20 minutes: navigate to Tools > Requested Files > Diagnostic Files > download relevant logs.

Method 2: Locally

Windows

  1. Log in to the endpoint and use a command prompt to issue the commands:
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
    dascli flushlogs
    dascli resetcounters
    dascli setconfigprop max_rolling_trace_size_mb=0
    dascli debuglevel 6
dascli kerneltrace 4
dascli nettrace 1
  2. Reproduce the issue
  3. Capture the logs and reset Debug Levels: 
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli capture "%userprofile%\Desktop\%computername%-HDL.zip"
dascli password GlobalCLIPassword
dascli debuglevel 0
dascli kerneltrace 2
dascli nettrace 0
    dascli setconfigprop max_rolling_trace_size_mb=50

Linux

  1. Log in to the endpoint and use a terminal to issue the commands:
    cd /opt/bit9/bin
./b9cli --password GlobalCLIPassword
./b9cli --resetcounters
./b9cli --flushlogs
./b9cli --debuglevel 4
./b9cli --kerneltrace 4
./b9cli --nettrace 1
  2. Reproduce the issue
  3. Capture the logs and reset Debug Levels: 
    sudo ./b9cli --capture /var/tmp/$HOSTNAME-PerformanceLogs.zip
./b9cli --password GlobalCLIPassword
./b9cli --debuglevel 0
./b9cli --kerneltrace 2
./b9cli --nettrace 0

macOS

  1. Log in to the endpoint and use terminal to issue the commands:
    cd /Applications/Bit9/Tools
./b9cli --password 'GlobalCLIPassword'
./b9cli --resetcounters
./b9cli --flushlogs
./b9cli --debuglevel 4
./b9cli --kerneltrace 4
./b9cli --nettrace 1
  2. Reproduce the issue
  3. Capture the logs and reset Debug Levels: 
    ./b9cli --capture ~/Desktop/`Hostname`-PerformanceLogs.zip
./b9cli --password 'GlobalCLIPassword'
./b9cli --debuglevel 0
./b9cli --kerneltrace 2
./b9cli --nettrace 0

Additional Information

Powered by Wolken Software