EDR: How to configure on-demand cbdiag reports for on-prem servers
search cancel

EDR: How to configure on-demand cbdiag reports for on-prem servers

book

Article ID: 288091

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To enable on-demand cbdiag reports for an on-prem EDR server that the VMWare Carbon Black Support team can directly request.

Environment

  • EDR: 6.2.1 and Higher

Resolution

  1. Log into the EDR web interface. 
  2. In the upper-right corner, click [username] >  Sharing Settings
  3. Enable (check) the box to "Allow Unattended Background Upload of Diagnostics Data"

Additional Information

  • This will enable the VMware Carbon Black Support team to remotely request a cbdiag report for diagnostic purposes. 
  • The resulting cbdiag files will be generated in /tmp by default. 
  • VMware Carbon Black recommends a minimum of 2 GB of available space. Servers with large numbers of endpoints may require more space. 
  • The directory to save the cbdiags can be edited in /etc/cb/cb.conf with the CbDiagTmpDir=/var/cb/data parameter. 
  • "Allow Unattended Background Upload of Diagnostics Data" requires the "Enable Performance Statistics" option be enabled. 
  • The API method to enable this feature uses a POST to /api/communication_settings with a payload of {"ondemand_diagnostics":true}. 
  • A cron job runs on each server every 5 minutes to look for new cbdiag reports to send them to VMware Carbon Black. 
  • Each EDR server has a server token used to identify it. The token is located at /etc/cb/server.token.
Powered by Wolken Software