CB Protection: ETL File Grows Too Large
book
Article ID: 288301
calendar_today
Updated On:
Products
Carbon Black App Control (formerly Cb Protection)
Issue/Introduction
The agent ETL file (%programdata%\Bit9\Parity Agent\Logs\parity_<version>.etl)) keeps growing and reaches several gb in size.
Environment
- CBÂ Protection Agent: 7.x - 8.0 P6
- Microsoft Windows: All Supported Versions
Cause
Possible causes:
- Agent debug level is set high
- McAfee AV writing to Cb Protection ETL file
- Being below agent version 8.1.4
Resolution
- Confirm agent debug level is set to default:
- Login to effected computer
- Open an admin CMD prompt
- Run commands:
cd "c:\program files (x86)\bit9\parity agent"
dascli status
- Results of dascli status will show "Debug Level" and "Kernel Level"
- Default Debug Level is 0
- Default Kernel Level is 2
- Upgrade to 8.1.4 or Higher
- Clear out the log file:
- Login to the CB Protection console
- Navigate to assets>computer
- Click onto machine having the issue
- Navigate to Advanced>Other Actions> Delete Diagnostic Files on Computer
Additional Information
The log rolling mechanism is activated every 5 minutes. Therefore, on busy agents, the ETL file may grow larger than the default 50mb cap.
Feedback
thumb_up
Yes
thumb_down
No