Endpoint Standard: How to Enable Sensor Debug Logging for Issue Reproduction with RepCLI
search cancel

Endpoint Standard: How to Enable Sensor Debug Logging for Issue Reproduction with RepCLI

book

Article ID: 288909

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Enable Sensor debug logging during issue reproduction 

Environment

Endpoint Standard Sensor: 3.4.x.x and Higher
Microsoft Windows: All supported versions

Resolution

  1. Log into the machine with a user account that matches the User or Group SID configured at the time of sensor install
  2. Launch a Command Prompt
  3. Change directory to C:\Program Files\Confer
  4. Run the following command
    C:\Program Files\Confer> repcli debug 1
    Sensor is in debug mode
  5. Enable any additional logging tools, such as Process Monitor or packet capture utilities
  6. Reproduce the issue
  7. Stop and save all other logging utilities 
  8. Run the following command to gather Sensor logs
    C:\Program Files\Confer> repcli capture
    Captured diagnostic data in C:\Windows\TEMP\confer-temp\confer_dump.zip
  9. Run the following command to disable Sensor debug logging
    C:\Program Files\Confer> repcli debug 0
    Sensor is not in debug mode
  10. Gather all logs and attach to case as needed

Additional Information

  • Sensor debug logging will increase confer.log verbosity
  • Sensor debug logging will raise kernel logging to the Info level so the Microsoft Event Trace Log File will include additional data¬†
  • RepCLI authentication can be enabled manually on individual sensors