Endpoint Standard: How to Enable Sensor Debug Logging for Issue Reproduction with RepCLI
Article ID: 288909
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Enable Sensor debug logging during issue reproduction
Environment
Endpoint Standard Sensor: 3.4.x.x and Higher
Microsoft Windows: All supported versions
Microsoft Windows: All supported versions
Resolution
- Log into the machine with a user account that matches the User or Group SID configured at the time of sensor install
- Launch a Command Prompt
- Change directory to C:\Program Files\Confer
- Run the following command
C:\Program Files\Confer> repcli debug 1 Sensor is in debug mode
- Enable any additional logging tools, such as Process Monitor or packet capture utilities
- Reproduce the issue
- Stop and save all other logging utilities
- Run the following command to gather Sensor logs
C:\Program Files\Confer> repcli capture Captured diagnostic data in C:\Windows\TEMP\confer-temp\confer_dump.zip
- Run the following command to disable Sensor debug logging
C:\Program Files\Confer> repcli debug 0 Sensor is not in debug mode
- Gather all logs and attach to case as needed
Additional Information
- Sensor debug logging will increase confer.log verbosity
- Sensor debug logging will raise kernel logging to the Info level so the Microsoft Event Trace Log File will include additional data
- RepCLI authentication can be enabled manually on individual sensors
Feedback
Yes
No
Powered by
