Enable Sensor Debug Logging for Issue Reproduction with RepCLI
Article ID: 288909
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR
Issue/Introduction
How to Enable Sensor debug logging during issue reproduction
Environment
- Endpoint Standard Sensor: All supported versions
- Microsoft Windows: All supported versions
Resolution
- Launch a Command Prompt
- Change directory to C:\Program Files\Confer
- Run the following command or
C:\Program Files\Confer> repcli unlock <sensor_uninstallCode>
C:\Program Files\Confer> repcli debug 1 Sensor is in debug mode - Enable any additional logging tools, such as Process Monitor or packet capture utilities
- Reproduce the issue
- Stop and save all other logging utilities
- Run the following command to gather Sensor logs
C:\Program Files\Confer> repcli capture Captured diagnostic data in C:\Windows\TEMP\confer-temp\confer_dump.zip
- Run the following command to disable Sensor debug logging
C:\Program Files\Confer> repcli debug 0 Sensor is not in debug mode
- Gather all logs and attach to case as needed
Additional Information
- Sensor debug logging will increase confer.log verbosity
- Sensor debug logging will raise kernel logging to the Info level so the Microsoft Event Trace Log File will include additional data
- RepCLI authentication isn't required if using repcli unlock but can be enabled manually on individual sensors
Feedback
Yes
No
Powered by
