App Control: How to Enable Server Service Trace Logging from Startup
search cancel

App Control: How to Enable Server Service Trace Logging from Startup

book

Article ID: 290894

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

How to set App Control Server services to debug level 6 in the registry for troubleshooting. This is to capture logs on boot time

Environment

  • App Control Server (Formerly CB Protection): All Supported Versions

Resolution

  1. If the server has the App Control Agent installed turn off tamper protection following the below steps. If not please skip to step 2.
  • Open a command prompt as Administrator
  • Change directory to C:\Program Files (x86)\Bit9\Parity Agent (or the location where App Control is installed)
  • Turn off the tamper protect by doing the following commands in order
dascli password <Either the CLI or global password can be entered here without the brackets>
dascli tamperprotect 0
  1. Stop the "Parity Server" service.
  • Go to services.msc and stop CB Protection Server service or run the command as Administrator “net stop ParityServer”
  1. Open the Registry (go to Start > Run > type regedit > click OK)
  2. Browse to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ParityServer
  3. Edit the registry value called “ImagePath” by adding “ /debuglevel 6” on the very end of the registry data. Below is an example of what it should look like
C:\Program Files\Bit9 (x86)\Parity Server\parityserver.exe" /service /dsn "C:\Program Files\Bit9\Parity Server\shepherd.dsn" /debuglevel 6
  1. Start the "Parity Server" service.
  • Go to services.msc and start CB Protection Server service or run the command as Administrator “net start ParityServer”
  1. Reproduce the issue and collect the necessary data for engineering
  • ServerLog.bt9 located in C:\Program Files (x86)\Bit9\Parity Server\
  1. Repeat the step 1-4
  2. Remove the “ /debuglevel 6” from the registry value ImagePath
  3. Repeat Step 6 and start Parity Server
  • If the server has a App Control Agent installed, turn on the tamper protect
  1. Upload the file to CB Vault https://community.carbonblack.com/groups/cb-vault

Additional Information

  • WARNING:  Make sure to remove “ /debuglevel 6”, so it will return to the default level 0. Otherwise, the logs will keep growing and use unneccessary disk space
  • If registry key has been reset to default and debugging is still being written to the Serverlog.bt9 file, go to https://<servername>/Support.php > Diagnostics Tab > Click on Snapshot Server Logs. This will collect the Serverlog.bt9 file in the Diagnostics folder and end the debugging.
Powered by Wolken Software