Collect Historical Server Logs
search cancel

Collect Historical Server Logs

book

Article ID: 291669

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect historical (non debug) App Control Server logs.

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows Server: All Supported Versions
  • Microsoft Internet Information Services (IIS): All Supported Versions

Resolution

Gather Relevant Background Information

  • What version of the App Control Server is currently installed?
  • Application server details where App Control Server is installed
    • OS Version and build
    • Total system memory
    • Free disk space where App Control Server is installed
    • Physical machine or virtual machine (if virtual, what type?)
  • Microsoft SQL Server details where App Control database is hosted
    • Is SQL Server on the same machine as the App Control Server?
    • What SQL Server version and Edition is used?
    • Is SQL Server patched to the latest Cumulative Update?
  • What error message or events are you receiving regarding this issue?
  • When did the error messages/events/issue start?
  • Were there any new changes on the server(s) or the network recently?

Gather Event Viewer and IIS Logs

From the application server hosting the Console

  1. Collect IIS Logs from the last several days.
  2. Collect Event Viewer logs for Application & System.

Gather App Control Server Logs

Method 1: Remotely From the Console

  1. Log in to the App Control Console.
  2. Browse to: https://ServerAddress/support.php
  3. Go to the Diagnostics tab > Click on "Snapshot Server Logs".
  4. From the right-hand menu > Related Views > Click on “Available log files".
  5. Save copies of any files generated with today's Request Date and the File Name, examples:
    • PHPErrors-TIMESTAMP.log
    • ReporterLog-TIMESTAMP.log
    • ServerLog-TIMESTAMP.bt9

Method 2: Locally from the App Control Server

  1. Log in to the App Control Server as the Carbon Black Service Account.
  2. Collect a copy of the following files from the Parity Server directory:
    • C:\Program Files (x86)\Bit9\Parity Console\WebUI\Logs\php_errors.log
    • C:\Program Files (x86)\Bit9\Parity Server\Reporter\ParityReporter.log
    • C:\Program Files (x86)\Bit9\Parity Server\ServerLog.bt9
  3. Collect a copy the most recent automatic log captures:
    • C:\Program Files (x86)\Bit9\Parity Server\Support\API-TIMESTAMP.log
    • C:\Program Files (x86)\Bit9\Parity Server\Support\PHPErrors-TIMESTAMP.log
    • C:\Program Files (x86)\Bit9\Parity Server\Support\ReporterLog-TIMESTAMP.log
    • C:\Program Files (x86)\Bit9\Parity Server\Support\ServerLog-Auto-TIMESTAMP.bt9
    • C:\Program Files (x86)\Bit9\Parity Server\Support\SQLTrace-TIMESTAMP.log
Powered by Wolken Software