How to Check for Upgrade Hints in Sensor Logs (Linux)
search cancel

How to Check for Upgrade Hints in Sensor Logs (Linux)

book

Article ID: 292256

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide a method for finding log entries related to Sensor upgrades for Linux devices

Environment

  • Carbon Black Cloud Sensor: All Versions
  • Linux OS: All Supported Versions

Resolution

Windows using Notepad++ or similar

  1. Collect a set of full diagnostics logs
  2. Extract diagnostic archive (diags_<hostname>_<timestamp>_<device_id>.tgz) locally
  3. Go to diags_<hostname>_<timestamp>_<device_id>/var/opt/carbonblack/psc/log/
  4. Open log.txt in Notepad++
  5. Search for upgrade hints using a Regular Expression search 
    hint 12|hint type: 12|SwUpgradeThread|SwUpgradeState|SwUpgradeTool|SetUpgradeMode|CbRpmPackageTool|--- starting|--- agent shutdown

Linux/macOS using Terminal and grep

  1. Collect a set of full diagnostics logs
  2. Extract diagnostic archive (diags_<hostname>_<timestamp>_<device_id>.tgz) locally
  3. Search for upgrade hints using Extended Regular Expression 
    zgrep --color=always -ani -E 'hint 12|hint type: 12|SwUpgradeThread|SwUpgradeState|SwUpgradeTool|SetUpgradeMode|CbRpmPackageTool|--- starting|--- agent shutdown' ./<PathToExtractedDiags>/diags_<hostname>_<timestamp>_<device_id>/var/opt/carbonblack/psc/log/log.txt

Additional Information

Search results will show when the device received the upgrade hint and information on the version of the Sensor before and after service shutdown/restart as part of the upgrade
Powered by Wolken Software