App Control: How to Enable Agent Driver (Kernel) Level Trace Logging - Linux
search cancel

App Control: How to Enable Agent Driver (Kernel) Level Trace Logging - Linux

book

Article ID: 292424

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

This document describes how to enable the Agent's kernel trace for logging

Environment

  • App Control (Formerly CB Protection) Agent: All Supported Versions
  • Linux: All Supported Versions

Resolution

  1. Open a terminal window and change directory to /opt/bit9/bin
  2. Run the following commands in order: 
    ./b9cli --password <type the CLI or global password here>
./b9cli --kerneltrace 4
  3. Automatic return output from the Agent should confirm that the Kernel Level has changed, and now displays "Kernel Trace Parameters[level [4] Flags[007FFFFF]]"
  4. Reproduce the issue for logging
  5. Run the following commands to reset logging to default level: 
    ./b9cli --password <type the CLI or global password here>
./b9cli --kerneltrace 2

       6. Automatic return output from the Agent should confirm that the Kernel Level has changed, and now displays "Kernel Trace Parameters[level [2] Flags[007FFFFF]]"
       7. Run ./b9cli --capture <PathAndFileNameHere.zip>   (Example: ./b9cli --capture /home/username/Downloads/MachineName.zip) The path can be any writeable directory of your choice

Additional Information

Ensure that step 5 is followed every time, as high debugging logs can quickly fill up a hard-drive
Powered by Wolken Software