Collect Server Logs for Email Not Sending or Mail Errors
search cancel

Collect Server Logs for Email Not Sending or Mail Errors

book

Article ID: 371071

calendar_today

Updated On:

Products

Carbon Black App Control (formerly Cb Protection)

Issue/Introduction

Steps to collect logs when the App Control Server is not sending emails for Alerts or Approval Requests.

Environment

  • App Control Server: All Supported Versions

Resolution

  1. Start a Wireshark Capture on the application server hosting the Console.
  2. Navigate to https://ServerAddress/support.php > Diagnostics
    1. Click Snapshot Server Logs to write existing logs and start a fresh log file.
    2. Set Sever Logging as follows:
      • Logging Duration: 30 Minutes
      • Reporter Log Level: High
      • Start Logging
  3. Navigate to Settings > System Configuration > Mail > Validate Server
    1. Enter one email address that is failing and click Send Mail.
    2. Enter a different email address (in the same domain) and click Send Mail.
  4. If possible, replicate a block event on an endpoint to trigger an Alert and submit an Approval Request.
  5. On the App Control server open PowerShell and test the connection to the Mail Server with the port specified on the System Configuration page 
    TNC -ComputerName mailserver.fqdn.com -Port 587 -InformationLevel "Detailed"
  6. Save the Wireshark capture.
  7. In the Console, navigate to https://ServerAddress/support.php > Diagnostics > Stop Logging Now.
  8. Click on Available log files from the right menu > Related Views and save any ReporterLog-TIMESTAMP.log
  9. Collect full screenshots from the Console of:
    1. Settings > System Configuration > Mail: Full Mail Notification Configuration page.
    2. Tools > Alerts > relevant Alert: Full Alert Details page.
  10. Zip all collected data and provide to Support.
Powered by Wolken Software