Troubleshooting Large Agent Data Directory
search cancel

Troubleshooting Large Agent Data Directory

book

Article ID: 427743

calendar_today

Updated On:

Products

Carbon Black App Control

Issue/Introduction

  • Space used by the Agent in the data directory is larger than expected, example paths:
    • Windows: C:\ProgramData\Bit9\Parity Agent\
    • Linux: /srv/bit9/data/
    • macOS: /Library/Application Support/com.bit9/Agent/

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions
  • Linux: All Supported Versions
  • macOS: All Supported Versions

Cause

Most commonly this is due to Debug Levels left in an elevated state, though there may be some considerations depending on platform and machine role in the environment.

Resolution

All Platforms

  1. Log in to the Console and navigate to Assets > Computers > relevant Computer
    1. From the right hand side > Debug Level > None (default) > Go
    2. Other Actions > Delete Diagnostic Files on Computer > Go
  2. Log in to the endpoint and use the status command to verify the Debug Levels locally match those displayed in the Console. Defaults should show similar to: 
    Client Information
        Debug Level:            0
        Kernel Level:           2
        Network Trace:          Disabled
  3. If Windows, verify whether a Trusted Directory exists (Rules > Software Rules > Directories)
    • The Agent will temporarily extract compressed archives from a Trusted Directory in C:\ProgramData\Bit9\Parity Agent\crawl\
    • When an archive is being crawled for a Trusted Directory, disk usage is expected to temporarily increase due to this process.

Linux

  1. If on Agent 8.8.2 or lower, upgrade to 8.8.4+ to resolve an issue with Linux Agent database maintenance.
  2. Manually restart the Agent to free space used by the temporary db-wal file.

Additional Information

Powered by Wolken Software