Collect macOS sensor logs for performance-related issues
search cancel

Collect macOS sensor logs for performance-related issues

book

Article ID: 285217

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To collect relevant logs on an Apple macOS endpoint in order to troubleshoot most performance-related issues. Typical issues may include:
  • General system performance issues
  • High CPU/Memory of EDR sensor process
  • High CPU/Memory of third-party applications

Environment

  • EDR Sensor: 6.x and Higher
  • macOS: All Supported Versions

Resolution

  1. Log onto the Apple macOS endpoint exhibiting performance issues.
  2. Generate a process sample for the sensor:
# sudo sample CbOsxSensorService 10 1 -f ~/Desktop/process_sample_`hostname`_`date +%Y-%m-%d_%H-%M-%S`.log
  1. Generate a macOS sensor diag report.
  2. If necessary, update the technical support case with further relevant information:
- Is the performance issue a reproducible scenario and if so, what steps, if any, are taken to reproduce it? 
(For example, were any backups, updates, or large file transfers being performed?)

- How many endpoints are affected? What are their general system profiles and function? 

- What other security applications/real-time scanners are installed?

- How long do the performance issues last? 

- What actions, if any, return the system performance to normal?

- Is the endpoint connected to to any network shares? 

- Does this endpoint generate a large number of logs, binaries, or PDF reports?

Additional Information

  • The process sample generated in step 2 will be created on your Desktop.
Powered by Wolken Software