Collecting Diagnostic Logs for Performance Related Issues (Linux)
search cancel

Collecting Diagnostic Logs for Performance Related Issues (Linux)

book

Article ID: 288122

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

To collect relevant logs on a Linux endpoint in order to troubleshoot most performance-related issues. Typical issues may include:
  • General system performance issues
  • High CPU/Memory of EDR sensor process
  • High CPU/Memory of third-party applications

Environment

  • EDR Sensor: 6.x and Higher
  • Linux: All Supported Versions

Resolution

  1. Log onto the Linux endpoint exhibiting performance issues.
  2. Gather an strace output for the cbdaemon process.
  3. Generate a Linux endpoint diag report
  4. Update your Technical Support case with further relevant information:
- Is this Linux endpoint also serving as an EDR console server (primary or secondary node?)

- Is the performance issue a reproducible scenario and if so, what steps, if any, are taken to reproduce it? 
(For example, were any backups, updates, or large file transfers being performed?)

- How many endpoints are affected? What are their general system profiles and function? 

- What other security applications/real-time scanners are installed? Have these exclusions been applied?

- How long do the performance issues last? 

- What actions, if any, return the system performance to normal?

- Is the endpoint connected to any network shares? 

- Does this endpoint generate a large number of logs, binaries, or PDF reports?


 

Additional Information

EDR Sensor version 7.2.0 contains improvements to memory and CPU performance, reference 'Resolved Issues' section in the release notes.

Powered by Wolken Software