How to Collect Carbon Black Cloud Sensor logs locally (Linux)
search cancel

How to Collect Carbon Black Cloud Sensor logs locally (Linux)

book

Article ID: 291912

calendar_today

Updated On:

Products

Carbon Black Cloud Audit and Remediation (formerly Cb Live Ops) Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

How to locally collect logs and configuration information from the Carbon Black Cloud Linux endpoint sensor.

Environment

  • Carbon Black Cloud Sensor: All Versions
  • Linux: All Supported Versions

Resolution

  1. Connect to Linux endpoint. 
  2. From the terminal, run:
    2.6.x.x Sensor and below
    Download and install the diagnostics script that is attached to this article record.
    Then run the command below. 2.7.x.x Sensor and above sudo /opt/carbonblack/psc/bin/collectdiags.sh --verbose --debug
  3. Script will complete and display file name
    diags_{hostname}_{epoch_time}_{random}.tgz
  4. Retrieve and upload the log files (.tgz file) to the case record.   
  5. Let the Support team know when the file has been uploaded.

Additional Information

  • Output file (diags_{hostname}_{epoch_time}_{random}.tgz) is created in /tmp/ by default
  • To change the output path, use the '--output-dir' parameter; For example, to create the file in the user’s home directory:
    sudo ./collectdiags.sh --verbose --debug --output-dir $HOME
  • The script also collects various system identity, configuration, and state information
  • The collected information helps VMware Carbon Black understand and repair problems that occur at runtime or during agent installation

Attachments

collectdiags.zip get_app