Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

All Products: Enable CAPI 2 Logging

All Products: Enable CAPI 2 Logging

Environment

Microsoft Windows: All Supported Versions

Objective

Enabling CAPI2 Windows Logging

Resolution

Enable CAPI2 Logging:
  1. Open the computer management console by entering in the Start->Run box:  compmgmt.msc /s
  2. From the console object tree (left side) expand Event Viewer -> Windows Logs -> Applications and Services Logs -> Microsoft -> Windows -> CAPI2 select Operational.
  3. From the actions section (on the right pane), select "Enable log".  (if logging is already enabled, you will only see "Disable log" in actions section)
  4. If logging was already enabled, and you have already reproduced the issue, proceed to save existing logs
  5. If logging was not enabled previously, reproduce the issue you are encountering.  If encountering a sensor/agent communication issue, wait 5 minutes and then save logs.  Sensor/agent communications retries will happen within 5 minute interval.    
Save and Disable CAPI2 Logging:Save and disable the CAPI2 logs:
  1. In Event Viewer, right click "Operational"
  2. Select "Save All Events As"
  3. Fill in name, save as type: Event Files (.evtx)
  4. Select "Display information for these languages"
  5. Select "English"
  6. Click "Ok"
  7. (optional, if it was disabled previously)  Right click "Operational" and choose "disable log"

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎03-07-2019
Views:
2499
Contributors