Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: Collecting Historical Logs for Server Troubleshooting (Locally)

App Control: Collecting Historical Logs for Server Troubleshooting (Locally)

Environment

  • App Control Server: All Supported Versions
  • Microsoft Windows Server: All Supported Versions
  • Microsoft Internet Information Services (IIS): All Supported Versions

Objective

To locally collect historical App Control Server logs for troubleshooting.

Resolution

  1. Gather the following information:
    • What is the OS version and build of the application server where the App Control Server is installed?
    • What is the total system memory of the application server?
    • What is the total free disk space on the drive App Control Server is installed on?
    • What version of the App Control Server is currently installed?
    • Is the SQL database located on the same server as the App Control Server?
    • What version of SQL Server is hosting the App Control database? Is it patched to the latest Cumulative Update?
    • What is the maximum memory set for SQL Server?
    • What error message or events are you receiving regarding this issue?
    • When did the error messages/events/issue start?
    • Were there any new changes on the server(s) or the network recently?
  2. Collect App Control Server logs:
    1. Log in to the App Control Server as the Carbon Black Service Account.
    2. Collect a copy of the following files from the Parity Server directory:
      C:\Program Files (x86)\Bit9\Parity Console\WebUI\Logs\php_errors.log
      C:\Program Files (x86)\Bit9\Parity Server\Reporter\ParityReporter.log
      C:\Program Files (x86)\Bit9\Parity Server\ServerLog.bt9
      
    3. Collect a copy the most recent automatic log captures from this folder:
      C:\Program Files (x86)\Bit9\Parity Server\Support\API-TIMESTAMP.log
      C:\Program Files (x86)\Bit9\Parity Server\Support\PHPErrors-TIMESTAMP.log
      C:\Program Files (x86)\Bit9\Parity Server\Support\ReporterLog-TIMESTAMP.log
      C:\Program Files (x86)\Bit9\Parity Server\Support\ServerLog-Auto-TIMESTAMP.bt9
      C:\Program Files (x86)\Bit9\Parity Server\Support\SQLTrace-TIMESTAMP.log
      
       
  3. Collect the Windows Application and Windows System logs.
  4. Collect the most recent IIS Logs.
  5. Upload the collected logs to the Vault and provide an update on the relevant Support Case.

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎11-13-2017
Views:
5080
Contributors