Environment

• App Control Agent: All Supported Versions
• Linux: All Supported Versions

Objective

Resolution

1. Open Terminal and issue the following commands:

   cd /opt/bit9/bin
   ./b9cli --password GlobalCLIPassword
   ./b9cli --resetcounters
   ./b9cli --flushlogs
   ./b9cli --debuglevel 4
   ./b9cli --kerneltrace 4
   ./b9cli --nettrace 1
   

2. Collect 5-10 minutes of data during the ongoing performance issues.
3. Download the cbp-linux-sys-info script, extract and execute it. Once completed, collect the resulting /tmp/cbp-linux-sys-info.tgz file.
   • If the endpoint is in a Medium or High Enforcement Policy the cbp-linux-sys-info.sh script will need to be granted an Approval prior to execution.
   • If the execution of the script gives you an invalid character output, you may need to clean the sh file by running the command below, then executing the script again:

     cat cbp-linux-sys-info.sh | col -bf > cbp-linux-sys-info.sh

4. Take a snapshot of the running b9daemon process using the gcore command (gcore is included with gdb which you may need to install).

   gcore 'pidof b9daemon'

5. Capture and stop debug logging:

   sudo ./b9cli --capture /var/tmp/$HOSTNAME-PerformanceLogs.zip
   ./b9cli --password GlobalCLIPassword
   ./b9cli --debuglevel 0
   ./b9cli --kerneltrace 2
   ./b9cli --nettrace 0
   

6. Collect the System Logs.

   sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log

7. After collection has completed, temporarily shutdown & unload the Agent, then reproduce with the TOP command:

   top -c -n 10 -d 5 >> /var/tmp/$HOSTNAME-top_output.txt
   

8. While the Agent is shutdown & unloaded, collect a FAPREDEP capture.
9. Upload all collected data to the Vault.

Related Content