App Control: How To Collect Agent Performance Logs (Windows)

App Control: How To Collect Agent Performance Logs (Windows)

Environment

  • App Control Agent (Formerly CB Protection): All Versions
  • Microsoft Windows: All Supported Versions

Objective

To collect diagnostics for cases involving performance impacts.

Resolution

  1. Login to the system having performance issues
  2. Open an admin CMD prompt
  3. Run commands
    cd "C:\Program Files (x86)\Bit9\Parity Agent"
    dascli password <EnterCLIPasswordHere>
    dascli setconfigprop max_rolling_trace_size_mb=0
    dascli resetcounters
    dascli flushlogs
    dascli tamperprotect 0
    dascli debuglevel 6
    dascli kerneltrace 4 -1
    dascli nettrace 1
    dascli diagnostics +performance
  4. Start a Procmon capture
  5. Collect up to 15 mins of data during the ongoing performance issues
  6. Stop the Procmon capture and save all events as a PML file
  7. Run commands:
    dascli capture C:\temp\agentlogs.zip -- Change to desired name and location
    dascli password <EnterCLIPasswordHere>
    dascli setconfigprop max_rolling_trace_size_mb=50
    dascli debuglevel 0
    dascli kerneltrace 2
    dascli nettrace 0
    dascli diagnostics -performance
    dascli tamperprotect 1
    
  8. Please zip all files and upload them to the CB Vault here - https://community.carbonblack.com/groups/cb-vault
  9. Once the upload completes, please comment on the support case that the data is available for review

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
50% helpful (2/4)
Article Information
Author:
Creation Date:
‎01-11-2019
Views:
7717
Contributors