logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How To Enable Agent Driver (Kernel) Trace Logging - Windows

App Control: How To Enable Agent Driver (Kernel) Trace Logging - Windows

Environment

  • App Control (Formerly CB Protection) Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

This document describes how to enable the Agent's kernel trace for logging

Resolution

  1. Open a command prompt and change directory to %ProgramFiles(x86)%\Bit9\Parity Agent
  2. Run the following commands in order: 
    dascli password <type the CLI or global password here>
dascli kerneltrace 4
  3. Run 'dascli status' to verify that the Kernel Level shows "4/0FFFFFFF"
  4. Reproduce the issue for logging
  5. Run the following commands to reset logging to default level:
dascli password <type the CLI or global password here>
dascli kerneltrace 2
       6. Run 'dascli status' to verify that the Kernel Level shows "2/007FFFFFF"
       7. Copy the latest ETL file located in C:\ProgramDATA\Bit9\Parity Agent\Logs if it’s Windows 7 or 2008 and C:\Documents and Settings\All Users\Application Data\Bit9\Parity Agent\Logs if it’s Windows XP or 2003

Additional Notes

Ensure that step 5 is followed every time, as high debugging logs can quickly fill up a hard-drive

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎04-04-2019
Views:
898
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.