App Control: How to Collect Historical Agent Logs Remotely on Mac or Linux Agent for Troubleshooting

App Control: How to Collect Historical Agent Logs Remotely on Mac or Linux Agent for Troubleshooting

Environment

  • App Control (formerly CB Protection): All Supported Versions
  • Mac: All Supported Versions
  • Linux: All Supported Versions

Objective

How to collect historical logs for the Mac or Linux agent, ideal for unexpected blocks or other issues that cannot be reproduced


Resolution

  1. Log into the App Control Console
  2. Set the computer to High Debug level and Enable Kernel tracing
  3. Assets > Computers > Select the computer and open it's default page'
    • If reproducible: Other Actions > Delete Diagnostics files on Computer. Then Set Debug Level > select High and set duration for 15 minutes > check "Include Kernel" > check "Upload the diagnostics files when completed" > click Go
    • If not Reproducible: Other Actions > Upload Diagnostic Files
  4. To retrieve the diagnostics go to Tools > Requested Files and Download the Zip file created
  5. Please provide a CSV export of the events for the example machine only (filter by source)
    • If Block/Approval specific include the column "Rule Name" and note an example Sha256 hash in the case and screenshot expected rule to attach
  6. If this is a crash, please provide the following from the system
    • Linux:
      1. tar cvfz system-logs-'date +F'.tgz /var/log
    • OSX:
      1. system_profiler --detaillevel full > sysinfo.txt
      2. tar -cvf library-logs-panicreports.tar /Library/Logs/PanicReports
    • For  OSX 10.6 or above
      1. system_profiler --detaillevel full > sysinfo2.txt
      2. tar -cvf library-logs-diagnosticreports.tar /Library/Logs/DiagnosticReportsUpload all collected data to the 
  7. Upload the zip file here: https://community.carbonblack.com/groups/cb-vault
  8. Once the upload completes, please comment in the case that the data is available for review.

 


Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎09-09-2020
Views:
1130
Contributors