Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect Logs for Troubleshooting a Disconnected Linux Agent (Locally)

App Control: How to Collect Logs for Troubleshooting a Disconnected Linux Agent (Locally)

Environment

  • App Control Agent: All Supported Linux Versions
  • Linux Operating System: All Supported Versions

Objective

How to collect logs for troubleshooting a disconnected Linux Agent.

Resolution

  1. Change to the Agent's directory:
    cd /opt/bit9/bin
  2. Verify the Agent is running, and has a Server listed:
    ./b9cli --status
  3. If the Agent is fully running and otherwise healthy: authenticate with the Agent and issue the following commands:
    ./b9cli --password GlobalCLIPassword
    ./b9cli --disconnect
    ./b9cli --debuglevel 4
    ./b9cli --kerneltrace 4
    ./b9cli --nettrace 1
    ./b9cli --connect
  4. Attempt communication between the endpoint and the Server Address by running the following commands:
    ping <SERVERADDRESS>
    nslookup <SERVERADDRESS>
    telnet <SERVERADDRESS> <SERVERPORT>
    Note: If the Telnet utility is unavailable the timeout utility (part of the coreutils package) could be used instead:
    timeout 1 bash -c "</dev/tcp/ServerAddressHere/41002"
    echo $?
    
    An exit status of 0 indicates the Server Address is responding on the port specified (41002).
  5. Set the Debug Levels back to the defaults and collect the logs:
    ./b9cli --debuglevel 0
    ./b9cli --kerneltrace 2
    ./b9cli --nettrace 0
    ./b9cli --capture /var/tmp/DisconnectedAgentLogs.zip
  6. Collect the System Logs::
    tar cvfz /var/tmp/SystemLogs.tgz /var/log
  7. Provide Support with the two archive files created in /var/tmp:
    • DisconnectedAgentLogs.zip
    • SystemLogs.tgz

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎05-10-2022
Views:
70
Contributors