Environment
- App Control (Formerly CB Protection) Agent: All Versions
- Mac OS: All Supported Versions
Objective
This document describes the collection of diagnostics that will help Carbon Black Support with investigating a resolution to the following issues:
- High CPU
- High Memory Usage
- Slow Application Performance
- Slow Machine Performance
Resolution
- "/Applications/Bit9/Tools/b9cli [command]"
- Run the following commands
- ./b9cli --password <CLI or Global password here>
- ./b9cli --resetcounters
- ./b9cli --flushlogs
- ./b9cli --debuglevel 6
- ./b9cli --kerneltrace 4
- Reproduce the issue during the capture. Keeping the capture as short as possible. resetcounters and flushlogs can be run again until successful reproduction
- Capture and stop debug logging
- ./b9cli --capture <path to drop>/`hostname`_`date +%Y-%m-%d_%H-%M-%S`.zip
- ./b9cli --password <CLI or Global password here>
- ./b9cli --debuglevel 0
- ./b9cli --kerneltrace 2
- After collection, please reproduce with the sample command and agent diagnostics not running
- sudo sample b9daemon 10 10
This will write a .txt sample analysis file to /tmp
- Collect System Logs
- system_profiler --detaillevel full > sysinfo.txt
- tar -cvf library-logs-panicreports.tar /Library/Logs/PanicReports
For 10.6 or above - system_profiler --detaillevel full > sysinfo2.txt
- tar -cvf library-logs-diagnosticreports.tar /Library/Logs/DiagnosticReports
- Answer the following questions
- When did the issue start?
- Were there any changes?
- Is this continuous or a periodic spike?
- What AV products are on the endpoint?
- Is this a development endpoint?
Additional Notes
- OS X security features do not allow these commands to be run from the Application directory. Commands need to be run from a directory you have write permissions to - i.e. your home folder
