Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Enable Agent Driver (Kernel) Level Trace Logging - Linux

App Control: How to Enable Agent Driver (Kernel) Level Trace Logging - Linux

Environment

  • App Control (Formerly CB Protection) Agent: All Supported Versions
  • Linux: All Supported Versions

Objective

This document describes how to enable the Agent's kernel trace for logging

Resolution

  1. Open a terminal window and change directory to /opt/bit9/bin
  2. Run the following commands in order:
    ./b9cli --password <type the CLI or global password here>
    ./b9cli --kerneltrace 4
  3. Automatic return output from the Agent should confirm that the Kernel Level has changed, and now displays "Kernel Trace Parameters[level [4] Flags[007FFFFF]]"
  4. Reproduce the issue for logging
  5. Run the following commands to reset logging to default level:
    ./b9cli --password <type the CLI or global password here>
    ./b9cli --kerneltrace 2

       6. Automatic return output from the Agent should confirm that the Kernel Level has changed, and now displays "Kernel Trace Parameters[level [2] Flags[007FFFFF]]"
       7. Run ./b9cli --capture <PathAndFileNameHere.zip>   (Example: ./b9cli --capture /home/username/Downloads/MachineName.zip) The path can be any writeable directory of your choice


Additional Notes

Ensure that step 5 is followed every time, as high debugging logs can quickly fill up a hard-drive

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎04-04-2019
Views:
716
Contributors