Environment
- App Control Console: All Supported Versions
- App Control Windows Agent: All Supported Versions
- Microsoft Windows: All Supported Versions
Objective
To setup high debug logging, that persists reboots, for issues that cannot be recreated on demand.
Resolution
- Log in to the Console and navigate to Assets > Computers > relevant Computer.
- In the URL, note the value for host_id (example: https://ServerAddress/host-details.php?host_id=74)
- From the Computer Details page > right hand side > Advanced > Set Debug Level:
- Debug Level: High & Include Kernel
- Debug Duration: Permanent
- Click "Go"
- Navigate to https://ServerAddress/agent_config.php > Add Agent Config
- Use the following details:
- Property Name: TMP-Max Roll QTY (or something memorable)
- Host ID: Value from Step 2 (ex: 74)
- Value: max_rolled_trace_logs_to_keep=20
- Status: Enabled
- Click Save & add another Agent Config using the following details:
- Property Name: TMP-Max Roll Size (or something memorable)
- Host ID: Value from Step 2 (ex: 74)
- Value: max_rolling_trace_size_mb=500
- Status: Enabled
- Click Save & add another Agent Config using the following details:
- Property Name: Verbose Log Pattern (or something memorable)
- Host ID: Value from Step 2 (ex: 74)
- Value: kernelVerboseLogPattern=TrustedFile.exe
- Status: Enabled
- Click Save & add a final Agent Config using the following details:
- After creating these Agent Configs, verify the Agent shows as Connected & Up to Date in Assets > Computers.
- Once the Agent generates an Event matching the scenario, an Event in the Console will appear with Subtype "Agent Diagnostics Available"
- Verify the Agent Logs are available, and download them, from Tools > Requested Files > Diagnostic Files.
- Navigate back to Assets > Computers > relevant Computer > right hand side > Advanced > Set Debug Level > None (default).
- Disable or delete the Agent Configs created in Steps 5, 6, 7 and 8.
- Upload the Agent Logs to the Vault.
- After confirming the Agent Logs have been received by Support, it may be beneficial to clear them from the endpoint.
Additional Notes
- capture_log_on_matching_event is a Kernel Configuration Property that will trigger the capture of Agent Diagnostic Logs based on the Event Subtype and optional additional criteria.
- There is a built in delay of 5 seconds after the Event to capture possible following activity.
- There is a built in dwell time of 15 minutes. The auto log capture will not trigger until 15 minutes after the last auto log capture.
- There is a limit of 10 auto log captures. No auto captures will occur until there are less than 10 captures in the logs directory.
- The 15 minute dwell time and 10 capture maximum are to stop poorly defined event criteria from generating large numbers of logs.
- Setting the property to an empty string disables auto-logging.
- A list of available Event Subtype IDs can be found on VMware Docs > Server Documentation > Events Guide.
Related Content