Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

App Control Agent: All Supported Versions
Linux Operating System: All Supported Versions

Objective

How to collect diagnostics after a Linux system crash.

Resolution

Please collect and zip the crash dump files that are written by default to: /var/crash and /var/log
```
sudo tar cvfz /var/tmp/$HOSTNAME-CrashLogs.tgz /var/crash
sudo tar cvfz /var/tmp/$HOSTNAME-SystemLogs.tgz /var/log
```
- If the vmcore files are missing, please verify that the Kdump service is active using steps in this KB
- Please check if the default path for writing crash logs has been modified in the config file: /etc/kdump.conf

Collect the Agent Historical Logs:

cd /opt/bit9/bin
sudo ./b9cli --capture /var/tmp/$HOSTNAME-AgentLogs.tgz

Output of the kernel version:
```
uname -r
```

Related Content

All Products: How to configure Kdump for Linux kernel crash dump

Article Information

Author:

Creation Date:

‎01-19-2022

Views:

801

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.