Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

CB Protection: ETL File Grows Too Large

CB Protection: ETL File Grows Too Large

Environment

  • CB Protection Agent: 7.x - 8.0 P6
  • Microsoft Windows: All Supported Versions

Symptoms

The agent ETL file (%programdata%\Bit9\Parity Agent\Logs\parity_<version>.etl)) keeps growing and reaches several gb in size.

Cause

Possible causes:
  • Agent debug level is set high
  • McAfee AV writing to Cb Protection ETL file
  • Being below agent version 8.1.4

Resolution

  1. Confirm agent debug level is set to default:
    1. Login to effected computer
    2. Open an admin CMD prompt
    3. Run commands:
      cd "c:\program files (x86)\bit9\parity agent"
      dascli status
    4. Results of dascli status will show "Debug Level" and "Kernel Level"
      • Default Debug Level is 0
      • Default Kernel Level is 2
  2. Upgrade to 8.1.4 or Higher
  3. Clear out the log file:
    1. Login to the CB Protection console
    2. Navigate to assets>computer
    3. Click onto machine having the issue
    4. Navigate to Advanced>Other Actions> Delete Diagnostic Files on Computer

Additional Notes

The log rolling mechanism is activated every 5 minutes. Therefore, on busy agents, the ETL file may grow larger than the default 50mb cap.

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-25-2015
Views:
2744
Contributors