logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How to Enable Kernel Driver Logging on Startup (macOS)

App Control: How to Enable Kernel Driver Logging on Startup (macOS)

Environment

  • App Control Agent: All Supported Versions
  • macOS: All Supported Versions

Objective

Steps to enable the Agent's Kernel Driver logging on startup.

Resolution

  1. Open a command prompt and change directory to  /Applications/Bit9/Tools. 
  2. Run the following commands in order: 
    ./b9cli password <type the CLI or global password here>
./b9cli kerneltrace 4
  3. Run './b9cli status' to verify that the Kernel Level shows "4/0FFFFFFF"
  4. Reproduce the issue for logging
  5. Run the following commands to turn logging back down: 
    ./b9cli password <type the CLI or global password here>
./b9cli kerneltrace 2
  6. Run 'dascli status' to verify that the Kernel Level shows "2/007FFFFFF"
  7. Zip the folder /Library/Application Support/com.bit9.Agent/Data and get a copy of the system.log from /var/log.

Additional Notes

Ensure that step 5 is followed every time, high debugging logs can quickly fill up a harddrive.

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎04-12-2019
Views:
630
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.