Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How to collect Sensor Logs via Live Response (Linux)

Carbon Black Cloud: How to collect Sensor Logs via Live Response (Linux)


  • Carbon Black Cloud Console: All Versions
    • Audit & Remediation required for Live Response
  • Carbon Black Cloud Sensor: 2.7.x.x and Higher
  • Linux: All Supported Versions


How to collect logs and configuration information from the VMware Carbon Black Cloud Linux endpoint agent via Live Response session


  1. Connect to device via LR session
  2. Launch terminal emulator
    execfg sudo /opt/carbonblack/psc/bin/collectdiags.sh --verbose --debug --output-dir /tmp
  3. Script will complete and display file name
  4. Retrieve the file
    get /tmp/diags_{hostname}_{epoch_time}_{random}.tgz
  5. Upload the tarball to CB Vault
  6. Let support know when the file has been uploaded

Additional Notes

  • Output file (diags_{hostname}_{epoch_time}_{random}.tgz) is created in /tmp/ by default
  • To change the output path, use the '--output-dir' parameter; For example, to create the file in the user’s home directory:
    sudo ./collectdiags.sh --verbose --debug --output-dir $HOME
  • The script also collects various system identity, configuration, and state information
  • The collected information helps VMware Carbon Black understand and repair problems that occur at runtime or during agent installation
  • 2.6.x.x Sensors and earlier can also use the above after downloading and installing the diagnostics script

Related Content

Was this article helpful? Yes No
No ratings
Article Information
Creation Date: