logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

App Control: How To Collect Agent Performance Logs on Windows (Locally)

App Control: How To Collect Agent Performance Logs on Windows (Locally)

Environment

  • App Control Agent: All Supported Versions
  • Microsoft Windows: All Supported Versions

Objective

To collect diagnostics for cases involving performance impacts.

Resolution

Open a case with Carbon Black Support and the provide the following:
  1. Relevant Information:
    • Date/Time performance issue started occurring (did any change precede the start of it?)
    • Actions being performed when performance is degraded
    • Is the performance associated with a specific application?
      • Application name
      • Does the vendor of the application have a recommended exclusion list and has it been implemented?
      • Any paths/processes known to be associated with the application
    • Are there any blocks seen locally or within the App Control console during the performance issue?
    • Are results the same if the Agent is stopped and unloaded?
  2. Agent Logs
    1. Open an administrative command prompt and execute the following commands: 
      cd "C:\Program Files (x86)\Bit9\Parity Agent"
dascli password GlobalCLIPassword
dascli setconfigprop max_rolling_trace_size_mb=0
dascli resetcounters
dascli flushlogs
dascli tamperprotect 0
dascli debuglevel 6
dascli kerneltrace 4 -1
dascli nettrace 1
dascli diagnostics +performance
    2. Start a Procmon capture
    3. Collect 10-15 mins of data during the ongoing performance issues.
    4. Stop the Procmon capture and save "All Events" as a PML file.
    5. In the administrative command prompt execute the following commands to capture and reduce the logging levels to normal: 
      dascli capture "%userprofile%\Desktop\%computername%-Performance.zip"
dascli password GlobalCLIPassword
dascli setconfigprop max_rolling_trace_size_mb=50
dascli debuglevel 0
dascli kerneltrace 2
dascli nettrace 0
dascli diagnostics -performance
dascli tamperprotect 1
    6. (Optionally) For some performance issues a WPR capture will be needed, steps to collect it can be found HERE
    7. Please zip all files and upload them to the Vault.
    8. Once the upload completes, please comment on the support case that the data is available for review (along with all relevant information).

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
50% helpful (2/4)
Article Information
Author:
CB_Support
Creation Date:
‎01-11-2019
Views:
15769
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.