Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How To Generate Server Diagnostic Logs for On-Prem

EDR: How To Generate Server Diagnostic Logs for On-Prem


  • EDR: All versions
  • On-Prem Installation


Generate a server-side cbdiag report from any EDR server (Primary or Secondary) and send it to Carbon Black for troubleshooting.


  1. Log into the command line interface (CLI) of the Primary or Secondary server.
  2. Change directory to a partition with sufficient available disk space.
  3. Run:
sudo /usr/share/cb/cbdiag --post
  1. Once uploaded, delete the file from the server in the same directory the command was run
rm cbdiag*.zip

Additional Notes

  • Verify there is sufficient disk space before running this command.
  • Repeat these steps for all Primary and Secondary Servers as needed.
  • The Server may become unresponsive if there is not enough disk space. /tmp is used as a working directory to gather the report. If /tmp does not have enough space, specify alternative working directory:
sudo /usr/share/cb/cbdiag --tmpdir=/new/temp/directory --post
  • Completed reports are saved in the current working directory. The report must be manually deleted once uploaded
  • Required disk space will vary depending on the amount of data and logs.
  • The resulting cbdiag report will be automatically uploaded to Carbon Black's servers for troubleshooting purposes when using the --post flag.
  • To reduce the size of logs, limit the number of days to collect using the --no-old-logs flag
sudo /usr/share/cb/cbdiag --no-old-logs=1


Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Creation Date: