Environment
- EDR: All versions
- On-Prem Installation
Objective
Generate a server-side cbdiag report from any EDR server (Primary or Secondary) and send it to Carbon Black for troubleshooting.
Resolution
WARNING: Verify there is sufficient disk space before running this command
- Log into the command line interface (CLI) of the Primary Server, and if needed the Secondary Server.
- Change directory to a partition with sufficient available disk space.
- Run:
sudo /usr/share/cb/cbdiag --post
- Once uploaded, delete the file from the server in the same directory the command was run
- Repeat these steps for all Primary and Secondary Servers as needed.
Additional Notes
- The Server may become unresponsive if there is not enough disk space. /tmp is used as a working directory to gather the report. If /tmp does not have enough space, specify alternative working directory:
sudo /usr/share/cb/cbdiag --tmpdir=/new/temp/directory --post
- Completed reports are saved in the current working directory. The report must be manually deleted once uploaded
- Required disk space will vary depending on the amount of data and logs.
- The resulting cbdiag report will be automatically uploaded to Carbon Black's servers for troubleshooting purposes when using the --post flag.
- To reduce the size of logs, limit the number of days to collect using the --no-old-logs flag
sudo /usr/share/cb/cbdiag --no-old-logs=1
Related Content
