Environment
Endpoint Standard Sensor: 3.4.x.x and Higher
Microsoft Windows: All supported versions
Objective
Enable Sensor debug logging during issue reproduction
Resolution
- Log into the machine with a user account that matches the User or Group SID configured at the time of sensor install
- Launch a Command Prompt
- Change directory to C:\Program Files\Confer
- Run the following command
C:\Program Files\Confer> repcli debug 1
Sensor is in debug mode
- Enable any additional logging tools, such as Process Monitor or packet capture utilities
- Reproduce the issue
- Stop and save all other logging utilities
- Run the following command to gather Sensor logs
C:\Program Files\Confer> repcli capture
Captured diagnostic data in C:\Windows\TEMP\confer-temp\confer_dump.zip
- Run the following command to disable Sensor debug logging
C:\Program Files\Confer> repcli debug 0
Sensor is not in debug mode
- Gather all logs and attach to case as needed
Additional Notes
- Sensor debug logging will increase confer.log verbosity
- Sensor debug logging will raise kernel logging to the Info level so the Microsoft Event Trace Log File will include additional data
- RepCLI authentication can be enabled manually on individual sensors
Related Content
