Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Endpoint Standard: How to Enable Sensor Debug Logging for Issue Reproduction with RepCLI

Endpoint Standard: How to Enable Sensor Debug Logging for Issue Reproduction with RepCLI

Environment

Endpoint Standard Sensor: 3.4.x.x and Higher
Microsoft Windows: All supported versions

Objective

Enable Sensor debug logging during issue reproduction 

Resolution

  1. Log into the machine with a user account that matches the User or Group SID configured at the time of sensor install
  2. Launch a Command Prompt
  3. Change directory to C:\Program Files\Confer
  4. Run the following command
    C:\Program Files\Confer> repcli debug 1
    Sensor is in debug mode
  5. Enable any additional logging tools, such as Process Monitor or packet capture utilities
  6. Reproduce the issue
  7. Stop and save all other logging utilities 
  8. Run the following command to gather Sensor logs
    C:\Program Files\Confer> repcli capture
    Captured diagnostic data in C:\Windows\TEMP\confer-temp\confer_dump.zip
  9. Run the following command to disable Sensor debug logging
    C:\Program Files\Confer> repcli debug 0
    Sensor is not in debug mode
  10. Gather all logs and attach to case as needed

Additional Notes

  • Sensor debug logging will increase confer.log verbosity
  • Sensor debug logging will raise kernel logging to the Info level so the Microsoft Event Trace Log File will include additional data 
  • RepCLI authentication can be enabled manually on individual sensors

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-09-2021
Views:
319
Contributors