VersionAll versions of Carbon Black.
Topic
This document describes how to enable additional feed logging to troubleshoot feed related cases.
Steps
1. Create a backup of the enterprise-logger.conf file (if in a clustered environment, only modify this file on the master (head-end) server):
cp /etc/cb/enterprise-logger.conf /etc/cb/enterprise-logger.conf_orig
2. Edit the original /etc/cb/enterprise-logger.conf file: vi /etc/cb/enterprise-logger.conf
3. Add the following "cb.core.feeds" text to the [loggers] section: [loggers]
keys=root, cb.core.feeds
4. Add the following NEW section, just after the [logger_root] section: [logger_cb.core.feeds]
level=DEBUG
handlers=syslog
propagate=0
Example: The file should read as: ...
[loggers]
[handlers]
[formatters]
[logger_root]
level=INFO
[logger_cb.core.feeds]
level=DEBUG
handlers=syslog
qualname=cb.core.feeds
propagate=0
...
5. No need to restart the services (but ensure all services are running).service cb-enterprise status
|
Note: the above command also applies to clustered environments, but only make this change on the master (head-end) server.
6. Refer to the Support Engineer assigned to your case for steps to reproduce your issue7. Support Engineer will request logs one of two ways:
7a. Upload all log files with the enterprise.log naming convention: /usr/share/cb/cbpost /var/log/cb/enterprise.log*
7b. Collect and upload all Carbon Black diagnostics logs:/usr/share/cb/cbdiag --post
Note: If the above commands fail to upload to the Alliance server, the cbdiag_*.zip archive file will be saved in the location the command was ran from. You can send the cbdiag or enterprise.log files manually at Cb Vault :
8. Once the Technical Support Engineer requests you disable logging, rename the backup copy of your enterprise-logging.conf file to restore to default settings:
mv /etc/cb/enterprise-logger.conf_orig /etc/cb/enterprise-logger.conf