IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

How to enable verbose feed logging in Carbon Black

How to enable verbose feed logging in Carbon Black

Version

All versions of Carbon Black.

Topic

This document describes how to enable additional feed logging to troubleshoot feed related cases.

Steps

1. Create a backup of the enterprise-logger.conf file (if in a clustered environment, only modify this file on the master (head-end) server):

cp /etc/cb/enterprise-logger.conf /etc/cb/enterprise-logger.conf_orig
2. Edit the original /etc/cb/enterprise-logger.conf file:

vi /etc/cb/enterprise-logger.conf
3. Add the following "cb.core.feeds" text to the [loggers] section:

[loggers]
keys=root, cb.core.feeds
4. Add the following NEW section, just after the [logger_root] section:

[logger_cb.core.feeds]
level=DEBUG
handlers=syslog
propagate=0
qualname=cb.core.feeds

Example: The file should read as:

...

[loggers]
keys=root, cb.core.feeds

[handlers]
keys=syslog

[formatters]
keys=generic

[logger_root]
level=INFO
handlers=syslog

[logger_cb.core.feeds]
level=DEBUG
handlers=syslog
qualname=cb.core.feeds
propagate=0
...
5. No need to restart the services (but ensure all services are running).
service cb-enterprise status

Note: the above command also applies to clustered environments, but only make this change on the master (head-end) server.

6. Refer to the Support Engineer assigned to your case for steps to reproduce your issue

7. Support Engineer will request logs one of two ways:

7a. Upload all log files with the enterprise.log naming convention:

/usr/share/cb/cbpost /var/log/cb/enterprise.log*

7b. Collect and upload all Carbon Black diagnostics logs:

/usr/share/cb/cbdiag --post

Note: If the above commands fail to upload to the Alliance server, the cbdiag_*.zip archive file will be saved in the location the command was ran from. You can send the cbdiag or enterprise.log files manually at Cb Vault :

Upload all collected data at Cb Vault

8. Once the Technical Support Engineer requests you disable logging, rename the backup copy of your enterprise-logging.conf file to restore to default settings:

mv /etc/cb/enterprise-logger.conf_orig /etc/cb/enterprise-logger.conf

Tags (3)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎12-21-2015
Views:
818