Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How To Collect Server Logs For Active Directory Login Errors

App Control: How To Collect Server Logs For Active Directory Login Errors


  • App Control Server: All Supported Versions


How to collect logs for Active Directory console login errors


Please confirm that the App Control service account has the permissions needed to access all Active Directory domains needed with this KB
  1. Login to the App Control Console using the local "admin" user
  2. Navigate to > https://ServerName/Shepherd_Config.php > DebugConsoleCommunication > Set to: true > Change
  3. Navigate to > https://ServerName/Support.php > go to the Diagnostics tab
    • Select the "Snapshot Server Logs" button
    • Logging Duration: 30 Minutes
    • Debug Level: Verbose
    • Reporter Log Level: Minimum(default)
    • Script Debug Level: Verbose
    • Active Directory Debug Level: Verbose (Available in version 8.9+)
    • Start Logging
  4. Reproduce the login error several times
  5. Go back to > Shepherd_Config.php > DebugConsoleCommunication > Set to: false > Change
  6. Go back to > Support.php >  Diagnostics > select "Stop Logging"
  7. On the Right side of the page > under Related Views > Select "Available Log Files".
  8. Save the following files that have today's date:
    • AppControlAD-todays-date-time.log
    • ServerLog-todays-date-time.bt9
  9. On the server navigate and copy this file: 
    \Program Files (x86)\Bit9\Parity Server\scripts\Adrules.xml
  10. Please make screenshots of the following:
    • Gear Icon > Login Account > User Role Mappings > Screenshot the page
    • Gear Icon > System Configuration > General Tab > Screenshot the page
    • Open "AD Users and Computers" or use a tool like AD Explorer to locate the user/group within the AD tree
    • Screenshot the page showing the AD path to said user/group
  11. Please zip and upload all collected data to CB Vault

Related Content

Labels (1)
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: