logo

Knowledge Base

Access official resources from Carbon Black experts

Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

App Control: How to Collect High Debug Agent Logs on Windows (Locally)

App Control: How to Collect High Debug Agent Logs on Windows (Locally)

Environment

  • App Control Agent: 7.x and Higher
  • Microsoft Windows: All Supported Versions

Objective

To collect agent logs locally on windows machines

Resolution

  1. Access the target device.
  2. Open an elevated command prompt.
  3. Run the following commands in order 
    • cd C:\Program Files (x86)\Bit9\Parity Agent
dascli password <Enter the agent CLI or global password without the brackets>
dascli resetcounters
dascli debuglevel 6
dascli kerneltrace 4
dascli nettrace 1
  4. If able to recreate the issue, do so now. If not, let the agent sit for 10 - 15 minutes unless otherwise specified by support.
  5. To collect the diagnostics that were generated and return the agent to normal logging levels, run the following commands in order: 
    • dascli password <Either the CLI or global password can be entered here without the brackets>
dascli debuglevel 0
dascli kerneltrace 2
dascli nettrace 0
dascli capture <Path>\<COMPUTERNAME>.zip
  6. Upload the resulting zip file to the CB Vault.
  7. Once upload is complete, please comment in the case that the files should be available for review.


 

Additional Notes

If the system is 32 bit, use C:\Program Files\Bit9\Parity Agent for the path instead of Program Files (x86).

Related Content


Labels (1)
Labels:
Tags (2)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎11-28-2018
Views:
6329
Contributors
logo