Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: How To Generate Server Diagnostic Logs for On-Prem

EDR: How To Generate Server Diagnostic Logs for On-Prem

Environment

  • EDR: All versions
  • On-Prem Installation

Objective

Generate a server-side cbdiag report from any EDR server (Primary or Secondary) and send it to Carbon Black for troubleshooting.

Resolution

WARNING: Verify there is sufficient disk space before running this command
  1. Log into the command line interface (CLI) of the Primary Server, and if needed the Secondary Server. 
  2. Change directory to a partition with sufficient available disk space.
  3. Run:
sudo /usr/share/cb/cbdiag --post
  1. Once uploaded, delete the file from the server in the same directory the command was run
rm cbdiag*.zip
  1. Repeat these steps for all Primary and Secondary Servers as needed.

Additional Notes

  • The Server may become unresponsive if there is not enough disk space. /tmp is used as a working directory to gather the report. If /tmp does not have enough space, specify alternative working directory:
sudo /usr/share/cb/cbdiag --tmpdir=/new/temp/directory --post
  • Completed reports are saved in the current working directory. The report must be manually deleted once uploaded
  • Required disk space will vary depending on the amount of data and logs.
  • The resulting cbdiag report will be automatically uploaded to Carbon Black's servers for troubleshooting purposes when using the --post flag.
  • To reduce the size of logs, limit the number of days to collect using the --no-old-logs flag
sudo /usr/share/cb/cbdiag --no-old-logs=1

 

Related Content


Labels (1)
Tags (2)
Was this article helpful? Yes No
100% helpful (2/2)
Article Information
Author:
Creation Date:
‎11-21-2018
Views:
11629
Contributors