Skip to main content
Sign Out

Welcome to Dell

My Account
  • Place orders quickly and easily
  • View orders and track your shipping status
  • Enjoy members-only rewards and discounts
  • Create and access a list of your products
Sign In Create an Account Dell Financial Services Premier Sign In Partner Program Sign In
Contact Us

Your Dell.com Carts

Some article numbers may have changed. If this isn't what you're looking for, try searching all articles. Search articles

How to Collect Logs for the VMware Carbon Black Cloud Endpoint Sensor

Summary: Logs may be collected for VMware Carbon Black Cloud Endpoint by following these instructions.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Symptoms

This article discusses the methods for collecting VMware Carbon Black Cloud Endpoint sensor logs.

Affected Products:

VMware Carbon Black Cloud Endpoint

Affected Versions:

v3.3.0 and later (Windows)
v3.1.0 and later (Mac)
v2.5.0 and later (Linux)

Affected Operating Systems:

Windows
Mac
Linux

Cause

Not applicable.

Resolution

Note: For information about how to capture a HAR file for troubleshooting the VMware Carbon Black Cloud, reference How to Capture a HAR File for VMware Carbon Black Cloud.

Click the appropriate operating system for the log collection process.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

Note: For information about how to collect Windows logs using Live Response, reference How to Collect VMware Carbon Black Endpoint Sensor Logs Using Live Response.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture [DESTINATION DIRECTORY] and then press Enter.

Command Prompt command

Note: [DESTINATION DIRECTORY] = Target destination for log bundle.
  1. In Windows Explorer, go to the [DESTINATION DIRECTORY] used in Step 5.
  2. Right-click psc_sensor.zip and then click Rename.

Rename

  1. Rename psc_sensor.zip to [MACHINENAME]_psc_sensor.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture and then press Enter.

Command Prompt command

  1. In Windows Explorer, go to C:\Windows\TEMP\confer-temp.
  2. If prompted for folder access, click Continue. Otherwise go to Step 8.

UAC prompt

  1. Right-click confer_dump.zip and then click Rename.

Rename

  1. Rename confer_dump.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type type sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli capture [UNINSTALL_CODE] [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type sudo /Applications/Confer.app/uninstall -l [UNINSTALL_CODE] -d [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo /opt/carbonblack/psc/bin/collectdiags.sh and then press Enter.
  2. Retrieve the log from /tmp. The filename is in the format diags_[HOSTNAME]_[EPOCH_TIME]_[RANDOM].tgz

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo tar cvf $(hostname –long)_$(date +"%Y-%b-%d_%H-%M-$S")_logs.tgz /var/opt/carbonblack/psc/log and then press Enter.
  2. Retrieve the log from /var/opt/carbonblack/psc/log.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Additional Information

   

Videos

   

Affected Products

VMware Carbon Black
Article Properties
Article Number: 000125504
Article Type: Solution
Last Modified: 20 Dec 2022
Version:  19
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.