Ir al contenido principal
  • Realice pedidos rápida y fácilmente.
  • Vea los pedidos y haga el seguimiento del estado del envío.
  • Cree una lista de sus productos y acceda a ella
Es posible que hayan cambiado los números de algunos artículos. Si no es lo que estaba buscando, pruebe a buscar todos los artículos. Buscar artículos

How to Collect Logs for the VMware Carbon Black Cloud Endpoint Sensor

Resumen: Logs may be collected for VMware Carbon Black Cloud Endpoint by following these instructions.

Este artículo se aplica a: Este artículo no se aplica a: Este artículo no está vinculado a ningún producto específico. En este artículo no se identifican todas las versiones de los productos.

Síntomas

This article discusses the methods for collecting VMware Carbon Black Cloud Endpoint sensor logs.


Affected Products:

VMware Carbon Black Cloud Endpoint

Affected Versions:

v3.3.0 and later (Windows)
v3.1.0 and later (Mac)
v2.5.0 and later (Linux)

Affected Operating Systems:

Windows
Mac
Linux


Causa

Not applicable.

Resolución

Note: For information about how to capture a HAR file for troubleshooting the VMware Carbon Black Cloud, reference How to Capture a HAR File for VMware Carbon Black Cloud.

Click the appropriate operating system for the log collection process.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

Note: For information about how to collect Windows logs using Live Response, reference How to Collect VMware Carbon Black Endpoint Sensor Logs Using Live Response.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture [DESTINATION DIRECTORY] and then press Enter.

Command Prompt command

Note: [DESTINATION DIRECTORY] = Target destination for log bundle.
  1. In Windows Explorer, go to the [DESTINATION DIRECTORY] used in Step 5.
  2. Right-click psc_sensor.zip and then click Rename.

Rename

  1. Rename psc_sensor.zip to [MACHINENAME]_psc_sensor.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture and then press Enter.

Command Prompt command

  1. In Windows Explorer, go to C:\Windows\TEMP\confer-temp.
  2. If prompted for folder access, click Continue. Otherwise go to Step 8.

UAC prompt

  1. Right-click confer_dump.zip and then click Rename.

Rename

  1. Rename confer_dump.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type type sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli capture [UNINSTALL_CODE] [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type sudo /Applications/Confer.app/uninstall -l [UNINSTALL_CODE] -d [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo /opt/carbonblack/psc/bin/collectdiags.sh and then press Enter.
  2. Retrieve the log from /tmp. The filename is in the format diags_[HOSTNAME]_[EPOCH_TIME]_[RANDOM].tgz

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo tar cvf $(hostname –long)_$(date +"%Y-%b-%d_%H-%M-$S")_logs.tgz /var/opt/carbonblack/psc/log and then press Enter.
  2. Retrieve the log from /var/opt/carbonblack/psc/log.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

Información adicional

   

Vídeos

   

Productos afectados

VMware Carbon Black
Propiedades del artículo
Número de artículo: 000125504
Tipo de artículo: Solution
Última modificación: 20 dic 2022
Versión:  19
Encuentra las respuestas que necesitas con la ayuda de otros usuarios de Dell
Servicios de asistencia
Comprueba si tu dispositivo está cubierto por los servicios de asistencia.