跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

某些文章编号可能已更改。如果这不是您要查找的内容,请尝试搜索所有文章。搜索文章

How to Collect Logs for the VMware Carbon Black Cloud Endpoint Sensor

摘要: Logs may be collected for VMware Carbon Black Cloud Endpoint by following these instructions.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

症状

This article discusses the methods for collecting VMware Carbon Black Cloud Endpoint sensor logs.

Affected Products:

VMware Carbon Black Cloud Endpoint

Affected Versions:

v3.3.0 and later (Windows)
v3.1.0 and later (Mac)
v2.5.0 and later (Linux)

Affected Operating Systems:

Windows
Mac
Linux

原因

Not applicable.

解决方案

Note: For information about how to capture a HAR file for troubleshooting the VMware Carbon Black Cloud, reference How to Capture a HAR File for VMware Carbon Black Cloud.

Click the appropriate operating system for the log collection process.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

Note: For information about how to collect Windows logs using Live Response, reference How to Collect VMware Carbon Black Endpoint Sensor Logs Using Live Response.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture [DESTINATION DIRECTORY] and then press Enter.

Command Prompt command

Note: [DESTINATION DIRECTORY] = Target destination for log bundle.
  1. In Windows Explorer, go to the [DESTINATION DIRECTORY] used in Step 5.
  2. Right-click psc_sensor.zip and then click Rename.

Rename

  1. Rename psc_sensor.zip to [MACHINENAME]_psc_sensor.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.

Run

  1. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.

Run UI

  1. In Command Prompt, type CD [DIRECTORY] and then press Enter.

Command Prompt command

Note:
  • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor.
  • The default installation [DIRECTORY] is C:\Program Files\Confer.
  1. Type repcli capture and then press Enter.

Command Prompt command

  1. In Windows Explorer, go to C:\Windows\TEMP\confer-temp.
  2. If prompted for folder access, click Continue. Otherwise go to Step 8.

UAC prompt

  1. Right-click confer_dump.zip and then click Rename.

Rename

  1. Rename confer_dump.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type type sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli capture [UNINSTALL_CODE] [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

To collect logs:

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.

Utilities

  1. Double-click Terminal.

Terminal

  1. In Terminal, type sudo /Applications/Confer.app/uninstall -l [UNINSTALL_CODE] -d [DESTINATION DIRECTORY] and then press Enter.

Terminal command

Note:
  1. Populate the password for sudo and then press Enter.
  2. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  3. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
Note: [MACHINENAME] = Fully qualified domain name of endpoint.

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo /opt/carbonblack/psc/bin/collectdiags.sh and then press Enter.
  2. Retrieve the log from /tmp. The filename is in the format diags_[HOSTNAME]_[EPOCH_TIME]_[RANDOM].tgz

To collect logs:

  1. Log in to the affected endpoint.
  2. Open Terminal.

Terminal

Note: The user interface (UI) layout may differ between Linux distributions.
  1. In Terminal, type su root and then press Enter.
  2. Populate the password for root and then press Enter.

Terminal command

  1. Type sudo tar cvf $(hostname –long)_$(date +"%Y-%b-%d_%H-%M-$S")_logs.tgz /var/opt/carbonblack/psc/log and then press Enter.
  2. Retrieve the log from /var/opt/carbonblack/psc/log.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

 

其他信息

   

视频

   

受影响的产品

VMware Carbon Black
文章属性
文章编号: 000125504
文章类型: Solution
上次修改时间: 20 12月 2022
版本:  19
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。