跳转至主要内容
退出

欢迎访问戴尔

我的帐户
  • 快速、轻松地下订单
  • 查看订单并跟踪您的发货状态
  • 创建并访问您的产品列表
登录 创建帐户 登录Premier 合作伙伴计划登录
联系我们

您的 Dell.com 购物车

How to Collect Logs for the VMware Carbon Black Cloud Endpoint Sensor

摘要: Learn how to collect logs for VMware Carbon Black Cloud Endpoint on Windows, Mac, or Linux by following these instructions.

本文适用于 本文不适用于 本文并非针对某种特定的产品。 本文并非包含所有产品版本。
查看其他资源

说明

This article discusses the methods for collecting VMware Carbon Black Cloud Endpoint sensor logs.

Affected Products:

  • VMware Carbon Black Cloud Endpoint

Affected Versions:

  • v3.3.0 and later (Windows)
  • v3.1.0 and later (Mac)
  • v2.5.0 and later (Linux)

Affected Operating Systems:

  • Windows
  • Mac
  • Linux
Note: For information about capturing a HAR file for troubleshooting VMware Carbon Black Cloud, reference How to Capture a HAR File for VMware Carbon Black Cloud.

Click Windows, Mac, or Linux for more information about the log collection process.

Windows

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

Note: For information about how to collect Windows logs using Live Response, reference How to Collect VMware Carbon Black Endpoint Sensor Logs Using Live Response.
  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.
    Run
  3. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.
    Run UI
  4. In Command Prompt, type CD [DIRECTORY] and then press Enter.
    Command Prompt command
    Note:
    • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor
    • The default installation [DIRECTORY] is C:\Program Files\Confer.
  5. Type repcli capture [DESTINATION DIRECTORY] and then press Enter.
    Command Prompt command
    Note: [DESTINATION DIRECTORY] = Target destination for log bundle
  6. In Windows Explorer, go to the [DESTINATION DIRECTORY] used in Step 5.
  7. Right-click psc_sensor.zip and then click Rename.
    Rename
  8. Rename psc_sensor.zip to [MACHINENAME]_psc_sensor.zip.
    Note: [MACHINENAME] = Fully qualified domain name of endpoint
  1. Log in to the affected endpoint.
  2. Right-click the Windows start menu and then select Run.
    Run
  3. In the Run UI, type cmd and then press CTRL+SHIFT+ENTER. This runs Command Prompt as an administrator.
    Run UI
  4. In Command Prompt, type CD [DIRECTORY] and then press Enter.
    Command Prompt command
    Note:
    • [DIRECTORY] = Directory of the VMware Carbon Black Cloud Endpoint sensor
    • The default installation [DIRECTORY] is C:\Program Files\Confer.
  5. Type repcli capture and then press Enter.
    Command Prompt command
  6. In Windows Explorer, go to C:\Windows\TEMP\confer-temp.
  7. If prompted for folder access, click Continue. Otherwise go to Step 8.
    UAC prompt
  8. Right-click confer_dump.zip and then click Rename.
    Rename
  9. Rename confer_dump.zip to [MACHINENAME]_confer_dump.zip.
    Note: [MACHINENAME] = Fully qualified domain name of endpoint

Mac

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.
    Utilities
  3. Double-click Terminal.
    Terminal
  4. In Terminal, type type sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli capture [UNINSTALL_CODE] [DESTINATION DIRECTORY] and then press Enter.
    Terminal command
    Note:
  5. Populate the password for sudo and then press Enter.
  6. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  7. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
    Note: [MACHINENAME] = Fully qualified domain name of endpoint
  1. Log in to the affected endpoint.
  2. In the Apple menu, click Go and then select Utilities.
    Utilities
  3. Double-click Terminal.
    Terminal
  4. In Terminal, type sudo /Applications/Confer.app/uninstall -l [UNINSTALL_CODE] -d [DESTINATION DIRECTORY] and then press Enter.
    Terminal command
    Note:
  5. Populate the password for sudo and then press Enter.
  6. Go to [DESTINATION DIRECTORY], right-click confer.zip, and then select Rename.
  7. Rename confer.zip to [MACHINENAME]_confer_dump.zip.
    Note: [MACHINENAME] = Fully qualified domain name of endpoint

Linux

Click the appropriate client version for specific installation steps. Reference How to Identify the VMware Carbon Black Cloud Endpoint Sensor Version for more information.

  1. Log in to the affected endpoint.
  2. Open Terminal.
    Terminal
    Note: The user interface (UI) layout may differ between Linux distributions.
  3. In Terminal, type su root and then press Enter.
  4. Populate the password for root and then press Enter.
    Terminal command
  5. Type sudo /opt/carbonblack/psc/bin/collectdiags.sh and then press Enter.
  6. Retrieve the log from /tmp. The filename is in the format diags_[HOSTNAME]_[EPOCH_TIME]_[RANDOM].tgz
  1. Log in to the affected endpoint.
  2. Open Terminal.
    Terminal
    Note: The user interface (UI) layout may differ between Linux distributions.
  3. In Terminal, type su root and then press Enter.
  4. Populate the password for root and then press Enter.
    Terminal command
  5. Type sudo tar cvf $(hostname –long)_$(date +"%Y-%b-%d_%H-%M-$S")_logs.tgz /var/opt/carbonblack/psc/log and then press Enter.
  6. Retrieve the log from /var/opt/carbonblack/psc/log.

To contact support, reference Dell Data Security International Support Phone Numbers.
Go to TechDirect to generate a technical support request online.
For additional insights and resources, join the Dell Security Community Forum.

受影响的产品

VMware Carbon Black
文章属性
文章编号: 000125504
文章类型: How To
上次修改时间: 16 12月 2024
版本:  23
从其他戴尔用户那里查找问题的答案
支持服务
检查您的设备是否在支持服务涵盖的范围内。