Collecting Logs Locally for VMware Carbon Black Cloud Sensor

VMware Carbon Black provides diagnostic tools and scripts for each supported platform. You can easily collect the information most commonly required for troubleshooting.

After gathering the diagnostic file, send it to Red Canary by clicking on your account and choosing Share a File.

Collecting logs for Windows

For Windows endpoints running sensor version 3.6.x.x and higher

1. Log into the desired device (either directly or via RDP).
2. Open an elevated command prompt and navigate to the Confer Directory
   cd C:\Program Files\Confer
3. Run the following command 'repcli capture'.
   C:\Program Files\Confer>repcli capture <LocalOutputPath>
   Example
   repcli capture C:\Users\%USERNAME%\Desktop
4. Follow the on-screen prompts that show where the zipped sensor log is located.
5. Rename the zip file to match the name of the device.
6. Upload the file to Red Canary via Share a File.

Collecting logs for macOS

For Apple macOS endpoints running sensor version 3.5.x.x and higher

1. Launch preferred terminal emulator.
2. Run log collection command to output to existing directory (the following command is to be executed on a single line):
   sudo /Applications/VMware\ Carbon\ Black\ Cloud/repcli.bundle/Contents/MacOS/repcli capture <Uninstall_Code> <Destination_Directory>
3. Collect logs from <Destination_Directory>.
4. Rename the file to match the name of the device.
5. Upload the file to Red Canary via Share a File.

Collecting logs for Linux

For Linux endpoints running sensor version 2.7.0 and higher

1. Open a terminal emulator.
2. Navigate to the Carbon Black directory
   cd /opt/carbonblack/psc/bin
3. Run the collectdiags.sh file that is in the directory:
   sudo ./collectdiags.sh
   To change the output path for where the logs are sent, execute the following command:
   sudo ./collectdiags.sh --verbose --debug --output-dir $HOME
4. Rename the file to match the name of the device.
5. Upload the file to Red Canary via Share a File.