Diagnostic files are listed in the table that appears on the Diagnostic Files tab of the Requested Files page.

Procedure

  1. On the console menu, click Tools > Requested Files.
  2. Click the Diagnostic Files tab. Any diagnostic files uploaded to the server are shown in the table.
    The diagnostic files in the Diagnostic Files table

    When you request a diagnostic file upload from an agent, a zip file is uploaded to the server with diagnostic and log files relevant to the agent. For example, on Windows systems, the zip file includes the agent Logs folder (ProgramData\Bit9\Parity Agent\Logs) and selected log files from the Windows folder. The exact files included in the zip file vary by operating system platform.

    Uploaded diagnostic files are named in the following format: <computername> -diagnostics-<date> -<time> .zip

    Server diagnostics files can be .log, .dmp, or other formats.

    The following table shows the columns available for the Diagnostic Files page, some of which appear by default and some of which you must add.

    Table 1. Diagnostic Files Table Columns

    Column

    Description

    Actions

    The Action column includes a checkbox for choosing files on which Action menu commands will act and buttons for taking action on individual files. The Action menu on this page includes the following commands:

    • Cancel Uploads – Cancel the upload of checked files (if the upload has not been completed).
    • Retry Uploads – Retry the upload of checked files.
    • Delete Uploads – Delete the table rows for checked files, and, for successful uploads, delete the files from the server.

    The download icon Download the file (if it was successfully uploaded) from the Carbon Black App Control Server to the computer on which the console is being viewed.

    Priority

    Priority in which pending files are uploaded to the server. For diagnostic files, the priority is always Medium.

    Request Date

    When the file upload was requested.

    Requester

    The console user that requested the upload, or blank if the file is a server log.

    Status

    The status of the file upload. The possible values are:

    • Uploaded – The upload completed successfully and the file is available on the server.
    • Uploading – The upload is in progress but not yet complete; a partial file has been received by the server. This status is likely to appear only for very large files.
    • Initiated – The upload task has been received by the agent where the file is located.
    • Queued – The upload task has not yet been sent to the agent.
    • Error – The upload failed. Hovering the cursor over this status displays the error message. Errors include: No file with hash, The system cannot find the path specified, The system cannot find the file specified.
    • Canceled – The upload was cancelled by a console user.

    Computer

    The name of the computer from which the file was uploaded.

    File Name

    The name of the uploaded file.

    File Size

    The size (in bytes) of the file.

    Upload %

    The percent of the upload that is finished. Completed uploads show 100%. Failed uploads and uploads not yet started show 0%.

    Upload Date

    When the file was uploaded to the server.

    Upload Directory

    The directory on the Carbon Black App Control Server to which the file was uploaded. Value is “(default)” for manual uploads, which use the directory configured in the System Configuration Advanced Options tab. If the upload is due to an event rule, the actual path is shown.

    Error

    A description of the error that prevented the file from uploading. Not shown by default.

    File Path

    The location on the agent computer from which the file was uploaded. Not shown by default.

    Prevalence

    The number of agent-managed computers reporting to your server on which this file is present.

    MD5

    The MD5 hash of the file.

    SHA256

    The SHA-256 hash of the file.

    Source

    Source of the request for upload. Either “Event rule” or “Manual”.

    Source Name

    If the request was due to an event rule, the name of the rule. If the request was manual, this field is empty.