Create a communications log dump to help troubleshoot macOS sensor installation errors.

Procedure

  1. Determine the PID of the Carbon Black EDR sensor: 
    ps -ax | grep CbOsxSensorService
  2. Start the communications log dump by issuing the following command: 
    sudo kill -s USR2 <pid of CbOsxSensorService>
    You can locate the log at /var/lib/cb/sensor_comms.log. Each transaction has a HRESULT (see the description at https://docs.microsoft.com/en-us/openspecs/windows_protocols/ms-erref/0642cb2f-2075-4469-918c-4441e69c548a?redirectedfrom=MSDN), which can be one of the following:
    Table 1. HRESULT
    Facility Number Description Error Code Value
    203 OS level errors Maps to errno
    25 HTTP errors HTTP error code
    200 Curl errors
    201 Curl form errors