Troubleshooting the Linux Sensor

Cyberhaven can troubleshoot many issues successfully without requiring additional logs from devices. However, in the event Cyberhaven needs to collect additional information to troubleshoot a Sensor issue such as a device that cannot communicate with the backend, it may be necessary to generate a diagnostic package that can be shared with and triaged by Cyberhaven support.

Status, Stopping, or Starting

Run the commands in a terminal window.

To check the status of the Linux Sensor:

sudo systemctl status cyberhaven

To stop the Linux Sensor:

sudo systemctl stop cyberhaven

To start the Linux Sensor:

sudo systemctl start cyberhaven

To restart the Linux Sensor:

sudo systemctl restart cyberhaven

Diagnostics

To generate a diagnostic package, run:

sudo bash ./linux_diagnose.sh

If this script is not present on the target machine, you can download it from here and run the command above.

Building the diagnosis bundle will take a few minutes, and the result will typically be a few hundred megabytes in size. It will be saved in the current folder with a name similar to cyberhaven-diagnosis-2024-03-22T1610-5fa02625-515a-48cf-b757-b4affe2b15fa.tgz.

You can upload the bundle to Cyberhaven through this web-based form, which is accessible by logging into the Cyberhaven Console. You can safely remove the .tgz file after uploading.

Log Files

Cyberhaven log files are written to the following location. These will be automatically included when generating a diagnostic bundle.

/var/log/cyberhaven.log
/var/log/cyberhaven_bpf.log