Traps Troubleshooting Resources

To troubleshoot Traps and the Endpoint Security Manager (comprising an ESM Server, the ESM Console, and a database), use the following resources:
Resource
Description
ESM Resources
ESM Console
Web interface, which provides reports and logs. The information is useful for monitoring and filtering the logs to interpret unusual behavior on your network. After analyzing a security event, you can choose to create a custom rule for the endpoint or process.
ESM Server DebugWeb log
Indicates information, warnings, and errors related to the Endpoint Security Manager. The DebugWeb log is located in the %ProgramData%\Cyvera\Logs folder of the ESM Server.
ESM Server log
Indicates information, warnings, and errors related to the Endpoint Database and ESM Server. The Server log is located in the %ProgramData%\Cyvera\Logs folder of the ESM Server.
ESM Tech Support file
On-demand aggregation of active ESM Console and ESM Server logs and settings to aid Technical Support in troubleshooting and diagnosing issues. For more information, see ESM Tech Support File.
Database (DB) Configuration Tool (dbconfig.exe)
Command-line interface that provides an alternative to managing basic server settings using the ESM Console. You can access the DB Configuration Tool using a Microsoft MS-DOS command prompt run as an administrator. For more information, see Database (DB) Configuration Tool.
Traps Resources
Traps installation log
Specifies any errors encountered during installation of Traps or ESM components. Use this log file when you need to troubleshoot installation issues. On Windows endpoints, the installer stores the log files in the %temp% or C:\Users\<user_name>\AppData\Local\Temp folder.
Traps Service log
Indicates information, warnings, and errors related to the Traps service. The Service log is located in the following folder on the endpoint:
  • Windows Vista and later: %ProgramData%\Cyvera\Logs
  • Windows XP: C:\Document and Settings\All Users\Application Data\Cyvera\Logs
  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/
  • macOS 10.12—View logs from the Console application
Traps Console log
Indicates information, warnings, and errors related to the Traps console.
The Console log is located in the following folder on the endpoint:
  • Windows Vista and later: C:\Users\<username>\AppData\Roaming\Cyvera
  • Windows XP: C:\Document and Settings\<username>\Application Data\Cyvera\Logs
  • Mac OS X 10.10 and OSX 10.11—/var/log/traps/agent/
  • macOS 10.12—View logs from the Console application
Traps and ESM initiated processes
Supervisor Command Line Tool (cytool.exe)
Allows you to enumerate protected processes, enable or disable protection features, and enable or disable Traps management actions from a command line interface. For more information, see Cytool.
Unknown files for analysis
Traps stores unknown files to send to the ESM Server in the C:\ProgramData\Cyvera\Temp folder. After the ESM Server submits a file to WildFire, the Traps agent deletes the file from the Temp folder.
In some cases, third-party Antivirus (AV) applications can raise an alert for this folder. If this occurs, it is recommended to whitelist this folder in the third-party AV application.

Related Documentation