Access official resources from Carbon Black experts
Cb Response 6.x
Sensors are showing as offline in the UI
/var/log/cb/nginx/error.log shows several errors like this
2018/06/19 19:47:13 [error] 46021#46021: *13939 open() "/var/www/cb/data/eventlog/reserve/22" failed (2: No such file or directory), client: ::ffff:192..., server: , request: "GET /data/eventlog/reserve/22 HTTP/1.1", host: "192...:8443"
/var/log/cb/nginx/access.log shows several get requests with a 404 response
[19/Jun/2018:19:51:13 -0700(0.000)] "GET /data/eventlog/reserve/22 HTTP/1.1" 404 166 "-" "" ">-" "-" "-"
sensor_comms.log shows the following HRESULT: 0x80190194
Multihome settings are enabled so the UI uses a different port from the backend
This occurs when a sensor has already registered with the server and the port number used to check in is changed from the back-end port to the front-end port. This can happen if the SensorBackendServer URL in /var/lib/cb/sensorsettings.ini is manually edited or if the URL is edited in the group settings from the UI.
Since the sensor cannot check into the server, updating the URL for the group in the UI will not push the change to affected endpoints already. To fix this, all affected endpoints will need to have the SensorBackendServer field updated to the proper port. If there are a large number of endpoints affected, this can be done using some sort of scripting tool. For fewer endpoints, you can simply re-install the sensor using a package containing the right URL and port.
To update manually or via a tool
Edit /var/lib/cb/sensorsettings.ini
Update SensorBackendServer to use the sensor backend port.
Typically this will be changing the port from 8443 to 433. It will match the settings in your multihome configuration.
service cbdaemon restart
- sudo launchctl unload /Library/LaunchDaemons/com.carbonblack.daemon.plistsudo launchctl
- load /Library/LaunchDaemons/com.carbonblack.daemon.plist
This will only occur when the sensor is attempting to connect through the UI port. This is because Response accepts this as a request, but processes it incorrectly and attempts to access files in the wrong location. For reference, the sensor server configuration uses a file called cb.server.sensor to locate the right files.
Cb Response: Windows sensors showing offline and reporting 404s on the backend
Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.