Environment
- Cb Response: 6.x and Higher
Objective
To locate the various log files used for Cb Response LiveResponse.
Resolution
Live Response activity is logged on both the Cb Response server running Live Response and the sensors it accesses.
Sensor Log:
- sensor.log: Located on the endpoint in the sensor installation folder (eg, C:\Windows\CarbonBlack).
Server logs:
- /var/log/cb/liveresponse/debug.log - General debug information.
- /etc/cb/liveresponse-logger.conf - Change log levels for debug.log.
- /var/log/cb/audit/live-response.log - audit all LiveResponse command activity.
- /var/cb/data/liveresponse - Directory where all "get" and "put" files are placed. Also contains output of all commands.