logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified

CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified

Environment

  • CB Defense Web Console: All Versions
  • CB Defense Syslog Connector: All Supported Versions

Symptoms

  • Error found in cb-defense-syslog.log file:  
    ERROR - output_format of json or cef was not specified
  • Not receiving data into API or SIEM

Cause

The connector's cb-defense-syslog.conf file needs updated.

Resolution

Add the output format to the cb-defense-syslog.conf file immediately following the "policy_action_severity" section: 
#
# Output format of the data sent. Currently support json or cef formats
#
# Warning: if using json output_format, we recommend NOT using UDP output_type
#
output_format=<format_type_here>

Additional Notes

  • The output_format field supports "json" and "cef" values.
  • The value defaults to "cef" if not specified.

Related Content


Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎09-09-2020
Views:
802
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.