CB Response: Linux sensors exceeding size limits in /var/lib/cb/eventlogs

CB Response: Linux sensors exceeding size limits in /var/lib/cb/eventlogs

Environment

  • CB Response Sensor 5.2.13, 6.1.3 - 6.1.6
  • Linux: All Supported Versions

Symptoms

  • Drive space on the endpoint is filling up rapidly
  • /var/lib/cb/eventlogs is taking up more disk space than configured in the QuotaEventlog fields in /var/lib/cb/sensorsettings.ini
  • Sensor logs may show the following warning multiple times
    • Eventlog quota exceeded: ####### bytes (limit:###### bytes)


Cause

This is a known issue, CB-18976, fixed in the 6.1.7 and 5.2.17 sensor releases.

Resolution

  • For 5.x sensors, upgrade to 5.2.17 or Higher
  • For 6.x sensors, upgrade to 6.1.7 or Higher

Related Content


Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎07-02-2018
Views:
560
Contributors