Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR: 6.2.x and Higher

Symptoms

Log files are missing from the /var/log/cb/audit directory

Cause

A configuration file could be missing data

Resolution

Possible Resolutions

Copy the /etc/rsyslog.conf configuration from a working server
Check that EnableAuditLogsToEvents=True is in the cb.conf file
Check for missing lines from /etc/rsyslog.d/cb-coreservices.conf file
Confirm that the /etc/rsyslog.d/cb-logrotate.conf has settings for the missing log files

Article Information

Author:

Creation Date:

‎02-26-2019

Views:

977

Knowledge Base

EDR: No Audit Logs in Audit Logs folder

EDR: No Audit Logs in Audit Logs folder

Environment

Symptoms

Cause

Resolution

EDR

Knowledge Base

EDR: No Audit Logs in Audit Logs folder

EDR: No Audit Logs in Audit Logs folder

Environment

Symptoms

Cause

Resolution

EDR

Thank you for your feedback.

Thank you for your feedback.