Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: How To Install Carbon Black Cloud Syslog Connector On Windows

Carbon Black Cloud: How To Install Carbon Black Cloud Syslog Connector On Windows

Environment

  • Carbon Black Cloud: All Version
  • Windows: All Version
  • Python: 3.x

Objective

How To Install Carbon Black Cloud Syslog Connector On Windows

Resolution

  1. Install Python How to Install Python On Windows
  2. Install Pip How to Install PIP on Windows
  3. Run the following command line to install cbc-syslog connector
    pip install cbc-syslog
  4. Create a .txt file for Logs on any preferable location.
  5. Create an empty backup folder. The location of this back_up_dir folder needs to be updated in the Configuration file Sample Config File as follow
    back_up_dir = C:\Users\jdoe\Documents\back_up_dir
    
  6. Copy and paste the configuration file as "cbc_syslog.conf" on any preferable location. Example sample file is available here, modify it to your own specifications.
  7. Navigate to the below mentioned path:
    <Directory on which python was installed>\Python3.x\Lib\site-packages\cbc_syslog
  8. Run the following command to initiate the Python script:
    python cb_defense_syslog.py -l [LOG_FILE_LOCATION] -c [CONFIG_FILE_LOCATION]

Additional Notes

  • Example output:
C:\Python27\Lib\site-packages\cbc_syslog>python cb_defense_syslog.py -l C:\Pip\Logs.txt -c C:\Syslog\Syslog.conf
INFO:__main__:CB Defense Syslog 2.0
INFO:__main__:Number of files in store forward: 0
INFO:__main__:Found 1 Cb Defense Servers in config file
INFO:__main__:Handling notifications for https://api-prod05.conferdeploy.net/
INFO:notifications:Attempting to connect to url: https://api-prod05.conferdeploy
.net/
INFO:notifications:<Response [200]>
INFO:notifications:successfully connected, no alerts at this time
INFO:__main__:Sending Notifications
INFO:__main__:There are no messages to forward to host
INFO:__main__:Done Sending Notifications
INFO:__main__:Sending Audit Logs
INFO:__main__:Sending 32 messages to 198.0.2.1:2269

Related Content


Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎07-01-2020
Views:
1625
Contributors