Knowledge Base

Yes

Environment

Carbon Black Cloud Sensor: All Versions
Microsoft Windows: All Supported Versions

Question

What Are The Size And Age Retention Policies For Sensor Logs?

Answer

The log limits are based on the size of the log itself. Various different logs have different size caps and, depending on the log, will either create a new instance of the log and zip the old one and keep a number of instances with nothing rolling off until that cap is reached. Some examples are listed below:

Confer
Max size: 250MB
Retention policy: Rotate
Rotation count: 20

AmsiEvents log
Max size: 50MB
Retention policy: Rotate
Rotation count: 10

scanhost.log
Max size: 10MB
Retention policy: Shift (when full the oldest 50 percent is deleted)

SensorAlarms.log
Max size: 5MB
Retention policy: Rotate
Rotation count: 1

Knowledge Base

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Environment

Question

Answer

Audit and Remediation

Carbon Black Cloud

Container

Endpoint Standard

Enterprise EDR

Managed Detection

Managed Detection and Response

Prevention

Workload

Knowledge Base

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Environment

Question

Answer

Thank you for your feedback.

Thank you for your feedback.