Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?

Environment

  • Carbon Black Cloud Sensor: All Versions
  • Microsoft Windows: All Supported Versions

Question

What Are The Size And Age Retention Policies For Sensor Logs?

Answer

The log limits are based on the size of the log itself. Various different logs have different size caps and, depending on the log, will either create a new instance of the log and zip the old one and keep a number of instances with nothing rolling off until that cap is reached.  Some examples are listed below:

Confer
Max size: 250MB
Retention policy: Rotate
Rotation count: 20

AmsiEvents log
Max size: 50MB
Retention policy: Rotate
Rotation count: 10

scanhost.log
Max size: 10MB
Retention policy: Shift (when full the oldest 50 percent is deleted)

SensorAlarms.log
Max size: 5MB
Retention policy: Rotate
Rotation count: 1

Was this article helpful? Yes No
No ratings
Article Information
Author:
Creation Date:
‎11-04-2022
Views:
122
Contributors