Environment

• Cb Response Server: 5.x

Objective

Resolution

1. Verify that OER disk requirements are being followed - Carbon Black Response v5.2 - Operating Environment Requirements
2. Verify MaxEventStoreDays, MaxEventStoreSizeInPercent, MaxEventStoreSizeInDocs (5.x) are set to reasonable values in /etc/cb/cb.conf - Selecting an Event From the Alerts Page Results in a 404 Page
   • Note: changing these settings will require a service restart

3. Adjust Modulestore retention settings: Modulestore Filling Disk When Alliance Sharing Is Disabled

4. Verify EventPurgeEarliestTime does not have a date in the past: 5.x no disk space available on Cb Response server due to cbevent purge settings in past
5. Enable automated purging of Cbmodules -  How To Enable Automated Cbmodule Purging
6. Set up a job to automatically clear old Datastore logs - EDR: How to add Datastore and Solr debug.tmp removal cron job

Related Content

• Cb Response: No Free Disk Space Prevents Cb Response Services From Starting
• Cb Response: Configurations to mitigate out of disk issues in 6.1 and Higher