logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Event Forwarder no longer sending data after upgrade to 7.7

EDR: Event Forwarder no longer sending data after upgrade to 7.7

Environment

  • EDR Server: Upgrade to 7.7

Symptoms

  • Events no longer forwarding after upgrade
  • Message in cb-event-forwarder.startup.log
    • time="2022-07-17T19:05:47Z" level=info msg="Raw Event Filtering Configuration:"
      time="2022-07-17T19:05:47Z" level=fatal msg="Configuration errors:\n Could not get RabbitMQ credentials from /etc/cb/cb.conf"
  • Message in cb-event-forwarder.log

    • time="2022-07-17T18:51:17Z" level=info msg="AMQP loop 1 exited: Exception (403) Reason: \"username or password not allowed\". Sleeping for 30 seconds then retrying."


Cause

Change in RabbitMQ password on 7.7 causes a break with the Event Forwarder - CB-39853

Resolution

This issue is resolved with version cb-event-forwarder-3.8.4-1.el7.x86_64

The event forwarder can be install following the instructions at the link below

cb-event-forwarder
 
 

Additional Notes

NOTE: If you plan to use the EDR console to configure and control cb-event-forwarder, then you MUST install it on the same system on which EDR is installed (in the case of a cluster installer, this means the primary node).

Related Content


Labels (2)
Labels:
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
CB_Support
Creation Date:
‎07-17-2022
Views:
1474
Contributors
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.