Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

EDR: Event Forwarder no longer sending data after upgrade to 7.7

EDR: Event Forwarder no longer sending data after upgrade to 7.7

Environment

  • EDR Server: Upgrade to 7.7

Symptoms

  • Events no longer forwarding after upgrade
  • Message in cb-event-forwarder.startup.log
    • time="2022-07-17T19:05:47Z" level=info msg="Raw Event Filtering Configuration:"
      time="2022-07-17T19:05:47Z" level=fatal msg="Configuration errors:\n Could not get RabbitMQ credentials from /etc/cb/cb.conf"
  • Message in cb-event-forwarder.log
    • time="2022-07-17T18:51:17Z" level=info msg="AMQP loop 1 exited: Exception (403) Reason: \"username or password not allowed\". Sleeping for 30 seconds then retrying."


Cause

Change in RabbitMQ password on 7.7 causes a break with the Event Forwarder - CB-39853

Resolution

This issue is resolved with version cb-event-forwarder-3.8.4-1.el7.x86_64

The event forwarder can be install following the instructions at the link below

cb-event-forwarder
 
 

Additional Notes

NOTE: If you plan to use the EDR console to configure and control cb-event-forwarder, then you MUST install it on the same system on which EDR is installed (in the case of a cluster installer, this means the primary node).

Related Content


Labels (2)
Was this article helpful? Yes No
100% helpful (1/1)
Article Information
Author:
Creation Date:
‎07-17-2022
Views:
1293
Contributors