Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

Environment

EDR Server: All versions
EDR Sensors: All versions
CB Event Forwarder: 3.8+

Objective

How to enable debug logging for the 3.8 Event Forwarder

Resolution

There's a new debug setting for the 3.8+ Event Forwarder in the file /etc/cb/integrations/event-forwarder/event-forwarder.conf

#log_level controls the logging level, default INFO Ex) (INFO, WARN, DEBUG, ERROR, PANIC)
log_level=

Set the log_level to DEBUG, then restart the Event Forwarder(s).
If this is a cluster, repeat these steps for each node in the cluster to achieve full coverage.

Related Content

Release Release of v3.8.0 cb-event-forwarder · carbonblack/cb-event-forwarder
EDR: How To Restart CB-Event-Forwarder

Article Information

Author:

Creation Date:

‎04-05-2022

Views:

338

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.