logo

Knowledge Base

Access official resources from Carbon Black experts

IMPORTANT ANNOUNCEMENT: On May 6, 2024, Carbon Black User eXchange (UeX) and Case Management will move to a new platform!
The Community will be in read-only mode starting April 19th, 7:00 AM PDT. Check out the blog post!
You will still be able to use the case portal to create and interact with your support cases until the transition, view more information here!

EDR: Where is the Bridge Json File after Installing Containerized Cb-Event-Forwarder

EDR: Where is the Bridge Json File after Installing Containerized Cb-Event-Forwarder

Environment

  • EDR Server: All Supported
  • CB Event Forwarder: 3.8.x and Above

Question

Where is the event_bridge_output.json file after installing and configuring the containerized cb-event-forwarder

Answer

  • The event_bridge_output.json file is in the carbonblack-event-forwarder container
  • The file can be viewed by attaching the container using the docker exec command
            
For Example: 

  * Attach to the container with docker

  $ sudo docker exec -it carbonblack-event-forwarder /bin/bash

  * Change directory to /var/cb/data

  [root@5e29e030d350 tmp]# cd /var/cb/data

  * List the contents of the data directory

  [root@5e29e030d350 data]# ls -al
  total 6760
  drwxr-xr-x. 1 root root      79 Oct 17 00:00 .
  drwxr-xr-x. 1 root root      18 Aug  9  2022 ..
  -rw-r--r--. 1 root root 4156854 Oct 17 12:31 event_bridge_output.json
  -rw-r--r--. 1 root root 2752992 Oct 16 23:51 event_bridge_output.json.20231016

Additional Notes

The container supports vi, tail, cat, more and less commands to view the bridge file 

Related Content


Tags (1)
Was this article helpful? Yes No
No ratings
Article Information
Author:
CB_Support
Creation Date:
‎10-17-2023
Views:
143
logo

Copyright © 2005-2023 Broadcom. All Rights Reserved. The term “Broadcom” refers to Broadcom Inc. and/or its subsidiaries.