Note: This setting only applies to 5.1.0, for newer versions refer to this guide: How to remove historic sensors from the UI (v5.1.1+)
Version
Cb Response versions 5.1.0 Patch 2 and 5.1.0 Patch 3
Topic
The solution explains how to handle the following scenarios:
- Online sensors that you would like to uninstall
- Offline sensors that still appear in the UI (e.g. on decommissioned endpoint machines)
Solution
To remove offline/decommissioned sensors or uninstall an online sensor, perform the following manual action from the CB UI:
Administration > Sensors > Select the check box next to the relevant sensor hosts > Actions > Uninstall
This will:
- Uninstall the sensor if it is actually online and connecting with the Cb Response server.
- Remove the sensor from the sensors list
In both cases the data for the sensor will still appear in the UI until purged over time.
For Cb Response versions and 5.1.0 patch 2 5.1.0 patch 3, the following parameters in /etc/cb/cb.conf can control the automatic removal of offline sensors:
DeleteInactiveSensors=True/False DeleteInactiveSensorsDays=10 |
For environment where machines are decommissioned often, this can be helpful for sensors housekeeping.
Note: If the parameters do not exist in the cb.conf file, add then with the desired value and save the changes
If you make a change to those parameters, you will need to restart CB for the change to take effect:
For a standalone installation:
service cb-enterprise restart |
For a clustered installation:
/usr/share/cb/cbcluster stop
/usr/share/cb/cbcluster start |
