Just Published! Threat Report: Exposing Malware in Linux-Based Multi-Cloud Environments | Download Now

Not receiving Watchlist events with Environment Proxy configured

Not receiving Watchlist events with Environment Proxy configured

This solution applies to all Carbon Black versions.


With a proxy configured either through an environment variable or the /etc/environment file, Watchlist results are not present.



The following messages may be observed in the /var/log/cb/job-runner/job-runner.log logs:

Apr 16 09:24:05 [4041] <err>  [watchlist_search] Watchlist searcher thread exception

Traceback (most recent call last):


SolrClientHttpError: HTTP Failure Code 404

Apr 16 09:24:05 [4041] <info>  [watchlist_search] finished watchlist_search -- duration: 0:00:01.551853


Apr  6 03:20:18 [14541] <err>  [watchlist_search] HTTP 502 from solr: cannotconnect; response: <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">…


Apr  7 04:40:17 [29525] <err>  [watchlist_search] Searcher query/tag exception in watchlist entry Newly Loaded Modules (1)

URLError: <urlopen error [Errno 67] request timed out>


A Proxy is configured at the OS level through the /etc/environment file or an environment variable. How to determine which:


Environment Variable:

set |grep -i proxy


/etc/environment File:

cat /etc/environment |grep -i proxy



Remove the proxy setting from your environment. An OS level proxy is not necessary as Carbon Black allows for configuration to use a proxy to access external resources such as Yum, or the Alliance Server.


For configuring a proxy to access Carbon Black Yum repository, follow the solution: How to access the Carbon Black Yum repository through a proxy.


For configuring a proxy to access the Carbon Black Alliance server, refer to the file /etc/cb/cb.conf and the Proxy parameters:

# Alliance Proxy Settings

# Specifies the proxy to be used for internet access



# Specify the type of authentication the proxy uses. Supported types are

# either "basic" or "ntlm"



# Specify the username and password if your proxy requires them.

# Use the script at /usr/share/cb/cbpasswd with the --encryptpasswd

# flag to generate an encrypted version of the proxy password for use

# with the AllianceClientProxyEncryptedPassword field or else

# use AllianceClientProxyPlaintextPassword for unencrypted passwords




Labels (1)
Was this article helpful? Yes No
No ratings
Article Information
Creation Date: