EDR: Large Number Of Sensors Online But Not Checking-In To EDR Server
search cancel

EDR: Large Number Of Sensors Online But Not Checking-In To EDR Server

book

Article ID: 284735

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Large number of sensors online but not checking-in to EDR Server.

Environment

  • EDR Server: All Supported Versions

Cause

The postgres database is busy and getting a ton of checkins causing it to be slower and unable to be queried fast enough for the check-ins to occur.

Resolution

  1. Stop all cb-enterprise services.
  2. Kill all remaining cb services that may be running.
  3. Set the following parameters in cb.conf for both the master and the minion(s):
    DatabasePoolOverflow=40
    MinSensorCheckinDelaySec=60
  4. Start up the cb-enterprise services.