EDR: How to collect Unified View logs
search cancel

EDR: How to collect Unified View logs

book

Article ID: 284861

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To collect Unified View logs.

Environment

  • EDR (formerly CB Response) server: 6.x
  • Unified View 

Resolution

  • Unified View logs are stored in two locations:
/var/log/cb/uvservices 
/var/log/cb/nginx
  • Collect the entire contents of two directories:
tar -zcvf uvservices.tar.gz /var/log/cb/uvservices 
tar -zcvf nginx.tar.gz /var/log/cb/nginx
  • Upload the files via https://community.carbonblack.com/groups/cb-vault or Smartfile link provided by Carbon Black.
Powered by Wolken Software