Carbon Black Cloud: How To Configure The Syslog Connector (Linux)
Article ID: 285052
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
How to set up the new CBC-Syslog connector.
Environment
- Carbon Black Cloud: All Supported Versions
- RHEL/CentOs: All Supported Versions
Resolution
- Start with documentation listed at https://pypi.org/project/cbc-syslog/#description
- Additional information can be found at https://github.com/carbonblack/cbc-syslog#installation
Additional Information
- The example sample is at the bottom of https://pypi.org/project/cbc-syslog/#description
- The code samples are just examples of what could be used
- If not all python modules are installed a message similar to "ImportError: NO module named requests" may occur
- This document assumes that pip and python are installed.
- To move audit logs to a SIEM configure both an API and a SIEM connector in the Carbon Black Cloud console and include the values in the .conf
- The setup may fail with an ImportError if a newer version of markupsafe is installed so it may be needed to specifically install version 2.0.1
Feedback
Yes
No
Powered by
