CB Response: Events no longer being received from the Event Forwarder
Article ID: 285380
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Events stop being received from the Event Forwarder
- Event Forwarder appears to be writing on the local Server, but no data is being forwarded.
- Errors seen in the /var/log/cb/integrations/event-forwarder/cb-event-forwarder.log:
time="2019-06-15T03:07:39Z" level=info msg="Received SIGTERM. Exiting" time="2019-06-15T03:07:39Z" level=error msg="ERROR during output: SIGTERM received"
Environment
- CB Response Server: 6.X and higher
- Event Forwarder: 3.3.X
Cause
Event Forwarder is running an outdated version.
Resolution
Event Forwarder will need to be updated to latest version.
Additional Information
If this is being experienced in a Cloud Instance, a case with Support will need to be opened to investigate further.
Feedback
Yes
No
Powered by
