EDR: Event Forwarder no longer sending data after upgrade to 7.7
search cancel

EDR: Event Forwarder no longer sending data after upgrade to 7.7


Article ID: 285989


Updated On:


Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)


  • Events no longer forwarding after upgrade
  • Message in cb-event-forwarder.startup.log
    • time="2022-07-17T19:05:47Z" level=info msg="Raw Event Filtering Configuration:"
      time="2022-07-17T19:05:47Z" level=fatal msg="Configuration errors:\n Could not get RabbitMQ credentials from /etc/cb/cb.conf"
  • Message in cb-event-forwarder.log
    • time="2022-07-17T18:51:17Z" level=info msg="AMQP loop 1 exited: Exception (403) Reason: \"username or password not allowed\". Sleeping for 30 seconds then retrying."


  • EDR Server: Upgrade to 7.7


Change in RabbitMQ password on 7.7 causes a break with the Event Forwarder - CB-39853


This issue is resolved with version cb-event-forwarder-3.8.4-1.el7.x86_64

The event forwarder can be install following the instructions at the link below


Additional Information

NOTE: If you plan to use the EDR console to configure and control cb-event-forwarder, then you MUST install it on the same system on which EDR is installed (in the case of a cluster installer, this means the primary node).