EDR: How to Determine the Cluster Configuration
search cancel

EDR: How to Determine the Cluster Configuration

book

Article ID: 287083

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to determine an EDR cluster configuration?

Environment

  • EDR Server: 6.0 and Higher

Resolution

The /etc/cb/cluster.conf file from the master server contains information about the entire cluster.  

Sample file contents:
  • [Cluster]
    NodeCount=2
    NextSlaveAutoInc=7

    [Master]
    Host={IP Address}  
    User=root
    HasEvents=True
    ReadOnly=False

    [Slave1]
    Host={IP Address}
    User=root
    HasEvents=True
    ReadOnly=False
This output represents a master + 1 minion cluster. 

Additional Information

  • If all sensors reside on Node ID of 0, then most likely this means it is a Standalone setup. 
  • If sensors have a Node ID of 1 or above, then most likely it is a cluster.
Powered by Wolken Software