EDR: How to change NGINX Log Format from IPv6 to IPv4

EDR: How to change NGINX Log Format from IPv6 to IPv4

search cancel

EDR: How to change NGINX Log Format from IPv6 to IPv4

book

Article ID: 287368

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

If it's necessary (for SIEM purposes or otherwise) to remove the IPv6 prefix (::ffff:) to IPv4 addresses, the NGINX logging format can be changed.

Environment

EDR: All Supported Versions

Resolution

Update the line below in the /etc/cb/nginx/conf.d/cb.conf file:

listen [::]:443 ssl ipv6only=off;

To:

listen 0.0.0.0:443 ssl ipv6only=off;

Restart cb-nginx service:
- service cb-nginx restart
- systemctl restart cb-nginx

Feedback

thumb_up Yes

thumb_down No