EDR: How to change NGINX Log Format from IPv6 to IPv4
book
Article ID: 287368
calendar_today
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- If it's necessary (for SIEM purposes or otherwise) to remove the IPv6 prefix (::ffff:) to IPv4 addresses, the NGINX logging format can be changed.
Environment
- EDR: All Supported Versions
Resolution
- Update the line below in the /etc/cb/nginx/conf.d/cb.conf file:
listen [::]:443 ssl ipv6only=off;
listen 0.0.0.0:443 ssl ipv6only=off;
- Restart cb-nginx service:
- service cb-nginx restart
- systemctl restart cb-nginx
Feedback
thumb_up
Yes
thumb_down
No