EDR: Partial or Truncated Exception or Logging Messages not Displaying in full in EDR logs

EDR: Partial or Truncated Exception or Logging Messages not Displaying in full in EDR logs

search cancel

EDR: Partial or Truncated Exception or Logging Messages not Displaying in full in EDR logs

book

Article ID: 287376

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Exception exceeds default rsyslog message length

Environment

EDR: All Supported Versions
CentOS/RHEL: All Supported Versions

Cause

By default, MaxSyslogMessageSize is set to the default value of rsyslog (2KB or 2048 Bytes).

Resolution

Add the following parameter to the top of the /etc/rsyslog.conf under the "#### Modules ####" section:

$MaxMessageSize 4096

Restart the Rsyslog Service:

CentOS/RHEL 6 : service rsyslog restart
CentOS/RHEL 7/8 : systemctl restart rsyslog

Increase MaxMessageSize as needed to view the full exception.

Feedback

thumb_up Yes

thumb_down No