EDR Event-Forwarder: Events Showing 'localhost' as Hostname on Export

EDR Event-Forwarder: Events Showing 'localhost' as Hostname on Export

search cancel

EDR Event-Forwarder: Events Showing 'localhost' as Hostname on Export

book

Article ID: 287425

calendar_today

Updated On:

Products

Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

Logs generated from event-forwarder are all showing "cb_server":"localhost"

Environment

EDR: All Supported Versions
EDR Event Forwarder: All Supported Versions

Cause

The /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf file has the cb_server parameter set to cbresponse instead of the hostname.

Resolution

Change the /etc/cb/integrations/event-forwarder/cb-event-forwarder.conf file's cb_server parameter to the hostname of choice.
- IE: server_name = cbresponse.localdomain.local

Feedback

thumb_up Yes

thumb_down No