CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified

search cancel

CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified

book

Article ID: 287563

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Error found in cb-defense-syslog.log file:

ERROR - output_format of json or cef was not specified

Not receiving data into API or SIEM

Environment

CB Defense Web Console: All Versions
CB Defense Syslog Connector: All Supported Versions

Cause

The connector's cb-defense-syslog.conf file needs updated.

Resolution

Add the output format to the cb-defense-syslog.conf file immediately following the "policy_action_severity" section:

#
# Output format of the data sent. Currently support json or cef formats
#
# Warning: if using json output_format, we recommend NOT using UDP output_type
#
output_format=<format_type_here>

Additional Information

The output_format field supports "json" and "cef" values.
The value defaults to "cef" if not specified.

Feedback

thumb_up Yes

thumb_down No