CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified
search cancel

CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified

book

Article ID: 287563

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

  • Error found in cb-defense-syslog.log file:¬†
    ERROR - output_format of json or cef was not specified
  • Not receiving data into API or SIEM

Environment

  • CB Defense Web Console: All Versions
  • CB Defense Syslog Connector: All Supported Versions

Cause

The connector's cb-defense-syslog.conf file needs updated.

Resolution

Add the output format to the cb-defense-syslog.conf file immediately following the "policy_action_severity" section:
#
# Output format of the data sent. Currently support json or cef formats
#
# Warning: if using json output_format, we recommend NOT using UDP output_type
#
output_format=<format_type_here>

Additional Information

  • The output_format field¬†supports "json" and "cef" values.
  • The value defaults to "cef" if not specified.