CB Defense: Syslog Error: Output_Format of JSON or CEF was not Specified
book
Article ID: 287563
calendar_today
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Issue/Introduction
Error found in cb-defense-syslog.log file:
ERROR - output_format of json or cef was not specified
Not receiving data into API or SIEM
Environment
CB Defense Web Console: All Versions
CB Defense Syslog Connector: All Supported Versions
Cause
The connector's cb-defense-syslog.conf file needs updated.
Resolution
Add the output format to the cb-defense-syslog.conf file immediately following the "policy_action_severity" section:
#
# Output format of the data sent. Currently support json or cef formats
#
# Warning: if using json output_format, we recommend NOT using UDP output_type
#
output_format=<format_type_here>
Additional Information
The output_format field supports "json" and "cef" values.