The EDR Sensor Syncing Status Remains on the Console
search cancel

The EDR Sensor Syncing Status Remains on the Console

book

Article ID: 287619

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response) Carbon Black Hosted EDR (formerly Cb Response Cloud)

Issue/Introduction

The 'Online Syncing' status does not clear after requesting a 'Sync' from Linux sensors in the EDR Console.
 

Environment

  • EDR Server:  7.8.0
  • Linux Sensor: 7.1.2

Cause

The 'Sync' request immediately is sent to the sensor and the sensor responds, however, one of the date fields in the Linux sensor response contains an incorrect value which never meets a condition to remove the 'Online Syncing' status.

Resolution

A temporary workaround to remove the Sync status is to restart the sensor. 

  • Run commands locally as root. 
    systemctl stop cbdeamon
ps -ef | grep cb   (confirm cbdaemon is not running)
systemctl start cbdeamon
  • Or use Live Response to run the commands. 
    execfg systemctl stop cbdeamon
execfg  ps -ef | grep cb   (confirm cbdaemon is not running)
execfg  systemctl start cbdeamon


 

Additional Information

  • The bug should be fixed in an upcoming release 7.4.0 Linux Sensor Release
Powered by Wolken Software