EDR: Can the Event Forwarder Log Rotation Time be Modified?

EDR: Can the Event Forwarder Log Rotation Time be Modified?

search cancel

EDR: Can the Event Forwarder Log Rotation Time be Modified?

book

Article ID: 287626

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Can the Event Forwarder's log rotation time be modified?

Environment

EDR Event Forwarder: 3.8
EDR Server: 7.6.x

Resolution

No, the Event Forwarder's log rotation time is hard coded to 00:00 UTC.

Additional Information

Event Forwarder is using lumberjack log rotating package written in Go and the time is included in the package.
Cron jobs can be added to rotate the logs more often, but continue to rotate at midnight UTC.

Feedback

thumb_up Yes

thumb_down No