EDR: Event Forwarder 3.7.4-1 Issues
search cancel

EDR: Event Forwarder 3.7.4-1 Issues

book

Article ID: 287663

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • An Event type is selected (events_binary_observed=ALL) but events are not appearing in the JSON file.
  • Event Forwarder JSON files contain process entries with fields not in alphabetical order (default).
  • Any problems with Event Forwarder 3.7.4-1 that was installed prior to Jul 2021.
  • Fields missing, for example process events are missing timestamps.

Environment

  • EDR Server: Version 7.4+
  • Event Forwarder:  3.7.4-1

Cause

Issues with some Event Forwarder 3.7.4-1 installs prior to July 2021 caused a variety of odd issues.

Resolution

1.  A reinstall of Event Forwarder 3.7.4-1 has reportedly fixed most problems.  Remember to enable CbOpenSource.repo. 
systemctl stop cb-event-forwarder
yum clean all
yum reinstall cb-event-forwarder
systemctl start cb-event-forwarder

 
Powered by Wolken Software