CB Response: SIEM not receiving rsyslog data sent from Response Cloud Server
search cancel

CB Response: SIEM not receiving rsyslog data sent from Response Cloud Server

book

Article ID: 287750

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

When enabling rsyslog forwarding to a receiver, the syslog data fails to arrive with error:  
tcp SENDER IP:PORT RECIEVER IP:PORT CLOSE_WAIT #####/rsyslogd

Environment

  • CB Response Cloud Server: Current Version

Cause

Something between the Cloud Response Server, and the receiver is refusing the connection with error.

Resolution

  1. Confirm that all configurations are in place to allow traffic from the Response Cloud Server via the correct port.
  2. Once configurations have been adjusted, please open a case with Technical Support to re-enable rsyslog forwarding.

Additional Information

The error above shows that Response Cloud is able to send the data to the receiver, but something is refusing the connection.
Powered by Wolken Software