CB Response: Alerts not being seen in the UI until days later
Article ID: 287778
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Alerts fail to be seen until days after the events occurred.
Environment
- Response Server: 6.2.4
Cause
/var/log/cb/ is 100% utilized due to HPROF and log files not cleared through the automated cleanup.
Resolution
Confirm disk space is available for /var/cb/ and /var/log/cb/
Additional Information
If the issue is still seen after clearing disk space, upgrading the Response Server past 6.2.X has also resolved this issue.
Feedback
Yes
No
Powered by
