CB Response: Syslog is not writing files (rsyslog.conf)
Article ID: 287939
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
- Syslog files and diagnostic logs are not writing
- Logs are found in /var/log/messages
Environment
- Carbon Black Response Server
- Rsyslog
Cause
$IncludeConfig is not configured to pick up the cb-coreservices.conf file
Resolution
- Open /etc/rsyslog.conf
- Add the following line
$IncludeConfig /etc/rsyslog.d/*.conf
- Restart Rsyslog services
CentOS 6: sudo service rsyslog restart CentOS 7: sudo systemctl restart rsyslog
Additional Information
- Carbon Black Response utilizes rsyslog for writing logs
- Rsyslog.conf is left as default by the Carbon Black Response product
Feedback
Yes
No
Powered by
