EDR: How to Enable Verbose Audit Logging
Article ID: 288034
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
How to enable verbose audit logging
Environment
- EDR: All Versions
Resolution
- Log onto the EDR Server through ssh/terminal
- Open /etc/cb/cb/cb.conf
- Add the following line anywhere in the file
EnableExtendedApiAuditLogging=True
- Restart the Server Services EDR: How to restart the server services
Additional Information
- This will capture the API calls being made within the console
- Log location: /var/log/cb/audit
Feedback
Yes
No
Powered by
