EDR: How to enable debug logging on Linux

EDR: How to enable debug logging on Linux

search cancel

EDR: How to enable debug logging on Linux

book

Article ID: 288120

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

To enable debug logging in 6.3.x Linux sensors

Environment

EDR Linux Sensor: 6.3.x
Linux OS: All Supported Versions

Resolution

Edit: /var/opt/carbonblack/response/sensorsettings.ini
Set:

DaemonLogLevel=verbose

Save the changes.
Reload the cbdaemon process:

# killall cbdaemon -SIGHUP

Look for the increased logs in: /var/opt/carbonblack/response/log/cbdaemon.log

Additional Information

Important: this applies to Linux Sensor 6.3.0 and higher. Increased logging for 6.2.1 - 6.2.2 does not work, and versions prior to that use different instructions.
The default log level is 'info'
Available log levels, in ascending order of increased logging: none, error, warning, info, verbose
Log level values are case insensitive

Feedback

thumb_up Yes

thumb_down No