EDR: How to enable debug logging for the 3.8 Event Forwarder

EDR: How to enable debug logging for the 3.8 Event Forwarder

search cancel

EDR: How to enable debug logging for the 3.8 Event Forwarder

book

Article ID: 288166

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

How to enable debug logging for the 3.8 Event Forwarder

Environment

EDR Server: All versions
EDR Sensors: All versions
CB Event Forwarder: 3.8+

Resolution

There's a new debug setting for the 3.8+ Event Forwarder in the file /etc/cb/integrations/event-forwarder/event-forwarder.conf

#log_level controls the logging level, default INFO Ex) (INFO, WARN, DEBUG, ERROR, PANIC)
log_level=

Set the log_level to DEBUG, then restart the Event Forwarder(s).
If this is a cluster, repeat these steps for each node in the cluster to achieve full coverage.

Feedback

thumb_up Yes

thumb_down No