Carbon Black Cloud: What Are The Size And Age Retention Policies For Sensor Logs?
Article ID: 288520
Updated On:
Products
Carbon Black Cloud Endpoint Standard (formerly Cb Defense)
Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)
Issue/Introduction
What Are The Size And Age Retention Policies For Sensor Logs?
Environment
- Carbon Black Cloud Sensor: All Versions
- Microsoft Windows: All Supported Versions
Resolution
The log limits are based on the size of the log itself. Various different logs have different size caps and, depending on the log, will either create a new instance of the log and zip the old one and keep a number of instances with nothing rolling off until that cap is reached. Some examples are listed below:
Confer
Max size: 250MB
Retention policy: Rotate
Rotation count: 20
AmsiEvents log
Max size: 50MB
Retention policy: Rotate
Rotation count: 10
scanhost.log
Max size: 10MB
Retention policy: Shift (when full the oldest 50 percent is deleted)
SensorAlarms.log
Max size: 5MB
Retention policy: Rotate
Rotation count: 1
Confer
Max size: 250MB
Retention policy: Rotate
Rotation count: 20
AmsiEvents log
Max size: 50MB
Retention policy: Rotate
Rotation count: 10
scanhost.log
Max size: 10MB
Retention policy: Shift (when full the oldest 50 percent is deleted)
SensorAlarms.log
Max size: 5MB
Retention policy: Rotate
Rotation count: 1
Feedback
Yes
No
Powered by
