CB Response: What do "Error allocating event type" events mean in the /var/log/messages file?
search cancel

CB Response: What do "Error allocating event type" events mean in the /var/log/messages file?

book

Article ID: 289171

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

What do events like "May 3 23:35:09 <servername> kernel: cbsensor: logger.c:156: Error allocating event type 2" mean in the /var/log/messages file?

Environment

  • CB Response Linux Sensor: All Supported Verisons
  • RHEL/CentOS Linux: All Supported Versions

Resolution

This error means that the system is experiencing memory fragmentation and as a result is running out of specific kernel memory slabs which the sensor needs to process events.

Additional Information

  • "Error allocating event type" msgs are due to memory allocation failures in the kernel.
  • Systems under a heavy load can experience specific memory resource shortages from time to time, which in turn can cause the CB Response sensor to run out memory when it needs it. This is not a CB Response specific issue typically.
Powered by Wolken Software