EDR: How to add logging for core purging

search cancel

EDR: How to add logging for core purging

book

Article ID: 289485

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

Enable debug logging to show when Solr cores are purged

Environment

EDR Server: 6.x and higher (formerly CB Response)

Resolution

Open /etc/cb/enterprised-logger.conf file:

Modify the keys variable under the [loggers] section

[loggers]
keys=root, cb.enterprise.tasks.solr_event_partition_purge, cb.enterprise.tasks.solr_time_partitioner

Add the following lines

[logger_cb.enterprise.tasks.solr_event_partition_purge]
level=DEBUG
handlers=syslog
propagate=0
qualname=cb.enterprise.tasks.solr_event_partition_purge

[logger_cb.enterprise.tasks.solr_time_partitioner]
level=DEBUG
handlers=syslog
propagate=0
qualname=cb.enterprise.tasks.solr_time_partitioner

Additional Information

If the environment is clustered, the setting must be applied on each node
Config changed will be picked up without a service restart

Feedback

thumb_up Yes

thumb_down No