CB Response: What Log File Will Track Uninstalling a Sensor From the Console
Article ID: 289711
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
What log file will track uninstalling a Cb Response Sensor from the Console?
Environment
- CB Response Console: All Versions
- CB Response Sensor: All Versions
Resolution
The '/var/log/cb/ngnix/access.log' file will contain a message similar to the following when a Cb Response Sensor is uninstalled from the Console:
::ffff:192.168.108.225 - - [07/Nov/2019:14:32:33 -0500(0.051)] "POST /sensor/uninstall/resultnotify/24 HTTP/1.1" 200 0 246 300 "-" "" ">127.0.0.1:6501" "Cb Response WinHTTP Client" "-"
::ffff:192.168.108.225 - - [07/Nov/2019:14:32:33 -0500(0.051)] "POST /sensor/uninstall/resultnotify/24 HTTP/1.1" 200 0 246 300 "-" "" ">127.0.0.1:6501" "Cb Response WinHTTP Client" "-"
Additional Information
- In the example provided, sensor id '24' was uninstalled via IP address '192.168.108.225'.
Feedback
Yes
No
Powered by
