CB Response: Event-Forwarder Couldn't Start Due to RabbitMQ Credential
Article ID: 289840
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
# initctl start cb-event-forwarder
initctl: Job failed to start
Startup.log error:
"time="2019-01-28T06:07:17-08:00" level=fatal msg="Configuration errors:\n Could not get RabbitMQ credentials from /etc/cb/cb.conf""
initctl: Job failed to start
Startup.log error:
"time="2019-01-28T06:07:17-08:00" level=fatal msg="Configuration errors:\n Could not get RabbitMQ credentials from /etc/cb/cb.conf""
Environment
- CB Event Forwarder: All versions
Cause
Could not get RabbitMQ credentials from /etc/cb/cb.conf.
Resolution
On the event-forwarder.conf, it says:
"There are two deployment options:
#
# 1) For small deployments, or for low volume subscriptions (such as new binaries, feed/watchlist hits),
# you can install this connector directly on the Cb Response server. In this case, leave the following
# three configuration options blank and the service will connect to the local RabbitMQ instance using
# the credentials from the /etc/cb/cb.conf file.
#
# 2) For larger deployments, or for high volume subscriptions (such as raw endpoint events), it is recommended
# to install this connector on its own dedicated machine. In this case, fill the following three configuration
# options with the RabbitMQUser, RabbitMQPassword, and the IP/hostname of the Cb Response server or master
# node respectively. You will have to ensure that your host can connect to TCP port 5004 on the Cb Response
# server. "
"There are two deployment options:
#
# 1) For small deployments, or for low volume subscriptions (such as new binaries, feed/watchlist hits),
# you can install this connector directly on the Cb Response server. In this case, leave the following
# three configuration options blank and the service will connect to the local RabbitMQ instance using
# the credentials from the /etc/cb/cb.conf file.
#
# 2) For larger deployments, or for high volume subscriptions (such as raw endpoint events), it is recommended
# to install this connector on its own dedicated machine. In this case, fill the following three configuration
# options with the RabbitMQUser, RabbitMQPassword, and the IP/hostname of the Cb Response server or master
# node respectively. You will have to ensure that your host can connect to TCP port 5004 on the Cb Response
# server. "
Feedback
Yes
No
Powered by
