EDR: /var/cb/data Directory Constantly Filling Up
search cancel

EDR: /var/cb/data Directory Constantly Filling Up

book

Article ID: 290686

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • Datastore (default /var/cb/data) directory continuously reports 90% full or higher
  • Increasing backlog of Event data 

Environment

  • EDR Server: Version 6.x and Higher
  • EDR Cluster

Cause

Event data not purging in timely manner.

Resolution

  1. On each node in cluster, open /etc/cb/cb.conf file to edit
  2. Modify 'MaxEventStoreSizeInPercent' parameter to following value:
MaxEventStoreSizeInPercent=80
  1. Restart services

Additional Information

The 'MaxEventStoreSizeInPercent' parameter configures the threshold that disk usage would trigger clean up as percentage of total disk space available to event store, the default value is '90%'
Powered by Wolken Software