EDR: Event Forwarder Syslog Format Will Not Save

EDR: Event Forwarder Syslog Format Will Not Save

search cancel

EDR: Event Forwarder Syslog Format Will Not Save

book

Article ID: 291061

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

UI suggests <protocol>://<fqdn>[:<port>] as the Syslog Destination but when attempting to input using this format the following error is received:

level=info msg="Running with metrics"time="2020-09-29T16:11:50-04:00" level=fatal msg="Error connecting to 'udp://192.168.146.155:514': dial udp: lookup //192.168.146.155: no such host

Environment

EDR Server: Version 7.x
EDR Forwarder: Version 3.7.1

Cause

Improper formatting in UI and Documentation

Resolution

Use the following format to add the appropriate Syslog Destination:
- <protocol>:<fqdn>:<port>
- udp:192.168.146.155:514
- tcp:192.168.146.155:514

Feedback

thumb_up Yes

thumb_down No