Cb Response: Security Product Causing SOLR Insert Document Exception
search cancel

Cb Response: Security Product Causing SOLR Insert Document Exception

book

Article ID: 291468

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • 404 page when opening process detail page.
  • SOLR debug.log shows error like below
2018-08-31 10:19:02,180 - [ERROR] - from com.carbonblack.cbfs.solr.CbProcessUpdateRequestProcessorBase in qtp194494468-16915 
Insert document exception 
org.apache.solr.common.SolrException: Exception writing document id 000003e7-0002-64b2-01d4-41346a34127b-000000000001 to the index; possible analysis error.

Environment

  • Cb Response Server: All versions
  • Cb Protection Agent: All versions

Cause

Protection agent or any security product causes SOLR insert document exception

Resolution

Add the following kernel file exclusion rule to Protection agent:
  1. Navigate to https://YOUR_PROTECTION_SERVER/agent_config.php 
  2. Add a new configuration with the following settings:  
    Name: Kernel File Exclusion for Response Server 
Host ID: Enter the Host ID of Response server 
Value: kernelFileOpExclusions=/var/cb/*:2094975 
Status: Enabled 
Platform: Linux
    1. Save
    2. Add the same exclusion to any AV product on the endpoint
    Powered by Wolken Software