EDR: No threat report for yara feed
search cancel

EDR: No threat report for yara feed

book

Article ID: 291492

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • No threat report for yara feed
  • DEBUG-Exception in wait: Error 104 while writing to socket. Connection reset by peer.

Environment

  • EDR: All Supported Versions

Cause

Redis queue is overwhelmed and over the client output buffer limit

Resolution

  1. Change client-output-buffer lines in /etc/cb/redis.conf.template. Try using the first configuration settings to double the available memory for the client output buffers. If this does not improve the connectivity, testing with unlimited buffer sizes can be accomplished with the second set of configuration settings:
  • Increase client output buffer size to twice the default
client-output-buffer-limit normal 0 0 0 
client-output-buffer-limit slave 512mb 128mb 60 
client-output-buffer-limit pubsub 64mb 32mb 60
  • Set client output buffer size to unlimited
client-output-buffer-limit normal 0 0 0
client-output-buffer-limit slave 0 0 0
client-output-buffer-limit pubsub 0 0 0
  1. Reboot the operating system
  2. Start Yara Manager
Powered by Wolken Software