CB Response: /var/lib/cb/eventlogs/finalized Directory Continuously Writes Logs on Linux Endpoints
search cancel

CB Response: /var/lib/cb/eventlogs/finalized Directory Continuously Writes Logs on Linux Endpoints

book

Article ID: 291789

calendar_today

Updated On:

Products

Carbon Black EDR (formerly Cb Response)

Issue/Introduction

  • the cbdaemon.*.invalid-user.log.INFO.* log will show similar events:
0319 07:41:07.142755 25678 eventlogs_manager.cpp:484] Eventlog quota exceeded: 1% (limit: 1%) 
W0319 07:41:07.142788 25678 eventlogs_manager.cpp:2172] Over quota, eventlog writing disabled till condition improves!

 

Environment

  • CB Response Linux Sensor: 6.1.9 Or Lower
  • RHEL Linux: Version 7.6
  • Linux Kernel Version: 3.10.0-957—3.10.0-957.5.1 

Cause

Sensor Version 6.1.9 is not supported on RHEL 7.6 and kernel 3.10.0-957. 

Resolution

CB Response Linux Sensor 6.1.10 was released to support RHEL 7.6 and kernel 3.10.0-957
Powered by Wolken Software