Breakdown and Location of the Linux Sensor logs?
Article ID: 292253
Updated On:
Products
Carbon Black Cloud Endpoint Standard
Carbon Black Cloud Enterprise EDR
Carbon Black Cloud Workload
Carbon Black Cloud Audit and Remediation
Issue/Introduction
Where do I locate the Linux Sensor logs, how much space does each utilize, and what are they for?
Environment
- Carbon Black Cloud Linux Sensor: All Versions
- Linux OS: All Supported Versions
Resolution
- /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/behavior-events
- "Endpoint Standard'’ type events
- Utilizes up to 1gb of storage
- /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/events
- "Enterprise EDR" type events
- Utilizes up to 1gb of storage
- /var/opt/carbonblack/psc/log/live_response_audit.txt
- Live response audit log
- Utilizes up to 200mb
- /var/opt/carbonblack/psc/log/live_response_log.txt
- Live response log
- Utilizes up to 200mb
- /var/opt/carbonblack/psc/log/log.txt
- Main sensor log
- Utilizes up to 200mb
- /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt
- Enterprise EDR log
- Utilizes up to 200mb
- /var/opt/carbonblack/psc/blades/40E797FD-4322-4D33-8E8C-EF697F4C2323/live_query_log.txt
- Live query log
- Utilizes up to 200mb
- /var/opt/carbonblack/psc/log/cbagentd-install.log is the install log
Additional Information
We expect 100 MB of additional disk space to be utilized by the agent binary itself, databases and backups, and sensor upgrade kits etc.
Feedback
Yes
No
Powered by
