Carbon Black Cloud: Breakdown and Location of the Linux Sensor logs?
search cancel

Carbon Black Cloud: Breakdown and Location of the Linux Sensor logs?

book

Article ID: 292253

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense)

Issue/Introduction

Where do I locate the Linux Sensor logs, how much space does each utilize, and what are they for?

Environment

  • Carbon Black Cloud Sensor:: All Versions
  • Linux: All Supported Versions

Resolution

  • /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/behavior-events
    • "Endpoint Standard'’ type events
    • Utilizes up to 1gb of storage
  • /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/events
    • "Enterprise EDR" type events
    • Utilizes up to 1gb of storage
  • /var/opt/carbonblack/psc/log/live_response_audit.txt
    • Live response audit log
    • Utilizes up to 200mb
  • /var/opt/carbonblack/psc/log/live_response_log.txt
    • Live response log
    • Utilizes up to 200mb
  • /var/opt/carbonblack/psc/log/log.txt
    • Main sensor log
    • Utilizes up to 200mb
  • /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt
    • Enterprise EDR log
    • Utilizes up to 200mb
  • /var/opt/carbonblack/psc/blades/40E797FD-4322-4D33-8E8C-EF697F4C2323/live_query_log.txt
    • Live query log
    • Utilizes up to 200mb
  • /var/opt/carbonblack/psc/log/cbagentd-install.log is the install log

Additional Information

We expect 100 MB of additional disk space to be utilized by the agent binary itself, databases and backups, and sensor upgrade kits etc.
Powered by Wolken Software