Carbon Black Cloud: How To Enable Verbose Logging for Linux Sensor
search cancel

Carbon Black Cloud: How To Enable Verbose Logging for Linux Sensor

book

Article ID: 292326

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

 How to enable Verbose Logging on Carbon Black Cloud EEDR Component for Linux Sensor

Environment

  • Carbon Black Cloud Linux Sensor: 2.5.0 and Higher
  • RHEL Version 6 and Higher
  • CentOS Version 6 and Higher

Resolution

Verbose Logging should not be turned on unless directly by VMware Carbon Black Engineering
  1. Create file called th.ini using the following command:
$sudo touch /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B4/th.ini
  1. Add the following to the th.ini file
[ThreatHunter]
LogLevel=4
  1. Save and close file 
  2. Restart cbagentd: 
  • RHEL/CentOS 6
$sudo service restart cbagentd
  • RHEL/CentOS 7
$sudo systemctl restart cbagentd
  1. To disable verbose logging, remove the value from the th.ini and restart the cbagentd again

Additional Information

The log level is configurable 
Error = 1
Warning = 2
Info = 3 (Default)
Verbose = 4
Location of the CBTH log file 
/var/opt/carbonblack/psc/log/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt
Powered by Wolken Software