How To Enable Verbose Logging for Linux Sensor
search cancel

How To Enable Verbose Logging for Linux Sensor

book

Article ID: 292326

calendar_today

Updated On:

Products

Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter) Carbon Black Cloud Endpoint Standard

Issue/Introduction

 How to enable Verbose Logging on Carbon Black Cloud EEDR Component for Linux Sensor

Environment

  • Carbon Black Cloud Linux Sensor: All Supported Versions
  • RHEL: All Supported Versions

Resolution

Verbose Logging should not be turned on unless directly by Carbon Black Engineering

  1. Stop the sensor (cbagentd): 
    $sudo systemctl stop cbagentd
  2. Edit the follow file: 
    /var/opt/carbonblack/psc/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B4/th.ini
  3. Add a LogLevel=4 line to the th.ini file under the [ThreatHunter] section:
    [ThreatHunter]
LogLevel=4
  4. Save and close file 
  5. Start the sensor (cbagentd): 
    $sudo systemctl start cbagentd
  6. To disable verbose logging, remove the value from the th.ini and restart cbagentd
  7. Logs can be collected via these steps

Additional Information

The log level is configurable 
Error = 1
Warning = 2
Info = 3 (Default)
Verbose = 4
Location of the CBTH log file 
/var/opt/carbonblack/psc/log/blades/E51C4A7E-2D41-4F57-99BC-6AA907CA3B40/threat_hunter_log.txt
Powered by Wolken Software