CB Response: How to enable event collection on an eventless master
Article ID: 292399
Updated On:
Products
Carbon Black EDR (formerly Cb Response)
Issue/Introduction
Convert an eventless master to start ingesting events
Environment
- CB Response Server: 6.x
- Clustered Environment
- Eventless Master Server
Resolution
- Open an SSH session with the master server
- Stop services
-
sudo /usr/share/cb/cbcluster stop
-
- Set the master to collect events
-
sudo /usr/share/cb/cbcluster change-node -E True
-
- Start services
-
sudo /usr/share/cb/cbcluster start
-
Additional Information
- Ensure the master server has sufficient resources to begin collecting and storing data.
- Event collection on the master can be disabled by the steps above, but using the value False instead of True in step 3.
-
sudo /usr/share/cb/cbcluster change-node -E False
-
Feedback
Yes
No
Powered by
