The online sensor count in the EDR dashboard is lower than the actual number of sensors reporting in and uploading data.

• EDR Server: 7.x
• EDR Sensors: All versions
• Linux: All versions

There is a timeout value of 5 minutes. If this time window is exceeded, the sensor is considered offline and therefore not included in the online total.

The issue may be resolved by increasing the server's timeout value by:

1. editing /etc/cb/cb.conf (on the Primary only for clusters)
2. uncomment #SensorCheckinOnlineIntervalMin=5   and set this to a number higher that 5. For example:
   
      SensorCheckinOnlineIntervalMin=10


3. restart EDR server / cluster services 

• The primary server's /var/log/cb/nginx/access.log flooded with 499 errors.
• The /var/log/cb/nginx/error.log is showing these errors:

upstream prematurely closed connection while reading response header from upstream