How to Check for ContentDownloadFailure Alarms (Linux)
search cancel

How to Check for ContentDownloadFailure Alarms (Linux)

book

Article ID: 292495

calendar_today

Updated On:

Products

Carbon Black Cloud Endpoint Standard (formerly Cb Defense) Carbon Black Cloud Enterprise EDR (formerly Cb Threathunter)

Issue/Introduction

Provide steps for checking on ContentDownloadFailure alarms/errors from a local machine from the content delivery network (https://content.carbonblack.io) which provides additional configuration for 2.12.x.x and higher Sensors

Environment

  • Carbon Black Cloud Console: All Versions
    • Endpoint Standard
    • Enterprise EDR
    • Audit & Remediation
    • Workload
  • Carbon Black Cloud Sensor: 2.12.x.x and Higher
  • Linux: All Supported Versions

Resolution

  1. Launch terminal emulator
  2. Check for alarm in log.txt 
    sudo grep -Ein --color "Added [[]ContentDownloadFailure[]] Telemetry event to Telemetry Event Sink." /var/opt/carbonblack/psc/log/log.txt
  3. Output will show the dates and times of relevant alarms 
    <line#>:[YYYY-MM-DD hh:mm:ss.ssssss]... ReMgr : TAProcessEvent : Added [ContentDownloadFailure] Telemetry event to Telemetry Event Sink.

Additional Information

  • Once changes have been made to allow access to content.carbonblack.io, the above error will stop occurring in the logs
  • It is also possible to check for telemetry events in general 
    sudo grep -Ein --color "Added [[].*[]] Telemetry event to Telemetry Event Sink." /var/opt/carbonblack/psc/log/log.txt
Powered by Wolken Software