Carbon Black Cloud Syslog Connector

The Syslog Connector lets you forward alerts and audit logs from your Carbon Black Cloud instance to local, on-premise systems.

In addition, the Syslog Connector:

Generates customizable templated syslog messages.
Aggregates data from one or more Carbon Black Cloud organizations into a single syslog stream.
Can be configured to transport syslog messages using one of the following UDP, TCP, encrypted (TCP over TLS), HTTP(S), or local file.

For more information on the Syslog Connector, see the GitHub README.

To upgrade from Syslog 1.x to Syslog 2.x, see the GitHub Migration Guide.

Alternatives

Data Forwarders are the recommended export method for reliable and guaranteed delivery of Carbon Black Cloud alerts. This method works at scale to support any size customer or MSSP by writing jsonl zipped content to an S3 bucket. The Data Forwarder can be configured in the Carbon Black Cloud console under Settings > Data Forwarder or by using the Data Forwarder API.

You can use the Alerts API to build a custom integration. See the Alert Bulk Export Guide.

Requirements

Any Carbon Black Cloud product

Note: The Syslog Connector is not supported in the AWS GovCloud (US) environment.