The following table describes critical logs that reside on the Carbon Black EDR server:

Log

Description

/var/log/cb/nginx/access.log (and error.log )

nginx HTTP access and error logs for all sensor and API traffic.

/var/log/cb/coreservices/debug.log

Application logic for API traffic.

/var/log/cb/sensorservices/debug.log

Application logic for sensor traffic.

/var/log/cb/datastore/debug.log

Incoming sensor data cache.

/var/log/cb/solr/debug.log

Sensor data storage, indexing, and queries.