Carbon Black EDR logs events to Syslog.

  • Notification logs – for watchlist and feed hits, and binary information events
  • Audit logs – for banning, isolation, and Live Response sessions

    With audit logging enabled, audit logs include all user API activity, including HTTP request details. See Audit Logs.

See the VMware Carbon Black EDR Server/Cluster Management Guide for information about all Carbon Black EDR server logs.