This topic describes several issues and troubleshooting recommendations.
Error in the Carbon Black EDR Console
Review the log file: /var/log/cb/coreservices/debug.log for a Python stack trace with details.
Contact your VMware Carbon Black Technical Support representative.
Sensors Are Not Checking In
If a sensor is not checking in, look in the log file: /var/log/cb/nginx/access.log for a request from the host.
For example:
164.230.214.13 - - [20/Apr/2021:20:04:52 +0000(3.811)] "POST /sensor/checkin/35998 HTTP/1.1" 502 166 "-" "sensors.vibrant-pies.my.carbonblack.io" ">170.16.20.21:6501" "-" "-"
In the output example, several fields are useful for diagnosing the issue:
-
Sensor Id is reported after the checkin field. It is 35998 in the above case.
-
The actual error code is reported in the field following HTTP/1.1 text. In the example above, 502 is the error code.
-
In a clustered environment, some requests proxy calls to a different minion in the cluster. This minion's address is reported after the ‘>’ character (170.16.20.21 in the above case).
If you find a checkin error or an error to any other call with the "/sensor/" prefix, check the following log: /var/log/cb/sensorservices/debug.log.
If you see an error related to requests prefixed with "/data/", check the following log: /var/log/cb/datastore/debug.log.
In a clustered environment, review the log files on the node that is referenced in the nginx error log entry.
Alternatives
If sensors are not checking in but there are no entries in access.log , check error.log .
If the sensor SSL client certificates are not signed by the Certificate Authority (CA) in /etc/cb/certs and configured in /etc/cb/nginx/conf.d/cb.conf , nginx will refuse the request.
If there are no entries in error.log, check the status of sensor communications as described in the VMware Carbon Black EDR Sensor Installation Guide.
Verify that Everything is Working
Check the nginx access.log for ‘ 200 ’ HTTP response codes. 200 codes indicate that communications are working properly.
