This topic describes Syslog output for Carbon Black EDR events. It provides descriptions and examples of the output, and explains how you can use Syslog output for notification of alerts.

Carbon Black EDR logs events to Syslog.

• Notification logs – for watchlist and feed hits, and binary information events
• Audit logs – for banning, isolation, and Live Response sessions

  With audit logging enabled, audit logs include all user API activity, including HTTP request details.

See the Carbon Black EDR Server Cluster Management Guide for information about all Carbon Black EDR server logs.