Carbon Black EDR Unified View rotates log files on a daily basis and stores them for 7 days. The server generates logs from two sources:
- nginx – Logs basic access and error logs that are stored in /var/log/cb/nginx/access.log and error.log, respectively. The logs contain the basic HTTP requests made to the Carbon Black EDR Unified View server for the API.
- uvservices (the Carbon Black EDR Unified View service) – Generates and stores the following log files in /var/log/cb/uvservices:
Log file |
Description |
---|---|
startup.log |
Captures output that is generated before the logging framework starts up. |
access.log |
Not currently used. |
debug.log |
General log file that includes status of pool workers and end-user activity. |