Carbon Black EDR Unified View rotates log files on a daily basis and stores them for 7 days. The server generates logs from two sources:

  • nginx – Logs basic access and error logs that are stored in /var/log/cb/nginx/access.log and error.log, respectively. The logs contain the basic HTTP requests made to the Carbon Black EDR Unified View server for the API.
  • uvservices (the Carbon Black EDR Unified View service) – Generates and stores the following log files in /var/log/cb/uvservices:

Log file

Description

startup.log

Captures output that is generated before the logging framework starts up.

access.log

Not currently used.

debug.log

General log file that includes status of pool workers and end-user activity.