Event Forwarder 3.8.3 is now generally available for all on-prem VMware Carbon Black EDR customers as a containerized distribution and as a standard RPM distribution.
Containerized Event Forwarder 3.8.3 is compatible with containerized Carbon Black EDR Server. Event Forwarder versions prior to 3.8.2 are not compatible with containerized Carbon Black EDR Server.
Bug Fixes/Other Changes
- The service now continues to run when a syslog port number is not provided. The system assumes a default port of 514.
- The service correctly interprets S3 bucket locations stated as
<temp file location:<region>:<bucket_name>.
Installation
General Event Forwarder information and installation instructions can be found here: https://github.com/carbonblack/cb-event-forwarder.
Installing Containerized Event Forwarder 3.8.3
See Install Containerized Event Forwarder for instructions on how to install containerized Event Forwarder and connect it to containerized Carbon Black EDR Server.
Containerized Event Forwarder 3.8.3 uses the following configuration values:
Installing Standard, RPM-based Event Forwarder 3.8.3
The standard, RPM-based distribution of Event Forwarder 3.8.3 can be downloaded from https://github.com/carbonblack/cb-event-forwarder/releases/tag/v3.8.3.
The RPM can be found in the CbOpensource.repo file.
For both the containerized and standard distributions, please remember that the EventForwarderEnabled configuration value can be used to enable/disable Event Forwarder UI configuration for Event Forwarder instances that are hosted on the same server as Carbon Black EDR Server.
The VMware Carbon Black EDR Team
