Event Forwarder 3.8.2, the initial release of containerized Event Forwarder, is now generally available for all on-prem VMware Carbon Black EDR customers!
Event Forwarder 3.8.2 is available as a containerized distribution and as a standard RPM distribution.
Containerized Event Forwarder 3.8.2 is compatible with containerized Carbon Black EDR Server, while Event Forwarder versions prior to 3.8.2 are not compatible with containerized Carbon Black EDR Server.
Features
- Compatibility with containerized Carbon Black EDR Server added through a new Event Forwarder docker image.
Bug Fixes/Other Changes
- An adjustment to a change in RabbitMQ authentication released in Carbon Black EDR Server 7.7.0, while maintaining backwards compatibility.
- A fix for an issue that could cause Event Forwarder to lock up if an excessive amount of time passed without logging events.
Installation
General Event Forwarder information and installation instructions can be found here: https://github.com/carbonblack/cb-event-forwarder.
Installing Containerized Event Forwarder 3.8.2
See Install Containerized Event Forwarder 3.8.2 for instructions on how to install containerized Event Forwarder 3.8.2 and connect it to containerized EDR Server.
Containerized Event Forwarder 3.8.2 introduces two new configuration values:
Installing Standard, RPM-based Event Forwarder 3.8.2
The standard, RPM-based distribution of Event Forwarder 3.8.2 can be downloaded from https://github.com/carbonblack/cb-event-forwarder/releases/tag/v3.8.2.
The RPM can be found in the CbOpensource.repo file.
For both the containerized and standard distributions, please remember that the EventForwarderEnabled configuration value can be used to enable/disable Event Forwarder UI configuration for Event Forwarder instances that are hosted on the same server as Carbon Black EDR Server.
The VMware Carbon Black EDR Team