Carbon Black EDR Event Forwarder 3.8.2 Released
Posted on August 25, 2022
Event Forwarder 3.8.2, the initial release of containerized Event Forwarder, is now generally available for all on-prem EDR customers!
Event Forwarder 3.8.2 is available as a containerized distribution and as a standard RPM distribution.
Containerized Event Forwarder 3.8.2 is compatible with containerized EDR Server, while Event Forwarder versions prior to 3.8.2 are not compatible with containerized EDR Server.
This is a maintenance release that delivers the following:
Features
- Compatibility with containerized EDR Server via a new Event Forwarder docker image
Bug Fixes / Other Changes
- An adjustment to a change in RabbitMQ authentication released in EDR Server 7.7.0, while maintaining backwards compatibility
- A fix for an issue that could cause Event Forwarder to lock up if an excessive amount of time passed without logging events
Download & Installation
There are two versions available: a containerized distribution and a standard RPM distribution.
Note that the EventForwarderEnabled configuration value can be used to enable/disable Event Forwarder UI configuration for Event Forwarder instances that are hosted on the same server as EDR Server.
Containerized Event Forwarder 3.8.2
On-prem EDR customers can now download and install a containerized version of Event Forwarder using Docker.
See Install Containerized Event Forwarder 3.8.2 for instructions on how to download and install containerized Event Forwarder 3.8.2 and connect it to containerized EDR Server (7.7.0+).
Note: Containerized Event Forwarder 3.8.2 introduces two new configuration values:
- EventForwarderContainerAddress
- EventForwarderContainerPort
Standard, RPM-based Event Forwarder 3.8.2
On-prem EDR customers can download and install the standard, RPM-based distribution of Event Forwarder 3.8.2 by following these instructions, also available on GitHub Event Forwarder Installation and the README.md file contained within the Source code .zip and tar.gz files of the 3.8.2 release package.
Installation
To install and configure the cb-event-forwarder, perform these steps as “root” on your target Linux system.
NOTE: if you plan to use the EDR console to configure and control cb-event-forwarder, then you MUST install it on the same system on which EDR is installed. (In the case of a cluster installer, this means the primary node.)
-
Install the CbOpenSource repository if it isn’t already present:
cd /etc/yum.repos.d curl -O https://opensource.carbonblack.com/release/x86_64/CbOpenSource.repo
-
Install the RPM via YUM:
yum install cb-event-forwarder
-
If you are using EDR 7.1.0 or greater and wish to use the EDR console to configure and operate the Event Forwarder, run the following script to set the appropriate permissions needed by EDR:
/usr/share/cb/integrations/event-forwarder/cb-edr-fix-permissions.sh
More Information
More information on Event Forwarder can be found at: