Back to Blogs
Announcing the Carbon Black Cloud Syslog Connector 2.0.0 Release!
Announcing the Carbon Black Cloud Syslog Connector 2.0.0 Release!
Posted on October 30, 2023
The Carbon Black Cloud Syslog Connector Version 2.0.0 has been officially released! The Syslog Connector lets administrators forward alerts and audit logs from their Carbon Black Cloud instance to local, on-premise systems, and:
- Generates customizable templated syslog messages
- Aggregates data from one or more Carbon Black Cloud organizations into a single syslog stream
- Can be configured to transport syslog messages using one of the following UDP, TCP, encrypted (TCP over TLS), HTTP(S), or local file
This release adds the following features:
NEW:
- Added increased message templating support for any syslog format
- Supports customizable extensions based on a configurable type field
- Supports customizable timestamp format
- Audit logs and Alerts can be enabled independently
- Added new cbc_syslog_forwarder script which is installed into OS bin directory
- New CBC Syslog commands to support config validation, setup wizard, configuration convert, polling, and historical fetch for alerts
- All current and future alert types are supported by default
- Built in notification rule style support using alert_rules to configure specific filters that reduce noise and alert fatigue
- Only one API key required to fetch all Carbon Black Cloud data, and conforms to the principal of least privilege
- Create a CUSTOM API key with only org.alerts READ and org.audits READ permissions.
- Improved configuration validation and logging
Breaking Changes:
- New configuration file format from conf to toml
- Moved from Carbon Black Cloud notifications to Alerts v7 schema
- Removed CEF and LEEF support for better message templating to customize to any syslog format
- back_up_dir renamed to backup_dir
- api_connector_id/api_key and siem_connector_id/siem_key replaced by custom_api_id/custom_api_key
- Removed requests_ca_cert
- Changed CLI parameters to increase functionality
- Removed dead cacert.pem
- Changed how cbc-syslog is executed to support better python practices
Bug fixes:
- Improved Backup Directory support to only process cbc syslog .bck files
- Improved handling for Carbon Black Cloud server_url supports hostname with https or without and removes trailing backslash
For more information on the Carbon Black Cloud Syslog Connector:
- Read the Carbon Black Cloud Syslog Connector Documentation
- Read the 1.x Migration
- Read the GitHub README
- Read the Carbon Black Cloud Authentication Guide
Have questions or feedback?
- Use the Developer Community Forum to discuss issues and get answers from other API developers in the Carbon Black Community
- Report bugs and change requests to Carbon Black Support
- Subscribe to the Developer Network Newsletter