Carbon Black Cloud Syslog Connector

The Syslog Connector lets administrators forward alert notifications and audit logs from their Carbon Black Cloud instance to local, on-premise systems, and:

  • Generates pipe-delimited syslog messages with alert metadata identified by the streaming prevention system
  • Aggregates data from one or more Carbon Black Cloud organizations into a single syslog stream
  • Can be configured to use UDP, TCP, or encrypted (TCP over TLS) syslog protocols


  • Endpoint Standard or Enterprise EDR
Note: The Syslog Connector is not supported in the AWS GovCloud (US) environment.

The Data Forwarder is the recommended export method for reliable and guaranteed delivery of Carbon Black Cloud Alerts. This method works at scale to support any size customer or MSSP by writing jsonl zipped content to an S3 bucket. The Data Forwarder can be configured in the Carbon Black Cloud console under Settings > Data Forwarder or using the Data Forwarder API.

Alternatively, the Alerts API can be used. Further detail is in the Alert Bulk Export Guide.


  • You can install the Syslog Connector using either PyPI or GitHub.

How to Automate

The syslog connector can be automated on all Platforms. Please select your desired Operating System for more information.

Last modified on February 9, 2023