ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
Hello, guys, I need your help.
In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point:
Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
Hi Experts,
we are planning to take a configuration backup for arcsight products:
first connector (we have already take a container backup from the ArcMc ) .
Q:- how to restore that container backup?
secondly, for ESM we took the system…
Trying to add new parameter to collect windows log from windows server 2019 and got 2 errors:
i) Connector did not pass the verification with error [1:Encountered 1 error for command [GetLogAccessValidationResult]
Host: xx.xx.xx.xx
ii) Cannot retrieve…
I'm having some troubles with the flexconnector. I did the parser file but everytime I run the flexconn and I send some SSH Logs the parser do not work.
My parser file is called Vendor_syslog.subagent.sdkrfilereader.properties.
I modified in agent…
Hi geeks!
I was confused by referring to the document of the " Administration`s Guide for ArcSight Platform 21.1 ". Is there anyone who can guide me or introduce me to a better reference easier and simpler than the steps described in that document?…
A common question that comes up is around how to configure SmartConnectors that are under management through ArcMC to change the way that DNS operates. Depending on version and situation, you may wish to enable / disable DNS resolution at the SmartConnector…
One of the frequent questions I get is around management of Logger and how you can add one to ArcMC for centralized management. With more and more customers using multiple Logger instances, ArcMC is the best way to do this. But how do you get it 'hooked…
We're in the process of replacing old L7400x ( v5.3.1.6838.0) with L7500x (v6.2.0.7633.0) and would like to avoid re-creating manually the complete configuration to the new loggers. The new loggers are installed with separate IPs from the old ones and…
Could you Please help me for any documents explain What and how to configure HP ArcSight AddMon Component ( Additional Monitored Desktops for ArcSight Express ) "TH548AAE" ?
Hello guys, I was going to open a ticket, but i suppose that this is an old issue. Why isn't it possible? It would be great. Best regards, Nuno Mendonça
I currently have an ArcSight Logger running Logger 5.5.0.7067.1. I'm trying to figure out what I might be able to do in order to reduce the bandwidth used or limit it during certain hours. Does anyone know if there is a way to tell the connectors to only…
Hi, I am new to Arcsight and to this forum. During my installation of Arcsight I ran in to a problem. I ran the /opt/arcsight/manager/bin/setup_services.sh and it stopped before it could configure the arcsight web service and start the service. If I rerun…
I have a server that Configured as below; OS (Red Hat) Apache Oracle 11g Database. I need to collect logs from all three, but do I install all 3 SmartConnectors on this server, or is it possible to create a FlexConnector that can get me the required logs…
Hi, I'm trying to view the open cases, but when I click on the cases groups the ESM show the message: " >1000, view in channel... " and nothing more. Is there a way to bypass this limit or change the current configuration? Thank you Luca
Below are some smartconnector settings that you may find useful in your environment, especially in a high EPS setup. 1. init and max java heap memory of smartconnectors Default setting on smartconnectors is 256 MB. On high EPS setups, 256 MB of heap memory…
Hi all, I need help in providing a solution on how to do configuration backup for arcsight Logger. Previously we had an secondary server where we could SCP the configuration backup to the remote server. However, due to some circumstances, we had to return…
Hello, Has anybody experience with restore of archives on a different Logger ? We run a Logger appliance and plan to create an additional software Logger as a backup if the original system falls out for any reason. Then we plan to restore the configuration…
We run an ArcSight Logger with the latest patch update. In the section Configuration > Setttings > Configuration backup > Edit Configuration Backup I can define a backup schedule, which does not work. The same backup, defined as a one-time-action, works…
Hello All, I am scheduling the report in Arcsight Loger 5.3 While scheduling the report it shows me the export of records can be done by default in USER'S WORKING FOLDER , please let me know what would be the exact physical location for the same in Server…
Hello all I am using the Arcsight logger (not worked in installation and Configuration) using only GUI. I am looking at my Dashboard it is showing me the various agents,devices,severity with a good count associated with it. but while trying to pull the…
Hello, I've been investigating trying to set up a more efficient query in Logger (using an L7400-SAN) that will give a quick and dirty .CSV report giving the hostname and deviceAddress for all devices that have sent at least 1 event into this Logger over…
Is there a troubleshooting guide that I could follow? I'm unable to log back into the system via HTTPS but I can via SSH. The httpd service is running and I get the Apache test page if I try http only. License is good. Need assistance with this please
Hello, i have to install certificated issued by the customer CA in our SIEM enviroment (connector appliance, logger and express) but the customer said me that the CA doesn't sign CSR. It only issues new certificates and they want to generate a new certificate…