• Manager Receipt Time field has wrong time

    Hello Need your help In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors). I am interested in your…
  • Can't start ./runagentsetup after connector installing

    Hello, guys, I need your help. In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point: Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
  • Healthy ESM Thread Count

    Dears, How to know what is the healthy thread count for the ESM and the Agents? We have the next values in server.properties: - agent.threads.max=437 - serverletcontainer.jetty311.threadpool.maximum=674 However, the active thread count is always…
  • awsS3 parser + subParse issue

    as per https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors/pdfdoc/amazon-web-services-s3/amazon-web-services-s3.pdf p24 I followd the section to add a custom parser for awsS3 and created a file in \current\user\agent\fcp\awss3…
  • Problem with apllying parser for syslog connector

    Hello. Can you help with diagnose issue with applying parser for syslog connector. I have next stages of issue: 1) I create config file for syslog connector and move it to /../current/user/agent/flexagent/syslog/ with name like parser.sdkrfilereader…
  • Migrate connector from server to server

    Hello champion! I have many connectors in server (windows server 2012). how to migrate connectors to windows server 2019 .
  • Logger - EPS out not working

    Dear Community, Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK) Logger version : 7.2.2 ESM Version : 7.5 Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
  • Configuration backup ESM

    Hi Experts, we are planning to take a configuration backup for arcsight products: first connector (we have already take a container backup from the ArcMc ) . Q:- how to restore that container backup? secondly, for ESM we took the system…
  • Degradation EPS on ESM

    Hello. Did anyone meet the next problem? In server.license.log looking degradation of EPS (x3 for 2 month). Connectors have cache files. But activating multithread doesn't help. No memmory problem on connectors. Cache files on all connectors. In agent…
  • What is meaning of Number of bad threat level values in connector?

    When i opened agent.log and used 'WARN' filter. show me that. I got many 'number of bad threat level values received and corrected' mesages. What does this message mean? Best Regards
  • How to find smart connector name in which file of smart connnector

    Hi , There is many type of connector installed. I didn't find out connector name. Please provide file name or file path of smart connector. However we find out smart connector name.
  • send logs from smart connector to another smart connector

    Hello, thank you for giving me an idea on the instructions to follow to achieve the following diagram: 1- collect logs from the AD server to a server_X located at the same private VlAN. 2- collect AD logs from server_X to another server in public…
  • Oracle Audit DB integration with arcsight

    Hello, I have integrated oracle 11g r2 with arcsight smatconnector audit DB I have receiving only 3 types of logs(LOGON , LOGOFF, LOGOFF BY CLEANUP) . Can any one suggest me what is this logs and how i will get other logs like select ,update, create…
  • flex connector properties file not working

    I'm having some troubles with the flexconnector. I did the parser file but everytime I run the flexconn and I send some SSH Logs the parser do not work. My parser file is called Vendor_syslog.subagent.sdkrfilereader.properties. I modified in agent…
  • ArcSight Use Cases

    Require help on creating reports/rules/dashboard/alerts on below Use Cases in Arcsight ESM 1. DNS attacks 2. SQL injection 3. WAF 4. DDO S
  • Oracle Audit DB Integration with arcsight

    oracle db integration with audit_db. Run the script at command prompt from the ARCSIGHT_HOME/ current/agent/config/oracle_db directory: Sqlplus "sys/ as sysdba" @oracleAuditing.sql Where i need to run the above command on database or agent server…
  • Config connector for office 365 but can't verify pass

    I'm demo office365 and try to collect log by arcsight connector. I'm do follow by config guild but i found a verify can't pass. The error display is " cannot retrieve access token due to com.microsoft.aad.adal4j.authenticationexception" Please hekp…
  • ArcSight - File Integrity Monitoring??

    Hi, Can anyone suggest how we can monitor FIM related logs in Arcsight SIEM currently we are getting generic logs such as login and logoff etc. Any help will be appreciated. Thanks, Anup Saroj
  • identification of the system by DB on the agent for Sharepoint BD | Arcsight Sharepoint BD

    Good afternoon, colleagues. Has anyone encountered this problem: There are several databases on one SharePont server. Each database belongs to a specific system. MS Sharepoint BD agent is connected to SharePoint. The problem is the following: In the received…
  • How to cut off some fields in logs from source devices send to Connectors

    Dear everyone, I have a question about cut off some fields in logs like this: - My Firewall send logs to Connector - Now, in log files, there are some field I dont need to collect. So how to delete that fields before Connector send to Logger…
  • Parsing Timestamp

    I'm trying to parse a timestamp in a JSON parser, but I'm not having any luck despite trying various things in the dev guide. Format: "2022-05-16 19:54:25 +0000 UTC" My token: token[2].name=backend_timestamp token[2].type=String token[2].location…
  • Multiple Filreader.exe Processes Abandoned and locked Persistence Files

    Good day. I have created an sdkrfilereader to parse some Cold Fusion Apache Logs from Seven different servers via File Shares. Works well for a period of time then some just stop sending events. I checked and found several hundred FileReader.exe processes…
  • Max Threads Count in server.properties

    Dears, What is the value of max.threads.count and servletcontainer.jetty311.threadpool.maximum in server.properties In case there are 65 connector( with 4-10 threads opened for every connector) in the environment, and 20 console? Thanks in advance, …
  • Use event field as message id for submessage

    Is there any way to use event field value instead token to identify event pattern and process it by submessage. Unfortuntantly this trick doesn't work: submessage.messageid.token=event.deviceEventClassId
  • Arcsight Flex Connector processing order

    Could someone share with me in what order Flex Connector process the parser, maps and other parser configuration files? As far as i know mapping occurs after parsing. Can i change this order? I'm working on parser now for logs those have no actual…