Hello
Need your help
In ArcSight ESM, the time is incorrectly displayed in the Manager Receipt Time field (one hour behind). This problem is global and is present on all connectors (the time is correct on the connectors).
I am interested in your…
Hello, guys, I need your help.
In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point:
Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
Dears, How to know what is the healthy thread count for the ESM and the Agents?
We have the next values in server.properties:
- agent.threads.max=437
- serverletcontainer.jetty311.threadpool.maximum=674
However, the active thread count is always…
as per https://www.microfocus.com/documentation/arcsight/arcsight-smartconnectors/pdfdoc/amazon-web-services-s3/amazon-web-services-s3.pdf p24
I followd the section to add a custom parser for awsS3 and created a file in \current\user\agent\fcp\awss3…
Hello.
Can you help with diagnose issue with applying parser for syslog connector.
I have next stages of issue:
1) I create config file for syslog connector and move it to /../current/user/agent/flexagent/syslog/ with name like parser.sdkrfilereader…
Dear Community,
Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK)
Logger version : 7.2.2
ESM Version : 7.5
Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
Hi Experts,
we are planning to take a configuration backup for arcsight products:
first connector (we have already take a container backup from the ArcMc ) .
Q:- how to restore that container backup?
secondly, for ESM we took the system…
Hello.
Did anyone meet the next problem? In server.license.log looking degradation of EPS (x3 for 2 month). Connectors have cache files. But activating multithread doesn't help. No memmory problem on connectors. Cache files on all connectors. In agent…
When i opened agent.log and used 'WARN' filter. show me that. I got many 'number of bad threat level values received and corrected' mesages.
What does this message mean?
Best Regards
Hi ,
There is many type of connector installed. I didn't find out connector name. Please provide file name or file path of smart connector. However we find out smart connector name.
Hello,
thank you for giving me an idea on the instructions to follow to achieve the following diagram:
1- collect logs from the AD server to a server_X located at the same private VlAN.
2- collect AD logs from server_X to another server in public…
Hello,
I have integrated oracle 11g r2 with arcsight smatconnector audit DB I have receiving only 3 types of logs(LOGON , LOGOFF, LOGOFF BY CLEANUP) .
Can any one suggest me what is this logs and how i will get other logs like select ,update, create…
I'm having some troubles with the flexconnector. I did the parser file but everytime I run the flexconn and I send some SSH Logs the parser do not work.
My parser file is called Vendor_syslog.subagent.sdkrfilereader.properties.
I modified in agent…
oracle db integration with audit_db.
Run the script at command prompt from the ARCSIGHT_HOME/ current/agent/config/oracle_db directory: Sqlplus "sys/ as sysdba" @oracleAuditing.sql
Where i need to run the above command on database or agent server…
I'm demo office365 and try to collect log by arcsight connector.
I'm do follow by config guild but i found a verify can't pass. The error display is " cannot retrieve access token due to com.microsoft.aad.adal4j.authenticationexception"
Please hekp…
Hi, Can anyone suggest how we can monitor FIM related logs in Arcsight SIEM
currently we are getting generic logs such as login and logoff etc.
Any help will be appreciated.
Thanks,
Anup Saroj
Good afternoon, colleagues. Has anyone encountered this problem: There are several databases on one SharePont server. Each database belongs to a specific system. MS Sharepoint BD agent is connected to SharePoint. The problem is the following: In the received…
Dear everyone,
I have a question about cut off some fields in logs like this:
- My Firewall send logs to Connector
- Now, in log files, there are some field I dont need to collect.
So how to delete that fields before Connector send to Logger…
I'm trying to parse a timestamp in a JSON parser, but I'm not having any luck despite trying various things in the dev guide.
Format: "2022-05-16 19:54:25 +0000 UTC"
My token: token[2].name=backend_timestamp token[2].type=String token[2].location…
Good day. I have created an sdkrfilereader to parse some Cold Fusion Apache Logs from Seven different servers via File Shares. Works well for a period of time then some just stop sending events. I checked and found several hundred FileReader.exe processes…
Dears, What is the value of max.threads.count and servletcontainer.jetty311.threadpool.maximum in server.properties In case there are 65 connector( with 4-10 threads opened for every connector) in the environment, and 20 console? Thanks in advance,
…
Is there any way to use event field value instead token to identify event pattern and process it by submessage.
Unfortuntantly this trick doesn't work:
submessage.messageid.token=event.deviceEventClassId
Could someone share with me in what order Flex Connector process the parser, maps and other parser configuration files?
As far as i know mapping occurs after parsing. Can i change this order?
I'm working on parser now for logs those have no actual…