• ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • Lessons Learned: ConnApp to ArcMC Migration

    Starting this thread to help out anyone who is looking at a ConnApp to ArcMC migration experience. Overall I found that if you paid attention o the documentation you'll find that the overall process is not difficult, and can be done relatively easily…
  • Mount Issue for File reader connector in connector appliance

    I currently have a connector appliance(c5000) running v 6.0.5. My issue is that we are using File reader Connector where in log source has to be mounted on connector appliance (CIFS log source). I am facing issues with mounting the share's where I tried…
  • Rotation schema parameter for Microsoft IIS Multiple Server File

    we installed "Microsoft IIS Multiple Server File" connector to receive IIS log files. I want to know, What is default rotation scheme for Microsoft IIS Multiple Server File connector? If rotation scheme is Daily then how to change it to hourly basis for…
  • Cant get filtering working on connector appliance

    Hi all, I'm trying to filter events and prevent them from reaching our loggers. I have read other forum discussions and read the " Connector Appliance – Connector Filter Out Conditions Syntax" document. We are requried to put our arcsight infrastructure…
  • Connector Appliance Upgrade - Migrating Connectors

    Is there any guidance for migration of connectors to an upgraded connector appliance? Does anyone have any experience with this that they can share? I have found the options to export/import the remote management configurations but have not been able…
  • Schedule Backup Software Connectors

    Need to backup software connectors that are managed from a connector appliance. This can be done manually on a connector appliance Set Up > Repositories > Backup Files > Retrieve Container Files > Next > Select the Container Files How can this be scheduled…
  • Windows Unified Connector service is not starting

    Hi, I have tried to start the connector service and it didnt start. Please find the attached log file and help me to fix the issue. Kindly let me know if you need any more info on this. Regards, Kannan [2013-11-11 05:29:31,124][INFO ][default.com.arcsight…
  • Logger reboot

    Hi, Our logger re-started indexing yesterday morning which usually happens after reboot of the logger. Which events exactly do I have to search for to make clear what really happened ? We run the Logger appliance v5.3.1.6838.0 Unfortunately, I can't simply…
  • Delimiter in Value of a key-value file reader

    I'm trying to update a syslog subparser to cover an additional case. It's a key-value file reader-type parser. key.delimiter=, key.value.delimiter== key.regexp=([^=,]*) However, I'm running into a problem where the VALUE of one of the pairs contains the…
  • FlexConnector Troubleshooting

    Hi all, I have an issue with a FlexConnector I have deployed in a Connector Appliance, and I hope you can help me ;D I have used the FlexConnector Wizard to create a file based FlexConnector. The Connector Appliance receives these logs using the FTP server…
  • ConnApp Parser Override Repository deletes the whole fcp directory

    Hi All, I am trying to understand what the logic behind the way the connapp manages the repositories. For example, I have a bunch of parser overrides and if I push two overrides to the same container, the second wipes out the first. This means that I…
  • Connector Uncontrolled "Pause"ing

    Has anyone else experienced a Connector (Database) which - for no apparent/obvious reason - goes into a "paused" state when looking at the status in ESM? From what I can tell, the Connector stops sending its logs to the destination and begins to queue…
  • Connector Appliance Help

    We upgraded our connector appliance from 6.3 to 6.4 and it completely blew up our production server. I logged into the CLI via our iLo and it appears our default gateway was forever lost. I called HP and they stated it's a 'known' issue and the latest…
  • Change container certificate from self-signed to CA signed on connector appliance.

    Hello, for security policy reasons my client doesnt want to use self-signed certificates to communicate the log sources and the Arcsight components. We've generated a CA signed certificate for Connector Appliance but, the certificate that present the…
  • Cyclic DNS Requests

    Hi all, If: 1) You log DNS requests and 2) The DNS logs that you recieve contain the requested URL but not the IP address that this URL resolves to and 3) You configure a connector to have name resolution enabled and 4) You configure that connector to…
  • " and " -- what's going on?

    I'm hoping that someone can help me here because I'm scratching my head.... I'm trying to put a filter onto one of my Connectors (though an ConApp) and keep running into a trouble. The filter has a list :: name In ("Option 1", "Option 2", "Option 3) and…
  • Apache HTTP Server Access File

    Hi, I have multiple instance of Apache running on one Windows box. I would like to collect the log for each instance. How can I do that? Should I install as many as smartconnector instance of Apache? In addition, I have a connector appliance. Can I install…
  • Connector Appliance Backup Processes

    There appears to be a bug in the Connector Appliance backup UI. When you set it up to back up only the config (no events or cache data), then go back to change the configuration, it reverts back to "all" for the backups. This caused us to set a very busy…
  • Connector Appliance - editing names of hosts/locations and changing sort order

    Hello, I have tried to update the file connector_config.xml on the conapp to change the ordering of the display of hosts/connectors as registered on my conapp, but some other process just writes over my changes. Does anyone know how to make the changes…
  • Connector Appliance 5400 v 6.3 Web GUI not accessible

    After rebooting the connector appliance is not accessible. Every time i have to take console from the appliance and set default gateway. Can anyone help ?
  • subagent flex connector issues

    I've been having some issues with a the flex connector i've been trying to create. Each time I push a log through, it takes on the generic "UNIX" header rather than the cise_syslog sub parser that i've created. I've attached my agent.properties file as…
  • C3200 Connector Appliance Remote Managed Connectors

    Hi guys, I cant find a definitive figure for how many remote software connectors a C3200 appliance can manage? Would anyone have any experience of realistic limits? Thanks in advance! Tom
  • Uploading .sdktbproperties file to the appliance

    Hi all, Im attempting to create a multi-DB flex connector to a SQL2008 database with the connector appliance v6.2.0 however im running into a few issues - mainly the error; Connector table parameters did not pass the verification with error [No database…
  • Splitting the syslog feeds from inside of the connector appliance

    So here's the situation: We have a checkpoint firewall management server that takes feeds from a few other checkpoint firewalls combines the feeds(roughly 4 server logs), then sends events directly to our connector appliance. I have a request send 2 of…