Hello,
I had to use the logger forwarder to send UDP CEF over syslog.
The challenge here; Can we control the EPS out as the receiver server has an incoming EPS in Validation?
Dear Community,
Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK)
Logger version : 7.2.2
ESM Version : 7.5
Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
Step by step process for setting up a forwarder from Logger to ESM Please note that the images and process reflects ESM 6.9.1 and Logger 6.3. For other versions, please check the documentation for any changes, but the overall steps should be very similar…
Hello, I am collecting logs from domain controllers and other log sources to an ArcSight Logger. When forwarding those logs to McAfee Receiver, they all are showing as coming from Logger IP address. When I am looking into raw packet, I can see the original…
Organizations often need to retain ESM-generated alert data for a longer period of time than the ESM retention will allow . Provided you have a Logger in your environment , you can leverage the Logger for long-term storage of correlated events with the…
Hello, We are in the process of fine tunning the Logger Forwarder Connectors of one of our costomers. We did the following changes: - Changed the Batching, from 100 events in 5 seconds to 300 events in 5 seconds. - Disabled syslog.parser.multithreading…
I am in the process of standing up new ArcSight Logger Appliances. The thought came to me that I might be able to copy the Receiver/Forwarder folders/files from my current Logger to the same directory on the new one and if I did that it would possibly…
@hello everyone, I have a logger appliance can I use it to filter certain events to be pushed to the ESM? Scenario : All events from smart connector assume 100 events are collected on the logger appliance. I need to only filter 30 of those events to be…
Is there any way I can setup a forwarder to send logger events to another logger as if the destination were an ESM? It seems really simple, but there doesn't appear to be an official path. I was thinking of using Connector Forwarder or TCP Forwarder on…
Would it be possible to setup a filter for an ESM filterer to only send correlated events, but also the events that triggered them. I envision an analyst being able to click the correlated event forwarded from another ESM and see the detailed correlation…
We had an issue with our Logger running out of space on the root volume last week. Since correcting that issue and getting Logger back up and running our forwarding connectors are now no longer working. Our ESM destinations are not showing up on the logger…
I have a pretty complicated regex query on some of my forwarders and notice that during peak times the forwarder performance definitely suffers. I understand this is due to high cost of regex queries running against the DB, however up until very recently…
I have a Logger with a forwarding connector sending events to my ESM. The ESM Connector Status admin dashboard shows that the Connector is "dropping events" ( device Event Category = Agent/Cache/Dropped). I thought about adjusting the cache size from…
I want to be able to filter events in ESM from a specific receiver/forwarder. For a simple example, lets imagine I have a windows-A receiver on logger and a windows-B receiver on logger. I would like to only see events coming from windows-A receiver on…