• Control EPS Out Logger

    Hello, I had to use the logger forwarder to send UDP CEF over syslog. The challenge here; Can we control the EPS out as the receiver server has an incoming EPS in Validation?
  • Logger - EPS out not working

    Dear Community, Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK) Logger version : 7.2.2 ESM Version : 7.5 Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
  • HOW TO - Forwarding from Logger to ESM

    Step by step process for setting up a forwarder from Logger to ESM Please note that the images and process reflects ESM 6.9.1 and Logger 6.3. For other versions, please check the documentation for any changes, but the overall steps should be very similar…
  • Forwarding Logger events to McAfee ESM (Receiver)

    Hello, I am collecting logs from domain controllers and other log sources to an ArcSight Logger. When forwarding those logs to McAfee Receiver, they all are showing as coming from Logger IP address. When I am looking into raw packet, I can see the original…
  • Long-term Storage for alert data using the ArcSight Forwarding Connector

    Organizations often need to retain ESM-generated alert data for a longer period of time than the ESM retention will allow . Provided you have a Logger in your environment , you can leverage the Logger for long-term storage of correlated events with the…
  • Periodicity of Full GC on Logger Forwarder Connector

    Hello, We are in the process of fine tunning the Logger Forwarder Connectors of one of our costomers. We did the following changes: - Changed the Batching, from 100 events in 5 seconds to 300 events in 5 seconds. - Disabled syslog.parser.multithreading…
  • Importing Receiver configuration to another instance of Logger

    I am in the process of standing up new ArcSight Logger Appliances.  The thought came to me that I might be able to copy the Receiver/Forwarder folders/files from my current Logger to the same directory on the new one and if I did that it would possibly…
  • can i filter out events on connector appliance

    @hello everyone, I have a logger appliance can I use it to filter certain events to be pushed to the ESM? Scenario : All events from smart connector assume 100 events are collected on the logger appliance. I need to only filter 30 of those events to be…
  • Possible to forward events from one Logger to another Logger (5.3 )

    Is there any way I can setup a forwarder to send logger events to another logger as if the destination were an ESM? It seems really simple, but there doesn't appear to be an official path. I was thinking of using Connector Forwarder or TCP Forwarder on…
  • Create ESM Forwarder to send only correlated events and the events that triggered them?

    Would it be possible to setup a filter for an ESM filterer to only send correlated events, but also the events that triggered them. I envision an analyst being able to click the correlated event forwarded from another ESM and see the detailed correlation…
  • Issue with Forwarding Connector/ESM destination on Logger

    We had an issue with our Logger running out of space on the root volume last week. Since correcting that issue and getting Logger back up and running our forwarding connectors are now no longer working. Our ESM destinations are not showing up on the logger…
  • Regex or Unified on Forwarder Filter Query

    I have a pretty complicated regex query on some of my forwarders and notice that during peak times the forwarder performance definitely suffers. I understand this is due to high cost of regex queries running against the DB, however up until very recently…
  • Logger forwarding connector shows dropped events, does adjusting the cache size work for the Logger forwarder the same as for all other connectors?

    I have a Logger with a forwarding connector sending events to my ESM. The ESM Connector Status admin dashboard shows that the Connector is "dropping events" ( device Event Category = Agent/Cache/Dropped). I thought about adjusting the cache size from…
  • Is there a way to parse events on ESM based on Logger's Recievers?

    I want to be able to filter events in ESM from a specific receiver/forwarder. For a simple example, lets imagine I have a windows-A receiver on logger and a windows-B receiver on logger. I would like to only see events coming from windows-A receiver on…