• ArcSight Threat Intelligence Feed/Galaxy SmartConnector

    ArcSight Threat intelligence Feed or GTAP suddenly stops sending logs to the ESM server, even though the connector status shows as running. When I check the logs, only the connector statistics are displayed. I attempted to reinstall it, but I couldn't…
  • How to keep device-id field value after adding a raw syslog destination in a Syslog Connector?

    Hi I have a Syslog Daemon Smart Connector receiving Syslog events from Fortigate. I want to forward all events to Splunk Enterprise as "Raw Syslog". But my purpose is keeping the "device-id" field value in Syslog Format like originally received events…
  • Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight?

    Hi All, Query1) I want to integrate MDM_Mobilr Iron 3.0, any supported document avaliable, coz I dint find so. I require to know the process and changes/settings needs to be done at Mobile Iron to get the parsed logs to Arcsight. Also what connector we…
  • Which logs to consider for SIEM?

    Hello All, Has there been any discussion here on Protect, as to what types should be forwarded from various sources? For example, even if the source device is set for a particular logging level, what should be filtered out considering from a security…
  • Logs protected within ESM Manager CORRe

    Hi all, For an audit happening at my workplace I need to find something documented that describes how logs are protected from being tampered with, within CORRe storage. Can someone point me to something that may exist? My understanding is that they are…
  • IIS Custom Field Rename .log Files, Breaks SmartConnector

    Hello, using IIS smart connector 7.1.4 on a Windows 2012 server box collecting IIS logs. I had to add a custom field for collecting the true client IP address and in doing so, windows appends "_x" to the log file - so "u_ex15121113.log" becomes " u_ex15121113…
  • Verdasys(digital gaurdian) Admin logs

    Hello Dears, I would like to know if there is any one who is capturing admin activity logs from Verdasys Digital gaurdian. Regards, Rajveer.k
  • Getting file logs under File Server with ArcSight

    Hi, I m trying to get file logs under the file server with Arcsight? I want to see every file changing (read, write, copy, rename, etc,,) by any users on logs. for example: C:\ arcsight\filesrv\cagatay\... I want to see cagatay's  every logs (file of…
  • Event Collector for Windows Event Forwarding - Windows OS Version

    1. Windows OS version host information: We would like to take advantage of AD for source host information of the workstations which are collected via the WEC. However, we want to be clear of the functionality of the Forwarded Event Collection Parameters…
  • Log DNS disappear

    Good Morning I have a problem with the connector, I have mount a remote host where is locate the DNS log, when I run the service of the connector at linux server, the log disappear. I checked the fstab and I have the correct path of remote host, I checked…
  • Microsoft Windows Event Log – Unified

    Is WinRM protocol supported by connector 6.0.7 Microsoft Windows Event Log – Unified?
  • persisted iis log files behavior

    hello, I'm having some issues while configuring a iis_multiserver connector, I'm reading log files from IIS 7.5 by mounting the log directories read-only from the IIS servers to the connector appliance. Everything seems to be working, but if I restart…
  • What does the "last message repeated __ times" message mean?

    Hello guys I have a log message I never really understood. I am looking at a log from this unix machine but all I can see is "last message repeated 2 times" in the name field and "Message forwarded from hostname__" in the deviceCustomString1. Does anyone…
  • Any other way to log into ArcSight ConApp or LogApp?

    Hello, Issues: -Cannot log in via SSH -Cannot access through DRAC (viewer won't launch) Attempted: -Tried to log into directly to the console by connecting a keyboard to the box, tried to use the default root/password combo >> unsuccessfull -Tried a series…
  • Log Format

    Hi All, From past few days, we are receiving the non-readable format logs from one of our multi folder flex connector. Before, we were receiving properly. Kindly help me on this. Thanks, Punith
  • Flex Connector(Log Line) not fetching events once file is updated

    I have a static log file (XYZ.log) which updates every 30 mins. It has 19 lines of data. I created the flex connector and have SUCCESSFULLY managed to send the events to the console however the connector does not fetch data each time the log file is updated…
  • Add DHCP logs to existing SmartConnector

    When we install the ArcSight smartConnector we only get the option to install one type of connector. We need the System, Application and Security logs from the Windows 2008 R2 server, but we also need the DHCP logs. How do we add this additional log type…
  • Flex Connector for Static log file

    Hi, I am very new to Flex connectors. I have a static log (xyz.log) file which updates every hour. It has around 6 lines of data. I created the flex connector and have SUCCESSFULLY managed to send the events to the console. The problem I am facing here…
  • How to ArcSight get log all devices ?

    Hi everyone, I'm new with Arcsight, I have some questions. Please help me answer. Arcsight have two way to get log all devices : - Get : ArcSight Connector will go to device that needed to get log - "i don't remember name of this way" (maybe push) : device…
  • Stop getting log events from a specific device

    Hi All How are create notification about it when I stop getting log events from a specific device ! example please ! Thanks All
  • Flex Connector parsing log file (CSV)

    I installed the flex- connector to parse log file (.csv). Then I have configured it with the wizard , but nothing happens - the parser does not parse the file contents. Can anyone help me. Aleh.
  • Enhancement Request - Log interruption detection from end device

    Hi All, I have submitted one ER to HP and here are the details. I would like to hear your thoughts on this. Please provide your inputs on the problem and solution suggested. PRODUCT INFO: ArcSight Component: ESM Sub-Component: 5.0.2.6731.1 Operating system…
  • [SmartConnector] VMware Web Services

    I was looking through the VMwareWebServicesConfig.pdf in SmartConnector Guide 5.2.3.6281. in order to obtain the logs, we need to specify the following in the connector: host (hostname of the vSphere server) username: password: my question would be, what…
  • RACF Log Collection

    Hello All, We have integrated RACF recently with ArcSight, But I facing an Issue that the logs are all in Special characters could anyone please help us solving this. The Log enabling and Implantation Procedure followed and in the raw log also I see the…
  • Centrallized logging via ssh to CEF format to send to Logger

    Is anyone using some type of a centrallized logging solution (in house, open source, or commercial product) which then converts to CEF format and forwards to ArcSight Logger? Looking for suggestions or comments around a solution to pull multiple (and…