Hi,
I have a use case where I want to create dashboards using data from an Active List in ArcSight.
My questions are:
Can I create the dashboard using active list in Logger?
Which components of ArcSight can I use to create dashboards with Active…
Hi,
I have a use case in which I have scheduled a script integration command using a rule. The script command returns result data, and I would like to use that data to create a dashboard.
My question is:
Where can I store the result data from the…
Hello,
I had to use the logger forwarder to send UDP CEF over syslog.
The challenge here; Can we control the EPS out as the receiver server has an incoming EPS in Validation?
Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
Hello, I need your advice.
I don't know enough about such things, so please advise. I received a letter from ESM with a warning: EventArchive location /opt/arcsight/logger/data/archives/ has used 99% of the cap space. Please free up some cap by moving…
Hey guys.
I have a syslog connector with problems processing an event with more than 4000 bytes, how can I solve this?
I knew that adding the following parameters would solve it.
size.validation.fields and size.validation.sizes to 10,000
Is there…
Hello, Is there any way to find out what user is configured in Logger under ESM Destination ? Once the ESM destination configuration is complete, it is no longer possible to view the settings, only port,host and names.
Hello, I do not understand how user for ESM forwarder works. I have LDAP bind configured in ESM. However when I am use ESM destination with with domain account I get connection refuse on ESM forwarder (ESM certificated is imported in Logger). I had to…
Working with Support, but figured I would post here to see if anyone has encountered these errors. The main logger log is completely full of these, and doesn't allow the interface or network services for the Logger App to function. It appears to be DB…
Hello Guys, I lost the password to access the web logger GUI and the forgot password feature was not enabled. He has a Virtual Arcsight Logger. i can login with root credentials, so how do i reset password or create new user for web logger from CLI. The…
Dear Experts,
I hope all is well.
Kindly, I need to build a pool of logger (One Search head and Two Data nodes). Also, I have an appliance logger which has already data almost one year.
Q:- Can we install a search head and one data node as software…
Hello, I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ? As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk. Also when…
I currently have Logger installed on an ec2 instance that is configured to re-spawn Logger if terminated using a bootstrap script. However whenever the instance is rebuilt all the Logger configuration is wiped out.
I'm aware that I can backup this configure…
Hello Guys,
I am wondering why there are two different dashboard items in the logger (the search dashboard and the report dashboard) as they can do the same things.
Also, two different data sources (Logger Report DB and the logger searchDB).
…
Hi Community,
i wonder why device address and device hostname is coming Null in many connectors,
is there a way to figure out the root cause of that.
vtham1
vitz1
Dear Community,
Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK)
Logger version : 7.2.2
ESM Version : 7.5
Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
Hello Experts
Kindly, when I logged into my logger appliance, I faced a warning about database defragmentation
Q:- What is database defragmentation, and How to resolve it?
Hi Experts,
we are planning to take a configuration backup for arcsight products:
first connector (we have already take a container backup from the ArcMc ) .
Q:- how to restore that container backup?
secondly, for ESM we took the system…
Hello, I create a alert for windows user lock. the alarm works without any problems, but the log comes as raw data in the mail. Can we ensure that only the fields we specify are sent in the mail?
Hello team,
We have faced some issue on the Logger. Logger version is 7.2 and software. When I try free search I faced " Encountered an error while executing the search [sessionId: 2000001]" and search is not running. I checked search dashboard but…
Where can I verify the version after updating my logger.
I would expect the product version to change, but this way I can't control it.
Thank you for your answers
Hi All..
ArcSight newbie here.. I am trying to create a report/dashboard of logger uptime / ESM uptime.
I have checked the logger documentation, searched previous Q and A.. but no luck.
Could you please suggest me how to get a report/dashboard…
Hi,
Would like to check if anyone knows what is the highest EPS achievable with VM software loggers, if cpu/memory/storage/network bandwidth is not a concern and can be provisioned as needed?
Given enough resources, there should not be a contraint…
We are thinking of considering between logger software and hardware appliance. Our concern is to reduce the hardware footprint and would prefer the software logger. So would like to check what are the limitations of software vs hardware logger in term…