• Creating Dashboards Using Active List Data in ArcSight

    Hi, I have a use case where I want to create dashboards using data from an Active List in ArcSight. My questions are: Can I create the dashboard using active list in Logger? Which components of ArcSight can I use to create dashboards with Active…
  • Storing Script Command Results for Dashboard Creation in ArcSight

    Hi, I have a use case in which I have scheduled a script integration command using a rule. The script command returns result data, and I would like to use that data to create a dashboard. My question is: Where can I store the result data from the…
  • Control EPS Out Logger

    Hello, I had to use the logger forwarder to send UDP CEF over syslog. The challenge here; Can we control the EPS out as the receiver server has an incoming EPS in Validation?
  • Logger communication to ESM disrupted due to CA update

    Issue occurred when I updated the CA for Logger which stopped the SmartConnectors from forwarding to the Logger receivers, this was fixed and are now working, however I have a forwarder to ESM which has stopped working, how do I update ESM keystore to…
  • What it is ? Why is it needed? How critical is it?

    Hello, I need your advice. I don't know enough about such things, so please advise. I received a letter from ESM with a warning: EventArchive location /opt/arcsight/logger/data/archives/ has used 99% of the cap space. Please free up some cap by moving…
  • Field [rawEvent] truncated Limit

    Hey guys. I have a syslog connector with problems processing an event with more than 4000 bytes, how can I solve this? I knew that adding the following parameters would solve it. size.validation.fields and size.validation.sizes to 10,000 Is there…
  • Logger ESM destination configured user

    Hello, Is there any way to find out what user is configured in Logger under ESM Destination ? Once the ESM destination configuration is complete, it is no longer possible to view the settings, only port,host and names.
  • Logger to ESM forwarder user

    Hello, I do not understand how user for ESM forwarder works. I have LDAP bind configured in ESM. However when I am use ESM destination with with domain account I get connection refuse on ESM forwarder (ESM certificated is imported in Logger). I had to…
  • ArcSight Logger (8441) Java Errors - Invalid gzip Header (Among Others)

    Working with Support, but figured I would post here to see if anyone has encountered these errors. The main logger log is completely full of these, and doesn't allow the interface or network services for the Logger App to function. It appears to be DB…
  • How to create or reset an account password for the logger user interface from the CLI

    Hello Guys, I lost the password to access the web logger GUI and the forgot password feature was not enabled. He has a Virtual Arcsight Logger. i can login with root credentials, so how do i reset password or create new user for web logger from CLI. The…
  • Logger Peering (Software Logger AND Appliance Logger)

    Dear Experts, I hope all is well. Kindly, I need to build a pool of logger (One Search head and Two Data nodes). Also, I have an appliance logger which has already data almost one year. Q:- Can we install a search head and one data node as software…
  • Use root or non-root user for clean install ?

    Hello, I am going to install new Looger,ESM and ArcMC. I am not sure which user should I use ? As I understand when using root I can use lower ports and it is easier to register service to the system. However there is potential security risk. Also when…
  • Automate the depoyment of ArcSight Logger backup configuration - ArcSight Logger 7.2.2

    I currently have Logger installed on an ec2 instance that is configured to re-spawn Logger if terminated using a bootstrap script. However whenever the instance is rebuilt all the Logger configuration is wiped out. I'm aware that I can backup this configure…
  • ArcSight Logger Search and report

    Hello Guys, I am wondering why there are two different dashboard items in the logger (the search dashboard and the report dashboard) as they can do the same things. Also, two different data sources (Logger Report DB and the logger searchDB). …
  • Methodology to figure out Device address and Device HostName is Null

    Hi Community, i wonder why device address and device hostname is coming Null in many connectors, is there a way to figure out the root cause of that. vtham1 vitz1
  • Logger - EPS out not working

    Dear Community, Our Arcsight logger rebooted and after that, we had no more EPS Out. (EPS in are OK) Logger version : 7.2.2 ESM Version : 7.5 Our logger si sending the logs to our ESM. The Logger have the log, but they never leave the logger and…
  • database defragmentation

    Hello Experts Kindly, when I logged into my logger appliance, I faced a warning about database defragmentation Q:- What is database defragmentation, and How to resolve it?
  • Configuration backup ESM

    Hi Experts, we are planning to take a configuration backup for arcsight products: first connector (we have already take a container backup from the ArcMc ) . Q:- how to restore that container backup? secondly, for ESM we took the system…
  • Logger Realtime Alert Mail Format

    Hello, I create a alert for windows user lock. the alarm works without any problems, but the log comes as raw data in the mail. Can we ensure that only the fields we specify are sent in the mail?
  • SIEM on RHEL 9.1

    Hello, will be problem install ArcMC, ESM and Logger on RHEL 9.1, since in documentation is mentioned only RHEL 8.6 so far. Regards Jan
  • Logger 7.2 Invalid Session Id

    Hello team, We have faced some issue on the Logger. Logger version is 7.2 and software. When I try free search I faced " Encountered an error while executing the search [sessionId: 2000001]" and search is not running. I checked search dashboard but…
  • Software Logger Patching

    Where can I verify the version after updating my logger. I would expect the product version to change, but this way I can't control it. Thank you for your answers
  • ArcSight logger uptime report/dashboard

    Hi All.. ArcSight newbie here.. I am trying to create a report/dashboard of logger uptime / ESM uptime. I have checked the logger documentation, searched previous Q and A.. but no luck. Could you please suggest me how to get a report/dashboard…
  • Software Logger max EPS

    Hi, Would like to check if anyone knows what is the highest EPS achievable with VM software loggers, if cpu/memory/storage/network bandwidth is not a concern and can be provisioned as needed? Given enough resources, there should not be a contraint…
  • Logger - software vs hardware appliance

    We are thinking of considering between logger software and hardware appliance. Our concern is to reduce the hardware footprint and would prefer the software logger. So would like to check what are the limitations of software vs hardware logger in term…