• Send logs to ArcSight by NXLog

    Hello, I need your help. I am interested in the process of configuring ArcSight to receive the logs it collects from the system. (Important note: collects logs in one system and sends to another). I would be grateful for a detailed description of how…
  • ArcSight ESM, logs getting

    Hello everybody. I am new to this field of activity. Please tell me, I have a task to get system logs (any) from one Linux system to another (where ArcSight is installed). Of the available tools, I only have the SuperConnector, which contains only the…
  • Parsing Logs Palo Alto

    Hi, This situation looks like old, but we've recently added Palo Alto logs to the ESM and all requestUrl fields have "" - quotes I used the solution that was on this forum but something must be missing: https://community.microfocus.com/cyberres/arcsight…
  • Arcsight flex connector no events

    Hello, I have created ArcSight FlexConnector Multiple Folder File, sdkfilereader. Reading csv file, which contains for example: LogEntryEntityId,EventDate,Text,DisplayName,Name,Mail,Login,Flag parser.sdkfilereader.properties delimiter=, text.qualifier…
  • CEF parser Override for PaloAlto System messages

    Hello, I am facing an issue to create a parser subagent for CEF syslog messages. 1- I created a subagent file and placed it under ..\current\user\agent\flexagent\syslog 2- I named the file PaloAlto_syslog.subagent.sdkrfilereader.properties 3- I modified…
  • windows logs application CEF Format

    Hi I need help in parsing windows event application log that includes CEF format logs, below a sample of windows application logs : {"System":{"EventId":"2","Version":"","Channel":"Application","ProviderName":"SWIFTNet Link","Computer":test-1","EventRecordID…
  • Track event differences on Logger

    Hello, I was wondering if it is possible to display differences in logs via a dashboard? Kinda like a trend in which you can check if specific events are not sent in the e.g. last 1 hour.
  • Manually adding Logs to Arcsight Logger

    We have a 2GB Windows Log file that we want to add to Arcsight Logger. How can we add logs manually?
  • DHCP logs not seen on logger

    Integrated Microsoft DHCP Server with SmartConnector server by sharing DHCP files on the software smartconnector server. Initially, logs were captured and relayed to logger, however, relay had stopped now and receiving only connector statistics in logger…
  • Internal logs for logger activities

    Is there any logs there in loggers internally for logging the search activities , saved searches, scheduled searches, job Id, history of search parameters., etc
  • Import of Windows Event Logs (evtx) and Oracle DB Audit Logs

    Hi All, Due to special circumstances, would like to check if it is possible to import the following into ArcSight: Windows Event Logs (evet) Oracle DB Audit Logs We have both of the logs backup and we require a way to import it into ArcSight. Any help…
  • What is the Compression Mode and how is it related to caching of logs?

    Can someone briefly explain a real time scenario of how compression mode is done. Is it anyways related to caching of logs ? if not when caching happens and what are all the scenarios it can happen.
  • how can I force my WUC to read the missing logs from all the servers?

    my connector by unknown reason went down on weekend so I have no logs from my servers for almost 2 days, I restarted and everything is up and running also checked the servers and the logs are there also I've read that the connector should get those logs…
  • Siebel logging

    Hi to all. Is there anybody who collects events from Siebel CRM? Found old unanswered and uncommented question My problems are: I'm not a Siebel admin/developer. And customer does not give me direct access to Siebel application and database (dev/test…
  • Juniper VPN Logging - found document outlining juniper event ids and formats

    I found this useful after scouring the internet and asking juniper support for this kind of documentation (which they said they didn't have). Hopefully this proves useful to more than just me If you have specific event ids and or filters which you use…
  • ESM Log Question

    Good Morning All, I am having an issue with a specific rule firing but not sending the notification attached to it. I can see the rule fire in my rule tracking dashboard and see the notification in the notification's tab. I am not receiving the actual…
  • Windows Unified Connector (WUC) missed logs on connection loss (eg log source reboot)

    It appears to me that if the Windows Unified Connector connection to a log source is broken logs will be missed. I've seen this happen when the log source is rebooted (as in the example below), and also when I manually reset the connection (via dsniff…
  • logs.zip

  • IBM Sterling B2B Integrator

    Hello, Is anyone using the product " IBM Sterling B2B Integrator " for file transfers? If so, I want to know if you figured out a way to show source IP address in the access logs for ssh login attempts? Secondly, have you integrated the logs with Arcsight…
  • Is there a way to tell my SmartConnector to re-process a folder?

    One of my SmartConnectors was down for a while, and when restarted, it didn't process the logs for the timeframe it was down. The logs are still there - I just don't recall (if I ever knew) how to tell it to reprocess the old logs.
  • Missing source and destination address on windows event logs

    I installed the connector (latest version 6.0.2) “Microsoft Windows Event Log – Local” on a win server 2008 and starting it as a service. I recognized that the source addresses are missing, in particular in the events “The Windows Filtering Platform has…
  • Is anyone collecting all Laptop & Desktop Security logs

    This is a new requirement in our organization. Wanted to see if anyone has already tackled it. We cannot do it using WUC out of the box, as it would be problematic with offline devices. Other option is potentially to get desktops and laptops to forward…
  • No device logs received

    Hi All, We just installed a smartconnector on a Solaris Box to pull logs for Oracle Audit DB, all the steps were followed as stated in the config docs. but there are no logs shown on the console. All we see is "Connector Raw Event statistics" as attached…
  • Best Practice: ArcSight Backups of Logs and Appliance Configs

    I just began utilizing ArcSight. I wanted to get other individuals perspective on what the best practice is to backup the captured logs and the appliance configs? I need to retain the logs for at least 5 years on tape. I know ESM is a relational DB, but…
  • get sar logs into syslog

    I want to import sar logs from my linux esm server....any one know of a way to import those logs? or a better way to monitor the system performance on the esm server?