Every time when start Connector Service.. same message appears on Log file agent.out.wrapper.log and really service Connector not starting.
WARN | wrapper | 2025/01/07 19:40:36 | The "wrapper.ntservice.name" property was redefined on line #134 of…
Hello, guys, I need your help.
In CentOS after installing SmartConnector and running ./runagentsetup the process of connector configuration stops at this point:
Assuming ARCSIGHT_HOME: /home/user/ArcSightSmartConnectors/current Assuming JAVA_HOME…
Hi,
Does anyone know how to create a source connector local CSV destination from ConApp ArcMC C6700?
Once upon a time it is possible to create a local CSV/CEF file destination by running the runagentsetup > create destination from the source connector…
Hello,
I tried to mapping with ngmappings.adatamappings.propherties file.
I want to map ad.cyberxrayurl and ad.domain fields to searchable fields.
event.deviceCustomString1 =ad.cyberxrayurl event.deviceCustomString2=ad.domain
these lines are…
Hello, where can I download atap connector ? I cant see it in SLD portal nor in classic SmartConnector installer. https://www.microfocus.com/documentation/arcsight/galaxy-gtap-2.0/gtap-2.0.1-admin-guide/#gtap-smartcon/install-configure-connectors.htm…
Hi Community,
i wonder why device address and device hostname is coming Null in many connectors,
is there a way to figure out the root cause of that.
vtham1
vitz1
Are there any configuration guides from Microfocus for Vision One? I have been searching for documentation from Microfocus on this product but haven't been able to find anything. We have deployed the Vision One Service Gateway, which can output syslog…
content in deviceAction field from my log is longer than smartconnector can parse it into CEF field. Only 63 bytes from my log is in parsed CEF log. Can I increase size of CEF field that result from ArcSight SmartConnector?
Example (source log format…
Dear All
I am facing issues with Windows Native SmartConnectors. Most of the windows devices integrated are throwing the event very late.
Suppose an event is generated on a device at 12:00 hours, it reaches ESM next day. I can see a delay of almost…
Hi, Understand that currently the WINC smartconnector 8.4 only supports 128-bit ciphers, which is an issue on hardened systems using only 256-bit ciphers. Does anyone encounter the same issue and if there is any roadmap for supporting 256-bit ciphers…
Hi guys,
we are forwarding Linux syslog via Logstash to the ESM.
I now want to useArcSight's default Unix Syslog Parser as extraprocessor that takes the actual Unix syslog and parses it properly.
An example log:
CEF:0|Elasticsearch|Logstash|1…
Trying to add new parameter to collect windows log from windows server 2019 and got 2 errors:
i) Connector did not pass the verification with error [1:Encountered 1 error for command [GetLogAccessValidationResult]
Host: xx.xx.xx.xx
ii) Cannot retrieve…
Hi,
I'm trying to get an ArcSight SmartConnector (FLEX) to connect to a MYSQL databse to pull some data from a table.
I have followed the guide from the FelxConnector ev guide, and copied the latest release of the MySQL jdbc driver to the /opt/arcsight…
Hello everyone,
I'm writing multiline parsing, but get error: Message did not match the common regular expression
Does anyone got this error before? And how to fix it?
Please help me!
There are some information:
Hello,
thank you for giving me an idea on the instructions to follow to achieve the following diagram:
1- collect logs from the AD server to a server_X located at the same private VlAN.
2- collect AD logs from server_X to another server in public…
Hello,
Can someone help with a rule that can be created when a device stops sending logs to a connector on Arcsight Console even when the connector is active and running
Is there somewhere a proper documentation for the Test Connector?
I only found one from 2010 [1] which is not working for me. I installed the connector but it is shown as down continously in ESM. The service on the SmartConnector's server is running…
I'm having some troubles with the flexconnector. I did the parser file but everytime I run the flexconn and I send some SSH Logs the parser do not work.
My parser file is called Vendor_syslog.subagent.sdkrfilereader.properties.
I modified in agent…
Hi, Can anyone suggest how we can monitor FIM related logs in Arcsight SIEM
currently we are getting generic logs such as login and logoff etc.
Any help will be appreciated.
Thanks,
Anup Saroj
I'm trying to parse a timestamp in a JSON parser, but I'm not having any luck despite trying various things in the dev guide.
Format: "2022-05-16 19:54:25 +0000 UTC"
My token: token[2].name=backend_timestamp token[2].type=String token[2].location…
We have several SmartConnectors with multiple Logger destinations and one of our loggers is currently having an issue. I would like to stop the flow of events to that single logger but keep events flowing to the other loggers. Trying to prevent the cache…
Hi
Recently we are getting Unparsed Syslog Events but few days ago we got the right logs.
Unparsed End Device Like Cisco Swith-Routers, Cisco FTD etc. even some applications.
So, can you please suggest me how can i solve this problem !!!!
…