• ArcSight CEF Cisco FireSIGHT Syslog SmartConnector - SSL Error

    Hello Team, Whilst configuring the ArcSight CEF Cisco FireSIGHT Syslog SmartConnector using the official guide: www.microfocus.com/.../arcsight-cef-cisco-firesight-syslog.pdf The following error is generated when executing the cef_agent.pl file…
  • rules to send notification with all entered command on cisco device in configure terminal mode

    Good day to everyone! Im trying to create a rule, wich will send a notifications with all entered commands when admin exits configuration mode or issues command " copy running-config startup-config" and wich will delete entries about that device from…
  • Cisco Firepower Integration with ArcSight

    Hi Dears, We need to integrate FirePower FMC version 6.3. with ArcSight What is the techniques to do that? Is there any guidelines or documents to do this ? Thanks in advance Regards, Hany
  • Which of the types of connectors can normalize the Cisco Series ASR9000 logs?

    Hi everyone, I have a Cisco Router ASR9000. From the routers, I send all needed logs to the connector as syslog with local7-debugging severity level. however I can see all logs and captured traffic by tcpdump without any problem. But no logs are normalized…
  • What's the best approach to receive syslog from different network devices?

    I currently have a single connector via ArcMC to receive syslog from Cisco firewalls, but the company will implement more firewalls in the future and some are from Checkpoint. We also have lots of routers and switches from different brands. The only thing…
  • parsing differences between legacy estreamer and new cisco firesight connectors

    We have recently integrated a new Cisco IPS FireSight device using the CEF syslog Cisco Firesight method. We also still have some older Cisco IPS FirePower devices using the eStreamer method. Parsing is a bit different between these by default, and we…
  • Arcsight and CISCO ESA integration

    Hi everyone, I'm having a bit problem making use cases on ESM for Cisco Email Security Appliances. Have configured the log subscriptions, and can see the logs parsed correctly. Even after I configured all types of logs on Cisco ESA, I still can't see…
  • Cisco ZScaler Blocked Events not showing anymore since updated to 7.4 connector

    Does anyone have a parser for Cisco ZScaler ? Since upgrading to 7.4 it seems I have lost some events .. Only reason I can think of is the parser has changed the way its picking things up.
  • Cisco 4451 Syslog Subparser Issue

    My Cisco subparser for 4451 is not working. Here is the raw log: Dec 23 14:39:11 <DeviceIP> 4139677: 4140108: Dec 23 14:39:10.516 UTC: %FMANFP-6-IPACCESSLOGP:fman_fp_image: list 110 permitted tcp <SourceIP>(1207) -> <DestinationIP>(4552), 1 packet I know…
  • P-Sourcefire FireSIGHT

    This is the official forum for discussing the basic ArcSight Activate P-Sourcefire FireSIGHT product package as described in the Activate Wiki .
  • Connector For Cisco UCS

    Hello Everyone, I need to integrate Cisco UCS devices with ArcSight. Does anyone have flex connector/parser for same? Thank you for your help in advance.
  • Cisco FireSIGHT Log Collection

    Just wondering if anyone has used the SoureFire eStreamer connector to collect logs from FireSIGHT? Searched P724 without much luck and FireSIGHT isn't mentioned in the HP Supported Devices link -> http://www8.hp.com/h20195/V2/GetPDF.aspx/4AA5-3404ENW…
  • CISCO ASA NAT Issue

    Hello guys, I'm facing an odd issue (it's odd because it seems that others aren't facing it - information from ArcSight support) with CISCO ASA/PIX equipments. When we receive logs with real addresses and Nated Addresses, they are exchanged in the log…
  • Cisco MARS File connector problem

    Hello, Community! I have problems with Cisco MARS File connector. At first I noticed a huge event flow on this connector. We have 1 file every 10 minutes, so it was very strange... In the connector source folder i saw 1 or more unprocessed file rm-..…
  • Parsing SNMP Trap Log

    Guys, I need a little help getting the following logs parsed into ArcSight. Here is the Raw Log: Rogue AP: 64:a0:e7:da:86:60 detected on Base Radio MAC: 84:80:2d:c3:16:20 Interface no: 0(802.11n(2.4 GHz)) Channel: 8 RSSI: -83 SNR: 11 Classification: unclassified…
  • Cisco WLAN Controller SNMP Traps

    Guys, I'm trying to setup an connector to receive SNMP Trap Logs from our Cisco WLAN Controller using SNMPv2. I believe I'm about 90% of the way there, but for some reason not ALL of the logs are making it into ArcSight. A little history of what's been…
  • IP stack information to ArcSight

    Hello, I have a use case where I want to get information about DHCP entries, MAC addresses and physical switch ports. I am thinking of storing this data in session lists for correlation. Basically we want to get 2 additional information fields with source…
  • Unparsed Event; CISCO NX-OS; syslog 7.0.2

    My syslog 7.0.2 connector recently started getting "Unparsed Event" in the stream to ESM from a host reporting as CISCO, and it used to work correctly.  i.e. 4 weeks ago I was getting "built outbound UDP connection" events correctly, then 2 weeks ago…
  • Cisco ISE 1.2 not able to integrated with ArcSight SmartConnector

    I am unable to receive any logs at my connector server (Windows), I perform the following task: 1. Configured ISE as per ArcSight connector doc for Cisco ISE Syslog using port upd_555 2. I checked the logs at connector server using Wireshark - and Not…
  • Cisco ASA is logging dropped connections. but not accepted connections - Syslog level set to informational

    My Cisco ASA is logging dropped connections. but not accepted connections - Syslog level set to informational. Any ideas on what i can check to confirm this is not being filtered out prior to the display?
  • A parser override for Cisco PIX/ASA

    I was working on VPN content for a customer and found we weren't getting messages showing how the internal IP address is associated with the user. With the 6.0.6 AUP, we kept getting 'unparsed event.' ... after looking at the unobfuscated parser I added…
  • Delimiter in Value of a key-value file reader

    I'm trying to update a syslog subparser to cover an additional case. It's a key-value file reader-type parser. key.delimiter=, key.value.delimiter== key.regexp=([^=,]*) However, I'm running into a problem where the VALUE of one of the pairs contains the…
  • Cisco ISE - MapFile

    Hi all, Im trying to get exptraprocessor mapping working on a flex im currently building and having no luck, I was wondering if anyone had any ideas. My aim is to set the event.name field based on the value of event.deviceEventClassId. I am certain that…
  • ArcSight & CISCO ISE Support

    Hi!, It appears that with the release of CISCO ISE 1.2, CISCO is looking to integrate more closely with SIEM environments (especially with the view to capitalise on Identity Information that the platform can provide). Does anybody know anything about…
  • Import cert to remote Connector via ConApp (keytool import)

    I have a connector running on a remote system that I don't have access to except other than my ConApp. I want to update the certificates for the Cisco Secure IPS, but it based on the 6.0.4 Config guides, the only way to do this is via a command line input…