How to send events from ArcOSI to ESM?

Hi,

I am running the Smart Connector on Windows platform and have downloaded arcosi-28.exe on a different machine. On my machine (Not smart Connector Server) I ran arcosi-28.exe through command prompt. (arcosi-28.exe 10.1.1.1 where 10.1.1.1 is my Smart Connector Server's IP) Hundreds of events got generated but I do not see any events in Active Channels.

My question here is that Do I need to run ArcOSI on 10.1.1.1 or is it fine if i run it on a different machine.

Also is there anything that I am missing. maybe a syslog server on my machine. I know I need to make changes in the syslog configuration file but what changes and where?

If there is a complete intall guide can some one please share?

Parents
  • Verified Answer

    Here you can get details,

    https://protect724.arcsight.com/message/21327#21327

    Apart from this,

    You need to install arcosi.exe in a machine where syslog connector is running. You don't need to make any changes in the syslog configuratin as you are going to install in a windows machine.

    First install a syslog connector and start it.
    Then, download the arcosi-28.exe and place it on a server where you have a syslog connector running.
    Open a command prompt, cd to the directory where arcosi-28.exe is
    In my case I place the file in the root of D:\
    and running the following: arcosi-28.exe localhost

    Since your syslog connector is configured to send logs to your ESM, you will be able to see these events in active channel just by putting filter,

    agenthostname = "your syslog server host name"

    - Amit

Reply
  • Verified Answer

    Here you can get details,

    https://protect724.arcsight.com/message/21327#21327

    Apart from this,

    You need to install arcosi.exe in a machine where syslog connector is running. You don't need to make any changes in the syslog configuratin as you are going to install in a windows machine.

    First install a syslog connector and start it.
    Then, download the arcosi-28.exe and place it on a server where you have a syslog connector running.
    Open a command prompt, cd to the directory where arcosi-28.exe is
    In my case I place the file in the root of D:\
    and running the following: arcosi-28.exe localhost

    Since your syslog connector is configured to send logs to your ESM, you will be able to see these events in active channel just by putting filter,

    agenthostname = "your syslog server host name"

    - Amit

Children
No Data