This discussion has been locked.

You can no longer post new replies to this discussion. If you have a question you can start a new discussion

How do I get a replay file on my test connector?

dcorwin25 over 9 years ago

I have set up a test connector on my connector appliance and a matching receiver on my logger. I have also exported some events from ESM to a csv file. I now want to turn that csv file into a replay file and have the test connector use it to send test events to my logger. How can I accomplish this?

Thanks,

Dave

0 Jurgen over 9 years ago

Hi,
There's a tool inside arcsight to do this.
Please look at the attachment steps:
3. Copy the CSV file to the database server and run the following command from the ArcSight bin directory (this path for Linux is usually /usr/local/arcsight/db/bin):
./arcsight csvconvert –S <full path with CSV filename> -D <event replay filename>
4. You’ll find the replay file in your replayagent directory when the conversion is complete. (ie: /usr/local/arcsight/db/replayagent)
Here is a disccusion about it:
There are also other discussions about it on protect247
i also added some .events files that you can use to simulate an attack
ArcSight Event Replay Howto v2_1.doc
virusOutbreak_500epm-complete.zip

wormOutbreak_200epm.zip
Cancel
Vote Up 0 Vote Down

Cancel

Menu

ArcSight User Discussions

How do I get a replay file on my test connector?

Resources