Logger to ESM forwarder user

I do not understand how user for ESM forwarder works. I have LDAP bind configured in ESM. However when I am use ESM destination with with domain account I get connection refuse on ESM forwarder (ESM certificated is imported in Logger). I had to setup build-in authentication in ESM, add ESM destination in Logger with default admin user and then configure ESM back to LDAP bind and then forwarding works. Is there way to use domain account for ESM destination ? The account is in same folder as admin (Administrators) and I can log with him into the ESM Console.

thank you and with regards

  • Hello Jan, 

    when you switch in ESM on external authentication as LDAP just make sure that the user/users created in ESM are pointing to the right account/username on LDAP which translates, make sure to add in External User ID to the account/username on LDAP.

    Switching to external authentication still requires users to be created in ESM  that will match a proper External User ID from LDAP.

    I hope now is more clear how the integration works.

    Best Regards, 


  • In ESM I have local user admin and domain user arcsight_. Domain user has external ID and I can login into ESM with him, therefor LDAP auth should be working. However, when this user is configured in ESM destination in Logger it does not work. I have tried "Normal user" and "Forwarding connector user" type.