Thanks for your reply, let me try and feedback to you.

Thanks

Renjith

No difference: the Windows Unified Connectors also runs on linux & unix. Just install it and copy the files.

We have Unix based appliance, so how can we integrate Vasco with ArcSight.

Recently found out that you must explicitely tell to the ArcSight Connector the application log name you will collect events from (under the event viewer). By default it is "VASCO" and you should put this value under parameter "Customer Log Names".

Also important is the parser name has to be modified to "$Logname.identikey_server__$Logname_.sdkkeyvaluefilereader.properties" where $Logname is the parameter above in lower case (so "vasco" by default).

File "application.identikey_server...." should be placed according to the windows unified connector documentation. The other 2 chained parsers should be placed under $ARCSIGHT_HOME/user/agent/flexagent/vasco/

Note : this parser may not run immediatly in a windows environment because it uses forward slashes as directory separators, replace these "/" with "\" if you're under windows, both in "application.identikey_server..." and "vasco_regex...".