Is there any solution for AD admin audit logs in new released connector 7.2.1? Or will we continue to use 3. party applications like logbinder, infrascope to parse the AD admin audit logs?
Thank you, Ingrid. It looks like I'll be awaiting the next release with bated breath. Unparsed events aren't ordinarily a problem for my flexconnectors: We can just parse them ourselves anyway.... Unparsed events for default Arcsight connectors are my overwhelming problem.
There is now a Log Unparsed Events parameter available for log file and folder follower FlexConnectors. When this parameter is set to true, the connector detects and logs unparsed events to $ARCSIGHT_HOME\current\logs\events.log. This parameter will be available for all connectors in an upcoming SmartConnector release.
FlexConnectors for File, Regex File, Regex Folder File, Multiple Folder File, and Scanner Text Reports Added connector framework capability to detect and log unparsed events into a separate log file. [CON-15508]
Can we get some clarity on this? What does this mean? Struggling with 'unparsed events' is a very annoying part of Arcsight management, and if we even had the simple capability of dumping those logs to a different parser file name it would make my life easier.