Sample perl script for ArcSight CEF Cisco FireSIGHT Syslog

0 Likes

over 5 years ago

This is a sample script for an eStreamer client that converts eStreamer data collected from FireSIGHT into ArcSight's Common Event Format (CEF) for input into ArcSight ESM. The purpose of this sample script is to do the conversion to CEF and then send to the syslog connector.

cef_forwarder-master-d35283bd625ed63e215680d2381ddcef55f2c121 (1).zip

cef_forwarder-master-d35283bd625ed63e215680d2381ddcef55f2c121.zip

Comment List

premjithr over 3 years ago

install the below perl libraries and its dependencies

Getopt::Long
Socket
IO::Socket::SSL
NetAddr::IP
Storable
Socket6 (Only required if IPv6 is used)
IO::Socket::INET6 (Only required if IPv6 is used)
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
jjoshi over 4 years ago

By using the same script, i am not getting the Rule name either in SIEM or in Logger. Though we are getting "ruleId" but no ruleName. Any help is appreciated!
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
Bec over 4 years ago

error:

Global symbol "$pid" requires explicit package name at ./cef_agent.pl line 984.
syntax error at ./cef_agent.pl line 985, near "or"
Execution of ./cef_agent.pl aborted due to compilation errors.
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel
Bec over 4 years ago

is there a detailed guide for this Perl sript, what are the prerequesties? and how can we run it

as I install Perl and I tried to windows and centos, however I am getting unknown errors
- Cancel
- Vote Up 0 Vote Down
- Sign in to reply
- More
- Cancel

Recommended

Menu

ArcSight Product Documentation

Sample perl script for ArcSight CEF Cisco FireSIGHT Syslog

Resources