Standard Content Guide for ArcSight Express v4.0

3 Likes

A complete catalog of the standard content use cases available for ArcSight Express v4.0: Cisco Monitoring, Device Monitoring, Windows Monitoring, NetFlow Monitoring, Operations, Security and Threat.

Labels:

Archives
Comment List
Anonymous
Parents
  • It would be nice if the document actually stated how to change the parser version.

    The Microsoft Windows Monitoring content is triggered by Microsoft Windows events from the Microsoft Windows Event Log- Unified SmartConnector with parser version 1.

    To enable parser version 1 on the SmartConnector:

    1 From the computer on which the Microsoft Windows Event Log – Unified

    SmartConnector is installed, open a command window.

    2 Browse to the $ARCSIGHT_HOME\current\bin directory.

    3 Enter the command:

    arcsight connectorsetup

    4 When prompted to enter Wizard mode, click No.

    5 In the Agents area of the Configuration Tool window, select the windowsfg

    connector.

    6 From the Options menu, select Show Internal Parameters

    7 In the Parameters area, scroll to the fcp.version parameter.

    8 For Microsoft Windows Monitoring, select 1 as the parser version.

    9 Click OK.

    .

Comment
  • It would be nice if the document actually stated how to change the parser version.

    The Microsoft Windows Monitoring content is triggered by Microsoft Windows events from the Microsoft Windows Event Log- Unified SmartConnector with parser version 1.

    To enable parser version 1 on the SmartConnector:

    1 From the computer on which the Microsoft Windows Event Log – Unified

    SmartConnector is installed, open a command window.

    2 Browse to the $ARCSIGHT_HOME\current\bin directory.

    3 Enter the command:

    arcsight connectorsetup

    4 When prompted to enter Wizard mode, click No.

    5 In the Agents area of the Configuration Tool window, select the windowsfg

    connector.

    6 From the Options menu, select Show Internal Parameters

    7 In the Parameters area, scroll to the fcp.version parameter.

    8 For Microsoft Windows Monitoring, select 1 as the parser version.

    9 Click OK.

    .

Children
No Data
Related Discussions
Recommended