Announcing General Availability of ArcSight Smart Connectors 18.104.22.16814.0
We are pleased to announce the release of ArcSight SmartConnector 7.10.0.
The following key new features are available with this version:
A new Smart Connector for Microsoft Azure Event Hub
Smart Connectors Support Recently added:
Microsoft Exchange Mail Box Store, Version update Exchange 2010.
Apache Tomcat Version Update 8 and 9
Improved parsing and mapping for:
Snort Multiple File Connector
NetApp Filer Syslog
McAfee Network Security Manager Syslog
Symantec Endpoint Protection DB Config
IBM AIX Syslog
Microsoft DNS Multiple Server File
Linux Audit Syslog
Fortinet FortiGate Syslog
MS Office 365
MS SQL Server Audit Win Event Log Native Config
Cisco ASA Syslog
Cisco IOS Syslog
F5 BIG-IP Syslog
Citrix NetScaler Syslog
Juniper Firewall ScreenOS Syslog
Juniper JUNOS Syslog
Oracle Audit Syslog
HPE Integrated Lights-Out Syslog
Various security fixes, feature updates, and bug fixes
The Smart Connector Framework releases are available on the SSO Portal.
We would like to obtain your feedback regarding the usage of Smart Connectors. Knowing about your environment and which connectors are most important, will help us better maintain and update ArcSight Connectors.
Typically it takes around 15 minutes to complete the survey.
ArcSight Connector Usage Survey
In advance, we thank you for your time and feedback
ArcSight Product Team
Is the Logger EPS degredation issue fixed in this release?
It was noted as fixed in the 7.9 release notes "Reduced EPS to Logger Destination was fixed for 7.9.0"
However it was seen in 7.9 again:
Original issue seen in 7.8:
Any help is appreciated,
It was actually "fixed" in 7.9, but only via an automatic setting of the parameter in the wrapper.conf. However you should check every connector after the upgrade if the fix was actually applied.
For a customer I upgraded all connectors to 7.10 and we do not have the issue at the moment. However all connectors were 7.9 before so the temp. fix was already applied... not sure if 7.10 actually replaced the bugged java version.
I posted this response to wrong thread yesterday, apologies for that.
See David response below, and also my response from yesterday.
First Confirm issue:
Restart of Apache process on logger resolves the issue for a short time?
If yes, and on connector version 7.9 then,
Check agent.properties of all connectors sending to this logger for either of these values (only one should exist depending on if you have logger pool or single logger destination)
if they exist, either comment out, or delete them, and restart the connector(s). The values have been provided previously in certain scenarios. After this time, issues with 7.8 occured, and were resolved in 7.9, however the upgrade to 7.9 will not fix the issue, If these values still exist in the agent.properties. These values tell the connector to persist the connection to the logger an due to this the loggers' apache process is running out of available connections, which results in reduced or Zero EPS.
there is bug in software support portal that aup version of connector is downloaded as .zip which is not supported by ArcMC for direct upload and you need to manually change extension to .aup . BTW file on portal is named correctly with .aup extension just downloaded file doesn't follow this naming convention.