Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION

Sample perl script for ArcSight CEF Cisco FireSIGHT Syslog

Sample perl script for ArcSight CEF Cisco FireSIGHT Syslog

This is a sample script for an eStreamer client that converts eStreamer data collected from FireSIGHT into ArcSight's Common Event Format (CEF) for input into ArcSight ESM.  The purpose of this sample script is to do the conversion to CEF and then send to the syslog connector.  

Attachments

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments

is there a detailed guide for this Perl sript, what are the prerequesties? and how can we run it

 

as I install Perl and I tried to windows and centos, however I am getting unknown errors

error:

 

Global symbol "$pid" requires explicit package name at ./cef_agent.pl line 984.
syntax error at ./cef_agent.pl line 985, near "or"
Execution of ./cef_agent.pl aborted due to compilation errors.

By using the same script, i am not getting the Rule name either in SIEM or in Logger. Though we are getting "ruleId" but no ruleName. Any help is appreciated!

Top Contributors
Version history
Revision #:
1 of 1
Last update:
‎2017-09-12 00:52
Updated by:
 
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.