This website uses cookies. By continuing to browse or login to this website, you consent to the use of cookies. Learn more.
OK

Vasco Identikey Parser (based on windows unified)

Vasco Identikey Parser (based on windows unified)

Windows Unified connector allows you to create a sort of flexconnector for application logging in the windows event log. This is what we did for Vasco Identikey Server, installed on a Windows 2008 R2 platform. We also created the categorization file with all documented vasco events (but during our tests we figured out there are undocumented messages generated by the device : these messages will be parsed but not categorized and extra information contained in these messages may not be correctly extracted).

Note that this parser is composed of multiple chained parsers : windowsfg => keyvalue => regex => another keyvalue (to parse "details" field)

Enjoy !

Attachments
Vasco_Identikey_windowsfg_1.0.zip
0 Likes

DISCLAIMER:

Some content on Community Tips & Information pages is not officially supported by Micro Focus. Please refer to our Terms of Use for more detail.
Comments
vip
‎2012-04-25 16:18
‎2012-04-25 16:18

File "application.identikey_server...." should be placed according to the windows unified connector documentation. The other 2 chained parsers should be placed under $ARCSIGHT_HOME/user/agent/flexagent/vasco/

Note : this parser may not run immediatly in a windows environment because it uses forward slashes as directory separators, replace these "/" with "\" if you're under windows, both in "application.identikey_server..." and "vasco_regex...".

vip
‎2014-03-13 10:59
‎2014-03-13 10:59

Recently found out that you must explicitely tell to the ArcSight Connector the application log name you will collect events from (under the event viewer). By default it is "VASCO" and you should put this value under parameter "Customer Log Names".

Also important is the parser name has to be modified to "$Logname.identikey_server__$Logname_.sdkkeyvaluefilereader.properties" where $Logname is the parameter above in lower case (so "vasco" by default).

renjithrjames
‎2015-01-27 12:05
‎2015-01-27 12:05

We have Unix based appliance, so how can we integrate Vasco with ArcSight.

vip
‎2015-02-17 08:48
‎2015-02-17 08:48

No difference: the Windows Unified Connectors also runs on linux & unix. Just install it and copy the files.

renjithrjames
‎2015-02-17 11:41
‎2015-02-17 11:41

Thanks for your reply, let me try and feedback to you.

Thanks

Renjith

Top Contributors
View All ≫
Version history
Revision #:
1 of 1
Last update:
‎2011-08-23 10:09
Updated by:
Cadet 2nd Class Cadet 2nd Class
 
View article history
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.