Highlighted
Member.
150 views

ArcSight Connector unable to convert time in UTC

Hi Everyone,

We are digesting HOST_Firewall logs in CEF format from Windows devices but smartconnector is unable to convert the time Zone of events into UTC. Basically endTime and deviceRecieptTime are showing in UTC but value is same as in raw event in ACST. We put the device timezone field in the CEF file "dtz=ACST" .

So my question are.

1. Does this format is correct dtz=ACST in CEF file?

2. What can I do to correct this issue.

Thanks in Advance.

 

0 Likes
3 Replies
Highlighted
Super Contributor.
Super Contributor.

Re: ArcSight Connector unable to convert time in UTC

ACST - ?
You got me there! Australian Central Standard Time, is not unfortunately listed in RFC 822 (which is the IETF timezone "bible"). Have you tried expressing it as [GMT+09:30] or simply as [+09:30] ? Don't include the brackets.

Martyn

Highlighted
Member.

Re: ArcSight Connector unable to convert time in UTC

Hi Martyn,
Many Thanks for your reply. Yes I think GMT+09:30 would work. But now situation change, now we are getting events in Adelaide time but appears in UTC at connector but actually its Adelaide time zone. Can we do some mapping at connector level to make it correct.
Thanks
0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

Re: ArcSight Connector unable to convert time in UTC

i think in the connector settings (per destination) you can do time zone correction... just check the esm.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.