Highlighted
Commodore Commodore
Commodore
398 views

ArcSight || Securemail Syslog || Message || How to add a Regex?

Hi All,

I have setup a syslog demon to receive syslog from a Micro Focus securemail

But, I find that there are a field seem need to create subagent parser

tonyssbear_1-1579573984790.png

May it be a default parser on securemail?

Or how can I create one? May it be any guide?

 

 

Regards

Tony

4 Replies
Highlighted
Vice Admiral
Vice Admiral

Hi Tony,

I'm afraid there's no SmartConnector for MF SecureMail. I would try to use a syslog FlexConnector. Because the SecureMail log seems to be based on key-value pairs, I would try to use a key-value-parser (in this case you do not need any tough Regex definitions). The 'FlexConnector Developer's Guide' should be helpful.

Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

This is correct... just create a key-value parser. It´s really straight forward.

0 Likes
Highlighted
Knowledge Partner Knowledge Partner
Knowledge Partner

In the guide it explains how to create a key value pair parser, we will help you along the way.

 

Link to guide

https://community.microfocus.com/t5/ArcSight-Connectors/ArcSight-FlexConnector-Developer-s-Guide/ta-p/1584874 

0 Likes
Highlighted
Commodore Commodore
Commodore

Thanks All,

I am trying to make a key-value connector

But there are a few question

I am using syslog demon to receiver syslog from secure mail, it seem key-vlaue is a flex connector  

1. Do I need to install a new flex connector to make it work?

2. Or I do only need to change config files?

 

Regards

Tony

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.