ArcSight || Securemail Syslog || Message || How to add a Regex?
I have setup a syslog demon to receive syslog from a Micro Focus securemail
But, I find that there are a field seem need to create subagent parser
May it be a default parser on securemail?
Or how can I create one? May it be any guide?
I'm afraid there's no SmartConnector for MF SecureMail. I would try to use a syslog FlexConnector. Because the SecureMail log seems to be based on key-value pairs, I would try to use a key-value-parser (in this case you do not need any tough Regex definitions). The 'FlexConnector Developer's Guide' should be helpful.
In the guide it explains how to create a key value pair parser, we will help you along the way.
Link to guide
I am trying to make a key-value connector
But there are a few question
I am using syslog demon to receiver syslog from secure mail, it seem key-vlaue is a flex connector
1. Do I need to install a new flex connector to make it work?
2. Or I do only need to change config files?