Arcsight Logger 6.40 and smart connector deployment
I want to know informations on Arcsight Logger 6.40 and smart connectors.
As we are deploying OBA 3.02 and Logger for DC and DR environment.
We are using OBA integration with OMi for events analytics and logger for logs analytics.
I want to know what is the role of logger and smart connector and for what purpose we need smart connector.
Which log files we can use without using smart connector, and how can we perform DC-DR failover for same.
Logger is used for event storage and efficient searching primarily. You can also use to configure alerts, dashboards/reports, event archicval and forward events to ESM.
Smart Connectors do the job of event collection from various log sources. (Logger also has inbuilt capability to ingest events and parse directly ). However it's recommended you use smart connectors to ingest the events.
Can you please suggest what type of logs support by smart connector and also by logger.
Also how can we perform DC DR failover for logger.
Smartconnector supports a large no. of log sources and devices. Refer link for all Smart connector documenation. https://community.softwaregrp.com/t5/ArcSight-Connectors/tkb-p/connector-documentation
You will get a brief idea of the capability of smartconnector. Smartconnector also supports custom parsers which can be built by you if you have basic regex skills. They have a good tool for it's development too (QuickFlex).
Logger accepts events as syslog messages, encrypted SmartMessages, Common Event Format (CEF) messages, or by reading log files.
For DC DR failover you must configure failover destinations on the smartconnectors for each destination set.