Regular Contributor.. nalona Regular Contributor..
Regular Contributor..
297 views

Configure OSSEC to send logs to Arcsight

Jump to solution

Hi Team!,

Currently I have configured the sending logs through rsyslog service.

Now, I am thinking to change this and sending logs through OSSEC agents.

Someone has configured OSSEC to send logs to arcsight ESM?

Many thanks for the patience!

Nice Day!

0 Likes
1 Solution

Accepted Solutions
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Configure OSSEC to send logs to Arcsight

Jump to solution

This is configured the exact same way as sending it from agents to an rsyslog server.

You set the destination server, port and format. Remember to choose CEF as the output format, and the destination should be the hostname/ip + the port of your syslog connector.

Reference with CEF example can be found here: https://www.ossec.net/docs/manual/output/syslog-output.html

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
2 Replies
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Configure OSSEC to send logs to Arcsight

Jump to solution

This is configured the exact same way as sending it from agents to an rsyslog server.

You set the destination server, port and format. Remember to choose CEF as the output format, and the destination should be the hostname/ip + the port of your syslog connector.

Reference with CEF example can be found here: https://www.ossec.net/docs/manual/output/syslog-output.html

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
Regular Contributor.. nalona Regular Contributor..
Regular Contributor..

Re: Configure OSSEC to send logs to Arcsight

Jump to solution

Thanks Marius!

Regards!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.