Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
hima.cholakurus Trusted Contributor.
Trusted Contributor.
437 views

Data forward to ESM with CEF

Jump to solution

We have currenntly the requirement to forward the data from a tool to Arcsight which has the options to send the data by the following
1.File
2.HTTP message
3.ODBC SQL
4.SMTP
5.message
 We already tried the option of sending the data via CEF to the smart connector which forward the logs to ESM.But the problem is that CEF has got the timestamp/abbr.month restriction which is not supported by the tool and the data is not recieved by smart connector.
Please let me  know the alternate options which we could use.
Regards,
Hima

Labels (2)
0 Likes
1 Solution

Accepted Solutions
Outstanding Contributor.. LakeHealthInfoS Outstanding Contributor..
Outstanding Contributor..

Re: Data forward to ESM with CEF

Jump to solution

Okay so multiple ways to skin the cat - 

 

1.File - FTP it to the again your subverting a connecotr already written or your using your own tool to ingest from /opt/arcsight/incoming/


2.HTTP message -- What type of HTTP message or format - SQUID - IIS - Tomcat - Apache  etc - there are multiple smart connectors for these already subvert one to your needs and write a parser - 

 


3.ODBC SQL -- Make  a custom FLEX connector/agent and install the proper ODBC or JDBC driver on the Smart Connector host.

4.SMTP -- not realy an option


5.message -- SYS:LOG is the format here or SYSLOG NG - Do you have a Syslog connector running on the ESM or anywhere else in the environment - if so just send the feed over to this Connector - if you have to write a parser or map file you can write one and add it to the Syslog connector via the ArcMC or the Smart Connector config wizard

0 Likes
2 Replies
Acclaimed Contributor.. Shaun Acclaimed Contributor..
Acclaimed Contributor..

Re: Data forward to ESM with CEF

Jump to solution
Write a custom parser (flexconnctor)?
0 Likes
Outstanding Contributor.. LakeHealthInfoS Outstanding Contributor..
Outstanding Contributor..

Re: Data forward to ESM with CEF

Jump to solution

Okay so multiple ways to skin the cat - 

 

1.File - FTP it to the again your subverting a connecotr already written or your using your own tool to ingest from /opt/arcsight/incoming/


2.HTTP message -- What type of HTTP message or format - SQUID - IIS - Tomcat - Apache  etc - there are multiple smart connectors for these already subvert one to your needs and write a parser - 

 


3.ODBC SQL -- Make  a custom FLEX connector/agent and install the proper ODBC or JDBC driver on the Smart Connector host.

4.SMTP -- not realy an option


5.message -- SYS:LOG is the format here or SYSLOG NG - Do you have a Syslog connector running on the ESM or anywhere else in the environment - if so just send the feed over to this Connector - if you have to write a parser or map file you can write one and add it to the Syslog connector via the ArcMC or the Smart Connector config wizard

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.