Regular Contributor.
Regular Contributor.

F5 APM events unparsed


now i integrated F5 APM with arcsight but there is a lot of events unparsed. can everyone help me to how can i make overwrite to those unparsed events?


Labels (1)
1 Reply
Acclaimed Contributor.
Acclaimed Contributor.

Hello Mahmoud,

I would do the following:

1) Check SmartConnector for F5 BIG-IP Syslog if you are on supported version:

2) If you are on supported version then open a Case so ArcSight Technical Support can file a Parsing BUG

3) If you are not on supported version check if you can upgrade to supported version and then test if you see unparsed events. If you still see them then follow step 1).

4) If you have version that is higher than currently supported by SmartConnector then you can open a Case and request Feature Request. Once Feature Request is created you will get the number of that Feature Request and then you can make inquires with your ArcSight Sales Representative about additional informations.

5) If you have lot of unparsed events then it will not be easy to make parser override as you do not have original F5 parser that is used in SmartConnector and even if you had it and lot of events do not match it then you would basically need to rewrite complete parser.

6) If you want to make it yourself from beginning there is something called HPE ArcSight FlexConnector Developer's Guide:

This is basically developers kit so you can make your SmartConnector from scratch and support all the events/device that you want but it is not simple task.

Best regards,

Marijo Mandic

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.