some-AI Contributor.
Contributor.
615 views

Force connector to start caching

Hi,

I want to test out the ArcSight Administration rule "Connector Caching".

How can I force a connector to begin caching so that the rule in the ESM is triggered?

Tags (2)
0 Likes
4 Replies
alexandros_n Honored Contributor.
Honored Contributor.

Re: Force connector to start caching

I think there is a command from ESM to pause the flow. Maybe you can try it.

Highlighted
some-AI Contributor.
Contributor.

Re: Force connector to start caching

This doesn't starts caching events in a Test Alert Connector. Is there another way to force caching?

0 Likes
99 Trusted Contributor.
Trusted Contributor.

Re: Force connector to start caching

Do you use a Logger? if so you can pause the destination on the Logger itself.

0 Likes
Micro Focus Frequent Contributor
Micro Focus Frequent Contributor

Re: Force connector to start caching

Hi,

You can install any syslog generator like "kiwi syslog generator". Setup a simple syslog connector, configure either Logger or ESM destination. After that just make the destination down having the connector receiving events from the kiwi.

At this point the best approach is to have a real syslog generator. So, you can have a real source simulation.

Thanks

Diego RM

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.