Highlighted
AarushJ Super Contributor.
Super Contributor.
779 views

Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight?

Jump to solution

@abezverkhyi @Aleks @lless @pbrettle @Gayan @Marijo Mandic
Hi All,

Query1) I want to integrate MDM_Mobilr Iron 3.0, any supported document avaliable, coz I dint find so.
I require to know the process and changes/settings needs to be done at Mobile Iron to get the parsed logs to Arcsight. Also what connector we can use for the same?
Query2) I have integrated the Centos with Arcsight on Syslog Daemn connector type using rsyslog.conf with below configurations:
local6.* /var/log/boot.log
*.*@@ConnectorServerIP:514
service rsyslog restart

Post we observed that we are not able to get logs on udp 514 but able to get logs on Raw TCP 514 an all the unparsed events. 
Please suggest how we can fix this.
Regards
Aarush J

AJ
0 Likes
1 Solution

Accepted Solutions
AarushJ Super Contributor.
Super Contributor.

Re: Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight

Jump to solution

Hi,

We have successfully integrated the Mobile iron with the help of syslog and it is working fine for us.

AJ
0 Likes
4 Replies
alexandros_n Honored Contributor.
Honored Contributor.

Re: Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight

Jump to solution

if you check the configuration guides you will see that there is no out of the box connector. So that's why you have unparsed events.

Also '@@' means TCP transport. I guess it is better to speak with your linux admin for the rsyslog configuration.

 

0 Likes
Gayan Acclaimed Contributor.
Acclaimed Contributor.

Re: Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight

Jump to solution

Hi Aj,

If the product is not supported by Micro Focus then simply you can develop the regex parser. As you said, logs are sending through TCP 514 so I believe its syslogs. If you can through it sample logs then would able to help more...

 

Cheers

Gayan

Mr
0 Likes
AarushJ Super Contributor.
Super Contributor.

Re: Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight

Jump to solution

Hi Gayan,

Thanks for the reply Ill if I get the sample logs. and post you here.
Mean while can you please help me with if we can impleament any knind of syslog parser for parsing logs coming from TCP on 514 as we have did the configuration on rsyslog file to push the logs on port 514.

AJ
0 Likes
AarushJ Super Contributor.
Super Contributor.

Re: Hi Techies, I'm looking for connector and process for integrating MDM - Mobile iron to Arcsight

Jump to solution

Hi,

We have successfully integrated the Mobile iron with the help of syslog and it is working fine for us.

AJ
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.