Query1) I want to integrate MDM_Mobilr Iron 3.0, any supported document avaliable, coz I dint find so.
I require to know the process and changes/settings needs to be done at Mobile Iron to get the parsed logs to Arcsight. Also what connector we can use for the same?
Query2) I have integrated the Centos with Arcsight on Syslog Daemn connector type using rsyslog.conf with below configurations:
service rsyslog restart
Post we observed that we are not able to get logs on udp 514 but able to get logs on Raw TCP 514 an all the unparsed events.
Please suggest how we can fix this.
if you check the configuration guides you will see that there is no out of the box connector. So that's why you have unparsed events.
Also '@@' means TCP transport. I guess it is better to speak with your linux admin for the rsyslog configuration.
If the product is not supported by Micro Focus then simply you can develop the regex parser. As you said, logs are sending through TCP 514 so I believe its syslogs. If you can through it sample logs then would able to help more...
Thanks for the reply Ill if I get the sample logs. and post you here.
Mean while can you please help me with if we can impleament any knind of syslog parser for parsing logs coming from TCP on 514 as we have did the configuration on rsyslog file to push the logs on port 514.