ramu1105 Absent Member.
Absent Member.
397 views

How to create a unix alerts for below activities in ArcSight Express

1) Alert when some one Start/Stop a new service on Unix

2) monitor configuration changes activities for Unix

3) Do we have any package for Unix alerts - Use cases? How to install them (I mean when I integrate the Unix servers with ArcSight then I should simply activate the Reports)

Labels (1)
0 Likes
5 Replies
sujansures Absent Member.
Absent Member.

Re: How to create a unix alerts for below activities in ArcSight Express

Dear ​,

You can do the same using the category options. Kindly let me know if any help on the same is needed.

Regards,

0 Likes
ramu1105 Absent Member.
Absent Member.

Re: How to create a unix alerts for below activities in ArcSight Express

Please help me in creating the alerts for below two activities.

1) Alert when some one Start/Stop a new service on Unix

2) monitor configuration changes activities for Unix

0 Likes
sujansures Absent Member.
Absent Member.

Re: How to create a unix alerts for below activities in ArcSight Express

Hi ​,

I am attaching the screen shot of a rule created for firewall config changes by superuser kindly try creating the same for your purposes!

111.JPG 12.JPG

Kindly take a look and let me know if there is any doubt.

Hope this helps!

Regards,

Sujan

0 Likes
ramu1105 Absent Member.
Absent Member.

Re: How to create a unix alerts for below activities in ArcSight Express

Thanks for providing the screenshot. But i need the configuration changes for Unix machines. Can you please help me with this.

0 Likes
vastalakatakam Regular Contributor.
Regular Contributor.

Re: How to create a unix alerts for below activities in ArcSight Express

Hi friend,

Once go through the logs genrated at unix (Syslog). I'm Sending A link to You. try it

Unix System Logging

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.