Highlighted
karim.zguioui1 Absent Member.
Absent Member.
407 views

How to generate logs ?

Jump to solution

Dear All,

Can anyone advise a tool (or Script) that can generate logs for PoC purpose ?

Regards,

Karim

0 Likes
1 Solution

Accepted Solutions
Michel Beaudry Outstanding Contributor.
Outstanding Contributor.

Re: How to generate logs ?

Jump to solution

Hi Karim,

did an excellent paper on this way back in 2009. The only change is that you have to start replayfilegen from console directory rather than from manager directory. This document does assume that you have access to a working ESM environment, otherwise you would have to rely on your friends at ArcSight PS.

Hope this helps,

Michel

View solution in original post

0 Likes
7 Replies
Michel Beaudry Outstanding Contributor.
Outstanding Contributor.

Re: How to generate logs ?

Jump to solution

Hi Karim,

did an excellent paper on this way back in 2009. The only change is that you have to start replayfilegen from console directory rather than from manager directory. This document does assume that you have access to a working ESM environment, otherwise you would have to rely on your friends at ArcSight PS.

Hope this helps,

Michel

View solution in original post

0 Likes
Michel Beaudry Outstanding Contributor.
Outstanding Contributor.

Re: How to generate logs ?

Jump to solution

Hi Karim,

As an additional bonus, here's a link to events available for replay

0 Likes
karim.zguioui1 Absent Member.
Absent Member.

Re: How to generate logs ?

Jump to solution

Hi Michel.

Thanks for your quick reply but can i use the Tool / Demo Events on a Logger or is it mandatory to have an ESM ?

Regards,

Karim

0 Likes
Michel Beaudry Outstanding Contributor.
Outstanding Contributor.

Re: How to generate logs ?

Jump to solution

Hi Karim,

To replay events you have to install a "TestAlert" type connector and specify the destination which can be any supported destination, e.g. ESM, Logger,...

Regards,

Michel

0 Likes
karim.zguioui1 Absent Member.
Absent Member.

Re: How to generate logs ?

Jump to solution

Hi Michel,

Thanks , i found this link and i think it will be useful for others who are trying to do the same thing : Creating event replay files for ArcSight SmartConnectors | Allen Pomeroy.

Kind Regards,

KarinZ

0 Likes
hassanvf1 Valued Contributor.
Valued Contributor.

Re: How to generate logs ?

Jump to solution

Hi Michel,

I pasted my replay events in the specified destination.

Then the next step is start the test connector. Please help me understand how to start the connector and view the replay events.

Thanks,

Hassan

0 Likes
pbrettle Acclaimed Contributor.
Acclaimed Contributor.

Re: How to generate logs ?

Jump to solution

The process is actually pretty simple and covered above - assuming you have some events files and copied them over, you will need to make sure you have a destination configured in the Test Alert Connector. For information on setting this up and the connector itself, you can see the following video:

https://protect724.hp.com/message/48212#48212

And take a look at the document linked above - https://protect724.hp.com/message/5650#5650 - check out page 6, it explains how to run the Test Alert Connector and what the UI looks like, how to select an events file to run and then what to do for running it. Once you press Continue, it plays the events into the destination ESM or Logger and you get the live replay of the events!

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.