Logger DB Schema

lospinoj · ‎2013-09-23

Hello All,

Would anyone happen to have a doc that details the DB schema for logger? The appear to be some 50+ fields for an event, there does not appear to be any table the provides a detailed description for each field.

There is one field in particular that we are keen to understand, the one that identifies the message originator.

Any help would be greatly apprecaited.

J-

balahasan.v1 · ‎2013-09-24

Hii Jeff,

Have u checked the Event Field Name Mappings in the Logger Admin Guide which gives DB name of the field, which is off course not the answer, But have u tried logging into the MySQL console from Logger Machine to find the DB and Table space used

lospinoj · ‎2013-09-24

Hello Sir,

Thank you for pointing out the Field Name Mappings index, that will certainly come in handy. What I’m still hoping to find is that plus complete descriptions, we thought we were close with the “Implementing ArcSight CEF, Rev 20, 6/5/2013” Whitepaper.

My quest has been to figure out which amongst the few hundred fields is in fact the message originator. We’ve not seen this clearly spelled out anywhere. My best guess at this point is that it’s:

Database Name Search Results CEF Field Name Reports

arc_deviceHostName deviceHostName dvchost Device Host Name

But then again, within the search results there is a field labeled as “Device”, which appears to be a reflection of deviceHostName, so it’s still our best guess.

Thanks for the advice,

J-

Logger

Smart Connector