Absent Member.
Absent Member.
1225 views

failed to send Sophos db log to SC server

Dear Team,

Good day. im newbie here. actually i have problem to send db log from sophos server to sc server. Did you guy know, what actually the problem based on screenshot attached.

What JDBC driver i need to chose..(as attached)

Appreciate for your helps.

Thanks

Shahrir.

Labels (3)
0 Likes
22 Replies
Fleet Admiral
Fleet Admiral

You need to follow the steps in the configuration guide. If you configured an ODBC connection in Windows then you can use the sun.jdbc.odbc.jdbcOdbcDriver otherwise you'll need to download and install the jdbc driver from Microsoft and then use com.microsoft.sqlserver.jdbc.SQLServerDriver

0 Likes
Absent Member.
Absent Member.

Thanks Richard for the guides.

Actually i have followed the steps in the configuration guide before. im using sun.jdbc.odbc.jdbcOdbcDriver. For ODBC setup, it was successfully configured. Tested also done.

However once i want to RUN connector for sophos DB, its cannot be UP as you can see in the previous screenshot. Is it i did wrongly setup at smartconnector level. Pls advise.

Thanks

Shahrir.

0 Likes
Fleet Admiral
Fleet Admiral

Looks like maybe a permission issue then. Anything in the SQL logs?


0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

The user you are using to connect to sophos is having proper rights to query ?

Try to remove the space from your DSN name, below is screenshot which is working for us. we've used sql local user.

Capture.PNG

Which connector version you are using ?

0 Likes
Absent Member.
Absent Member.

Anwar,

Sorry for the late respond. Im using ArcSight-7.0.4.7088.0-Connector-Win for SC.

Actually, i was installed smartconnector inside the sophos server. At the same time, it will act as a SC server. so the credential i used its windows login admin rights to query.  How do i know sir the credential that i used is not able to query?

Thanks for advise and screenshot. i will try to do as per advise.

Regards

Shahrir

0 Likes
Absent Member.
Absent Member.

Richard,

By default, sophos server did not separated the SQL database, its embedded. So how do i check the SQL logs. im also  not much know about sql. pls advise.

Thanks.

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Just to test, ask sophos admin to use admin creds or sql sa user to test.

And make sure you are connecting to right database when you create your DSN.

whatever user you use to authenticate, you can try to use that user in sql management studio gui tool to login to sql db and if you have privileges you will see db else you will get an error.

0 Likes
Vice Admiral
Vice Admiral

Hi,

Just few weeks before i installed Sophos AV DB connetor.

Just ask your DB team to have a account created with read permission. that will be enough for installing the connector.

If you use windows authentication while creating datasource then in the connector service, you need to change the logon as option to the proper user id.

it is better to have a db account created to access sophos db, if you ar ein patch5.1 then your db is SOPHOS51.

Thanks,

Rajkumar

Raj
0 Likes
Absent Member.
Absent Member.

Anwar,

I was installed Sophos Enterprise Console with the DB package. Its embedded. "One shot" installed, never key in credential for sql.

0 Likes
Absent Member.
Absent Member.

Raj.

Thanks for your advise.

im using windows authentication. When i create sc connector for DB, its going smooth without any problem. For ODBC also successfully configured. Tested also done.

But when i try to up the DB connector. its still cannot up.

0 Likes
Absent Member.
Absent Member.

Raj.

For ODBC setup, what default database you are using?

Bro, below is the screenshot for DB connector. Do you know why its show timing out after i start to run DB agent.

sophos db error2.JPGtiming out.JPG

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.