failed to send Sophos db log to SC server
Good day. im newbie here. actually i have problem to send db log from sophos server to sc server. Did you guy know, what actually the problem based on screenshot attached.
What JDBC driver i need to chose..(as attached)
Appreciate for your helps.
You need to follow the steps in the configuration guide. If you configured an ODBC connection in Windows then you can use the sun.jdbc.odbc.jdbcOdbcDriver otherwise you'll need to download and install the jdbc driver from Microsoft and then use com.microsoft.sqlserver.jdbc.SQLServerDriver
Thanks Richard for the guides.
Actually i have followed the steps in the configuration guide before. im using sun.jdbc.odbc.jdbcOdbcDriver. For ODBC setup, it was successfully configured. Tested also done.
However once i want to RUN connector for sophos DB, its cannot be UP as you can see in the previous screenshot. Is it i did wrongly setup at smartconnector level. Pls advise.
The user you are using to connect to sophos is having proper rights to query ?
Try to remove the space from your DSN name, below is screenshot which is working for us. we've used sql local user.
Which connector version you are using ?
Sorry for the late respond. Im using ArcSight-22.214.171.12488.0-Connector-Win for SC.
Actually, i was installed smartconnector inside the sophos server. At the same time, it will act as a SC server. so the credential i used its windows login admin rights to query. How do i know sir the credential that i used is not able to query?
Thanks for advise and screenshot. i will try to do as per advise.
By default, sophos server did not separated the SQL database, its embedded. So how do i check the SQL logs. im also not much know about sql. pls advise.
Just to test, ask sophos admin to use admin creds or sql sa user to test.
And make sure you are connecting to right database when you create your DSN.
whatever user you use to authenticate, you can try to use that user in sql management studio gui tool to login to sql db and if you have privileges you will see db else you will get an error.
Just few weeks before i installed Sophos AV DB connetor.
Just ask your DB team to have a account created with read permission. that will be enough for installing the connector.
If you use windows authentication while creating datasource then in the connector service, you need to change the logon as option to the proper user id.
it is better to have a db account created to access sophos db, if you ar ein patch5.1 then your db is SOPHOS51.
Thanks for your advise.
im using windows authentication. When i create sc connector for DB, its going smooth without any problem. For ODBC also successfully configured. Tested also done.
But when i try to up the DB connector. its still cannot up.
For ODBC setup, what default database you are using?
Bro, below is the screenshot for DB connector. Do you know why its show timing out after i start to run DB agent.