Highlighted
Captain
Captain
296 views

unable to route events from t-hub to esm

Jump to solution

Hello guys!

We are trying to setup an arcsight environment with thub and esm and unfortunately we are unable to forward the logs into ESM. In t-hub we are receiving the events into the th-cef topic, and we set up a route rule th-cef->th-binary_esm, and configured the ESM to get the events from this topic, but we haven't succeeded yet.

In the logs we see this:

[2020-02-04 15:41:28,893] INFO {"routes":[{"rule":"(deviceVendor == 'Microsoft')","source":"th-cef","target":"th-binary_esm"}]} (com.hpe.arcsight.eb.sp.config.ServiceConfigurationManager)

It seems like it loades the rule, but somehow it's not forwarding to ESM.

All helps are appreciated!

 

Regards, Thomas.

0 Likes
1 Solution

Accepted Solutions
Highlighted
Fleet Admiral
Fleet Admiral

Hello Thomas, 

 

your answer it's pretty simple:

Routes only apply to CEF topics. Routes created to or from a binary topic (such as th-esm) will not function.

This information can be found on the official documentation of ArcMC page 198, https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-92-Administrator-s-Guide/ta-p/2689804 

 

Best Regards, 

 

Daniel

View solution in original post

2 Replies
Highlighted
Fleet Admiral
Fleet Admiral

Hello Thomas, 

 

your answer it's pretty simple:

Routes only apply to CEF topics. Routes created to or from a binary topic (such as th-esm) will not function.

This information can be found on the official documentation of ArcMC page 198, https://community.microfocus.com/t5/ArcSight-Management-Center-ArcMC/ArcSight-Management-Center-2-92-Administrator-s-Guide/ta-p/2689804 

 

Best Regards, 

 

Daniel

View solution in original post

Highlighted
Captain
Captain
Yep You're right, we've missed an important sentence in the admin guide.
Thanks for Your answer, have a nice day!
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.