Community in read only mode June 18 & 19
This community will be set in READ ONLY mode for a while on Tuesday June 18 into Wednesday June 19 while we import content and users from our Micro Focus Forums community site. MORE INFORMATION
tbarella1 Absent Member.
Absent Member.

ArcSight FlexConnector for HP Helion OpenStack

The attached file 'HP Helion OpenStack and ArcSight -' contains the resources listed below.  Please watch the short 6 min. video of this integration (no audio) before proceeding.

  1. Logstash configuration file
  2. ArcSight FlexConnector for HOS
  3. ArcSight ESM Content Package for HOS

The instructions are in both the attached video (no audio) and the technical whitepaper:

This is version 1.0 of the FlexConnector (the regex needs to be cleaned up a bit).  Updates for this parser will be posted here until HP ArcSight officially supports OpenStack.  Feel free to re-purpose the attached Logstash config file to forward events in real-time from Logstash to ArcSight, Syslog-NG, Splunk, rsyslog, etc., etc.  Enjoy!

IMPORTANT: This integration should work for any flavor of OpenStack (not just Helion) as long as OpenStack is configured to send JSON over Syslog.  Please view this link for additional companies on OpenStack, your customer may be one of them:

Helpful OpenStack audit logging resources:

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.