Highlighted
New Member.
888 views

ArcSight Smart Connectore for Ironport Email secuirty

Folks,

I am new to ArcSight connector installation and I am trying to install a smart connector for Ironport email security appliance. I have read the configuration guide and installed a connector. The problem I am having is mapping the data into ESM fields. All the logs from the log file are coming under "Messages" but I need every field under Device Custom Strings/Number.

Thanks

0 Likes
Reply
8 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

In Ironport ES have many logs types. Part of him send only syslog, part send only ftp.

What logs you need?

What version SmartConnector you use?

0 Likes
Reply
Highlighted
New Member.

Thanks Evgeny, I am interested in AMP logs only. I am using version 7.

0 Likes
Reply
Highlighted
New Member.

There was a nice demo at HP Protect using the flex connector to combine multiple logs to a single log. As you know Ironport ESA has 5-10 logs messages you have to parse through to see what happened, with the flex connector you can merge the log records into a single log.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Scott,

Good info!  Any idea what the presentation's name was or if it is available online?

Thanks,

- Brandon

0 Likes
Reply
Highlighted
Trusted Contributor.
Trusted Contributor.

Hi Scott,

Do you have any additional info on this FlexConnector?

0 Likes
Reply
Highlighted
Outstanding Contributor.
Outstanding Contributor.

2015 presentations list ->

2014 Presentations list ->

Search "Protect + YYYY" for more results.

0 Likes
Reply
Highlighted
Member.

​, have you seen this?

0 Likes
Reply
Highlighted
Honored Contributor.
Honored Contributor.

Hey ​, I haven't been able to find anything on this, but I'm still looking.​'s post of the presentations is cool, but I wasn't able to find one that had anything to do with Ironport.

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.