Highlighted
Absent Member.
Absent Member.
505 views

Symantec Critical System Protection SmartConnector (SCSP)

Has anyone successfully used the Symantec Critical System Protection DB SmartConnector with CSP version 5.2.8?

We are using SmartConnector version 5.2.2. on the Connector Appliance.

We get events, but most of the data we need is shoved into the message field rather than being parsed correctly into the CEF format into the logger.

We are hoping to not have to create a custom flexconnector to get this is correctly, maybe just a new mapping file will be sufficient?

Any help/ideas are appreciated.

0 Likes
Reply
8 Replies
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

We have been facing the same issue with version 5.2.2. New version 5.2.4 of smartconnector claims to fix the issue.

Message was edited by: Sudhakar Tiwari

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

Which smart connector version are you using? Did you have to build a flexconnector or custom parser to get the events to come in to the correct fields?

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

Hi Ryan,

Did you ever get this figured out or is all of your data still sitting in Message?  We are currently looking to fix the same issue.

Thanks!

-Kevin

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

We are still having the issue

I have submitted a request to ArcSight support to see if they will update the smartconnector software to support the latest versions of CSP, but I was informed they won't be reviewing that until the end of 2012.

I haven't yet had the time to build a custom parser or our own flexconnector to bring this data in cleanly.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

Well that's a bummer.  If we find time to tackle it and get something created, I'll let you know.

Thanks!

-Kevin

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

Not sure if this will help, but you can go through the below thread, it helped me in parsing data from ArcSight fields into additional fields for syslog connector.

https://protect724.arcsight.com/message/12268#12268

Please go through Nenad Stojanovski's post at the end of the thread. You could use a similar additional parser file for parsing the information from the message field.

Hope this helps.

Thanks

Rohan

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

New Smartconnector release claims to fix the issue. We are updating to the new version over thiw weekend. We will let everyone know of the results.

0 Likes
Reply
Highlighted
Absent Member.
Absent Member.

Re: Symantec Critical System Protection SmartConnector (SCSP)

Sorry to revive an old post.

Did the update resolve this issue?

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.