Absent Member.
Absent Member.
290 views

Logger DB Schema

Hello All,

Would anyone happen to have a doc that details the DB schema for logger? The appear to be some 50+ fields for an event, there does not appear to be any table the provides a detailed description for each field.

There is one field in particular that we are keen to understand, the one that identifies the message originator.

Any help would be greatly apprecaited.

J-

Labels (2)
Tags (3)
0 Likes
2 Replies
Fleet Admiral
Fleet Admiral

Hii Jeff,

Have u checked the Event Field Name Mappings in the Logger Admin Guide which gives DB name of the field, which is off course not the answer, But have u tried logging into the MySQL console from Logger Machine to find the DB and Table space used

0 Likes
Absent Member.
Absent Member.

Hello Sir,

Thank you for pointing out the Field Name Mappings index, that will certainly come in handy. What I’m still hoping to find is that plus complete descriptions, we thought we were close with the “Implementing ArcSight CEF, Rev 20, 6/5/2013” Whitepaper.

My quest has been to figure out which amongst the few hundred fields is in fact the message originator. We’ve not seen this clearly spelled out anywhere. My best guess at this point is that it’s:

Database Name Search Results CEF Field Name Reports

arc_deviceHostName deviceHostName dvchost Device Host Name

But then again, within the search results there is a field labeled as “Device”, which appears to be a reflection of deviceHostName, so it’s still our best guess.

Thanks for the advice,

J-

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.