How to create syslog for ArcSight format

  • 0
  • 1
  • Problem
  • Updated 2 years ago
  • Not a Problem
My company use ArcSight log server, but it can't not recognize XOS log format. Did anyone know how to create XOS log for Arcsight format.....
Photo of Helpme

Helpme

  • 260 Points 250 badge 2x thumb

Posted 2 years ago

  • 0
  • 1
Photo of Bill Stritzinger

Bill Stritzinger, Alum

  • 6,016 Points 5k badge 2x thumb
I am not sure about ArcSight but most SIEM programs have programs will have modules that will "equalize" to the database many syslog formats per device manufacturer.  Our SIEM product has what are called DSM modules that take many different syslog formats from hundreds of vendors so that the data presented is equal in the database.  Out SIEM has a DSM module specific for XOS and EOS boxes, please check with HP on what is available in your circumstance.  I tried checking the HP Enterprise site but was unable to search their support database.
Photo of Ron Huygens

Ron Huygens, Employee

  • 2,928 Points 2k badge 2x thumb
It all depends on the format that is expected by the ArcSight log server.
In EXOS you create separate log filters and modify the output for different purposes.

More on the Event Management System/Logging can be found in the documentation:
http://documentation.extremenetworks.com/exos/EXOS_21_1/Status_Monitoring/c_using-the-event-manageme...

Do you have an example of the format that ArcSight expect to receive?