Question

How to create syslog for ArcSight format


My company use ArcSight log server, but it can't not recognize XOS log format. Did anyone know how to create XOS log for Arcsight format.....

2 replies

Userlevel 5
I am not sure about ArcSight but most SIEM programs have programs will have modules that will "equalize" to the database many syslog formats per device manufacturer. Our SIEM product has what are called DSM modules that take many different syslog formats from hundreds of vendors so that the data presented is equal in the database. Out SIEM has a DSM module specific for XOS and EOS boxes, please check with HP on what is available in your circumstance. I tried checking the HP Enterprise site but was unable to search their support database.
Userlevel 5
It all depends on the format that is expected by the ArcSight log server.
In EXOS you create separate log filters and modify the output for different purposes.

More on the Event Management System/Logging can be found in the documentation:
http://documentation.extremenetworks.com/exos/EXOS_21_1/Status_Monitoring/c_using-the-event-manageme...

Do you have an example of the format that ArcSight expect to receive?

Reply