https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32385#M5966 I am not sure about ArcSight but most SIEM programs have programs will have modules that will "equalize" to the database many syslog formats per device manufacturer. Our SIEM product has what are called DSM modules that take many different syslog formats from hundreds of vendors so that the data presented is equal in the database. Out SIEM has a DSM module specific for XOS and EOS boxes, please check with HP on what is available in your circumstance. I tried checking the HP Enterprise site but was unable to search their support database. Tue, 30 Aug 2016 06:25:00 GMT Bill_Stritzinge 2016-08-30T06:25:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32384#M5965 My company use ArcSight log server, but it can't not recognize XOS log format. Did anyone know how to create XOS log for Arcsight format..... Tue, 30 Aug 2016 05:37:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32384#M5965 Helpme 2016-08-30T05:37:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32385#M5966 I am not sure about ArcSight but most SIEM programs have programs will have modules that will "equalize" to the database many syslog formats per device manufacturer. Our SIEM product has what are called DSM modules that take many different syslog formats from hundreds of vendors so that the data presented is equal in the database. Out SIEM has a DSM module specific for XOS and EOS boxes, please check with HP on what is available in your circumstance. I tried checking the HP Enterprise site but was unable to search their support database. Tue, 30 Aug 2016 06:25:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32385#M5966 Bill_Stritzinge 2016-08-30T06:25:00Z https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32386#M5967 It all depends on the format that is expected by the ArcSight log server. <BR /> In EXOS you create separate log filters and modify the output for different purposes.<BR /> <BR /> More on the Event Management System/Logging can be found in the documentation:<BR /> <A href="http://documentation.extremenetworks.com/exos/EXOS_21_1/Status_Monitoring/c_using-the-event-management-systemlogging.shtml" target="_blank" rel="nofollow noreferrer noopener">http://documentation.extremenetworks.com/exos/EXOS_21_1/Status_Monitoring/c_using-the-event-manageme...</A><BR /> <BR /> Do you have an example of the format that ArcSight expect to receive? <BR /> <BR /> Tue, 30 Aug 2016 11:30:00 GMT https://community.extremenetworks.com/t5/extremeswitching-exos-switch/how-to-create-syslog-for-arcsight-format/m-p/32386#M5967 Ron_Huygens 2016-08-30T11:30:00Z