Logger can read events from a log file and forward those events to a Logger streaming SmartConnector that sends the events on to ArcSight Manager.
To forward log file events to ESM, configure the receiver, forwarder, and SmartConnector to accept the same source type (as described in Working with Source Types).
Note: The receiver, forwarder, and SmartConnector must all be configured with the same Source Type value to successfully forward log file events from Logger to ArcSight ESM.
Unlike events that Logger receives, such as syslog, SmartMessage, or CEF, log file events must be parsed to determine event timestamp. Therefore, if you need forward events to ESM by using a Connector forwarder, you must choose one of the following source types for the receiver:
|
Source Type |
|
|---|---|
|
Apache HTTP Server Access |
Microsoft DHCP Log |
|
Apache HTTP Server Error |
Other |
|
IBM DB2 9.x Audit Log |
Tipping Point SMS 2.5 Syslog |
|
IBM DB2 Audit |
VMware ESX Syslog |
|
Juniper Steel-Belted Radius |
|
See Also