Typically, Logger is deployed inside the perimeter firewall with a high degree of physical security to prevent tampering with the collected event information. Logger does not require other ArcSight products. It receives and forwards syslog and log file events created by a wide variety of hardware and software network products.
Logger also inter-operates with ESM as shown in the following figures. A typical use of Logger is to collect firewall or other data and forward a subset of the data to ArcSight Manager for real-time monitoring and correlation, as shown below. Logger can store the raw firewall data for compliance or service-level agreement purposes.
Logger can act as a funnel, forwarding selected events to ESM
Logger can store events sent by ESM
Logger can store and forward filtered events in a hierarchical ESM deployment
