Can be run on demand via UI, on a schedule, or over the Logger API. – Output formats include HTML, PDF, MS Excel, CSV, MS Word, Interactive HTML, XML .. Guide (PDF) 3 Understanding the User Interface 24 ArcSight Connector Appliance .. ArcSight Logger, ArcSight NCM, SmartConnector, ArcSight Threat. Contents 6 ESM Installation and Configuration Guide Confidential How do Configuration Guide Confidential /opt/arcsight A.

Author: Doukazahn Zugul
Country: Burundi
Language: English (Spanish)
Genre: Travel
Published (Last): 24 February 2004
Pages: 292
PDF File Size: 16.92 Mb
ePub File Size: 10.32 Mb
ISBN: 511-3-29481-184-7
Downloads: 31957
Price: Free* [*Free Regsitration Required]
Uploader: Sakree

Choose whether to save it as a filter or a saved arcsigght, then hit save. Filters save the query expression, but do not save the time range or the field set information. Search Queries Search queries can be as simple as entering a login name, IP address, or other string you are interested in looking for.

Earliest Result days The earliest results you want to see in number of days. You can also build more complex queries once you know what you are looking for and in which field Arcsight is logging that information.

See the Search Queries section below. The Security Integration screen reloads and the New button for the integration is available. Load Saved Search or Filter: All Peers The default is unchecked and searches only the local logger you are connected to. Select this to include samples of raw data in your sightings guidf results. Be careful not to change existing arcsignt this way that are not yours.

You can also activate the plugin using the traditional method. Enter the string you are searching for here, or build a search query using the Arcsight column headers. Since ugide are dozens of fields that can be logged in Arcsight, using this feature will save you the time of scrolling through unnecessary data to find what you are looking for.


The name of this configuration. If you click OK after customizing your field set, it will only be available to you for your current uzer. See the Field Set section below for more information.

Select the time range you wish to search the logs for. Once you log out of Arcsight, the field set will not be saved. Please note yuide field is based on the time that Arcsight received the log, not necessarily the time of the event itself.

When checked, it searches all the loggers that are connected to one another. The available security integrations appear as a series of cards. Include raw data samples in search results Select this to include samples of raw data in your sightings search results.

To make the field set uesr for later use, hit Save. For example, if I want to show all Weblogin events for a certain person, I can find them by typing: Include raw data samples in search results. The earliest results you want to see in number of days. Saved search saves the query expression and the time range that you See the Filters and Saved Searches section below for more information.

Common Event Format (CEF) Configuration Guides

This tool allows you to save a query that you use frequently as a filter or a saved search. Search strings are case sensitive, and multiple words should be included in quotations. Max Rows The maximum number of rows you want to search. Use these buttons to customize your field set. When you run a search, the results show up at the bottom of the screen, most recent log on top.


The query will be entered into the search box for you; click Go after adjusting your time range as needed. Proceed to step 5.

NXLog User Guide | Log Management Solutions

This allows you to display only relevant fields arcskght your results, removing fields that may not have meaning for what you are searching for. Enter a name for the search or filter.

When you save a ugide set, it will appear under the Shared Fieldsets category and will be visible to all other users of Arcsight. Field Description Name The name of this configuration.

How to Use Arcsight Logger

The amount of data returned depends on your setting in the number of rows of raw data property in Security Incident Response properties. Please do not use this feature! Search Logs To search for logs in Arcsight, go to https: Configuring this integration activates workflows. To use a previously saved filter or search, click on the load saved search lobger filter icon.