Manualshelf

User`s guide

ManualsBrandsVMware ManualsOtherVCLOUD REQUEST MANAGER 1.0.0
12345678910
Technical white paper
10
Forwarding events to HP ArcSight ESM
The HP ArcSight Logger can be used to aggregate events and forward specific events to an HP ArcSight ESM system for
further analysis and correlation.
To accomplish this, forwarders are created in the HP ArcSight Logger > Configuration > Event Output interface. The
forwarders are configured to send log data to an ESM Destination. The ESM Destination is displayed below in Figure 8; the
forwarder configured here will show up as a connector in the ArcSight ESM Console. In our example we have named this
connector Logger2ESM to represent events being forwarded from the HP ArcSight Logger to the HP ArcSight ESM.
Figure 8. Event Forwarding to an ESM Destination
Once the connector is created it can be used by event Forwarders to forward specific events to the HP ArcSight ESM. In the
example below we have created a forwarder based on a regular expression query that will forward all failed login attempts
that are captured by the ArcSight Logger.
Figure 9. Event Forwarder Logon Failures
This forwarder has a query defined where the criteria states that if authentication is verified and the outcome is failure, send
all events that match this query to the ArcSight ESM.