User`s guide
Technical white paper
27
Figure 28. Policy Items
Including the ArcSightSecurityPackages policy into the MariaDB-RHEL6 and ApacheWordPress-RHEL6 policies will
automatically deploy the ArcSight Smart Connector for Linux audit logger to the database and web servers and start logging
events to ArcSight Logger. The linux_auditd events are visible from the summary page of the ArcSight Logger under Agent
Type and the nodes will be displayed in the Configuration > Devices section of the HP ArcSight Logger.
Working with events
Searching the HP ArcSight Logger
Figure 29. Logger MOEevent
In the screen shot above (Figure 29) we searched for MOEevent. This will return all events with the name MOEevent that are
sent to the HP ArcSight Logger by the HPIO logging function. The MOEevent is defined in the Matrix infrastructure
orchestration log4j properties file as defined in the CSA 3.1 documentation for ArcSight Integration titled HP Cloud Service
Automation 3.10 Integration with ArcSight Logger (HP Passport account required). An excerpt from that document is shown
below.