Manualshelf

User`s guide

ManualsBrandsVMware ManualsOtherVCLOUD REQUEST MANAGER 1.0.0
21222324252627282930
Technical white paper
29
HP ArcSight ESM Viewing Events with Active Channels
Events can be viewed in the ESM using an Active Channel. To view events forwarded to the HP ArcSight ESM from the
ArcSight Logger, right click on the logger connector and set as current filter. This will display all current events as shown in
Figure 31.
Figure 31. ArcSight EMS Manager Logger2ESM Connector
To test our failed login forwarder created earlier, we will attempt to login to oo.fog.cloud.internal. This server hosts our
Cloud Service Automation and Operation Orchestration applications. By setting our Active Channel filter to the Logger2ESM
Connector we can see in Figure 32 that the failed logon attempts are reported (forwarded) to the HP ArcSight ESM.
Figure 32. ESM view of Failed Logons
You can customize this view by selecting more or less columns of event information to be displayed. Figure 33 shows the
failed logon events that were forwarded to the HP ArcSight ESM and the event information includes the event Name,
Attacker User Name, Attacker Address, Target Address, Priority, and Device Vendor.