Solved

Event log back up / Retrieval from ArcSight Logger appliance

Posted on 2013-12-03
4
1,464 Views
Last Modified: 2013-12-09
I would like to know if it's possible to retrieve event logs from an old ArcSight Logger?   I read that by default, the ArcSight Logger does not back up any content but will back up 'All non-event data' and 'Report content' which includes:

• System Information
• Logs
• Global Settings
• User and Group Information
• All Configuration Settings
• Existing Filters and Saved Searches
• Logger Monitor settings
The following Reports content:
• Queries, Reports, Parameters,
Parameter Value Groups, Dashboard
• Templates

I am looking to extract this information if possible to prepare for an upcoming inspection.  Any information would greatly appreciated.

Cheers,
Larry
0
Comment
Question by:holby
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 3
4 Comments
 
LVL 29

Accepted Solution

by:
fibo earned 500 total points
ID: 39696311
Not sure I understand: are you looking for the place where these logs would be?
- usually /var/log is a good place to start
- you can also hunt at /etc/logrotate.d which handles nicely some logs (but be careful here!)

As usual
locate *.log
is your best friend (but do not forget
updatedb
)
0
 

Author Comment

by:holby
ID: 39696378
Yes I am looking for the location on the logger where these event logs are stored by default.  We moved away from ArcSight because it was a very convoluted product and extremely difficult to learn unless you were an expert using Unix.  We have since moved to a McAfee Nitro Security appliance and this product is much nicer and is less cumbersome.  Just need to be able to extract the event logs off the logger in case we need to present them for our upcoming inspection.
0
 
LVL 29

Expert Comment

by:fibo
ID: 39697645
What gives locate *.log?
0
 
LVL 29

Expert Comment

by:fibo
ID: 39706700
B-) Glad I could help. Thx for the grade and points
Bernard
0

Featured Post

Enroll in May's Course of the Month

May’s Course of the Month is now available! Experts Exchange’s Premium Members and Team Accounts have access to a complimentary course each month as part of their membership—an extra way to increase training and boost professional development.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Shadow IT is coming out of the shadows as more businesses are choosing cloud-based applications. It is now a multi-cloud world for most organizations. Simultaneously, most businesses have yet to consolidate with one cloud provider or define an offic…
These days, all we hear about hacktivists took down so and so websites and retrieved thousands of user’s data. One of the techniques to get unauthorized access to database is by performing SQL injection. This article is quite lengthy which gives bas…
Learn several ways to interact with files and get file information from the bash shell. ls lists the contents of a directory: Using the -a flag displays hidden files: Using the -l flag formats the output in a long list: The file command gives us mor…
Polish reports in Access so they look terrific. Take yourself to another level. Equations, Back Color, Alternate Back Color. Write easy VBA Code. Tighten space to use less pages. Launch report from a menu, considering criteria only when it is filled…

734 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question