ArcSight Logger and SmartConnectors Questions and Answers

I receive questions about ArcSight Logger and SmartConnectors, you will find here under some answers. I will add more questions and answers in future. Don’t hesitate to add your questions as comments on this blog post.

Is ArcSight Logger L750MB still free for download ?

ArcSight Logger L750MB is now for free, since 17 August. You don’t have to pay 49$ per year any more.

Is ArcSight Logger L750MB available as ISO or virtual appliance ?

ArcSight Logger L750MB is not provided as ISO or as virtual appliance (VMWare image, Xen, VirtualBox, KVM, etc.). The Logger is available as a binary file how will install the software on an existing operating system.

Where can I find an ArcSight Logger demo ?

ArcSight has publish a Logger demonstration video on YouTube.

Where can I find an ArcSight SmartConnector list ?

For Logger L750MB, you can find all the supported products list in my previous blog post. For a complete list of ArcSight SmartConnector supported products, a PDF is available on ArcSight web site.

Where can I download CEF (Common Event Format) specifications ?

ArcSight doesn’t provide direct access to the CEF open log management standard. You have to contact ArcSight through this Web page.

What are Logger and SmartConnector default ports ?

For ArcSight Logger it is depending if you have acquire a software or appliance version. If you have a software version, the default port will be 9000/TCP to access to the Logger Web interface and to configure the destination port of your SmartConnector. If you have an appliance version, the default port will be 443/TCP to to the Logger Web interface and to configure the destination port of your SmartConnector.

For ArcSight ESM, all communication are done on port 8443/TCP by default.

What is ArcSight Logger administration default URL ?

Default administration URL is https://$LOGGER:9000 for a software version, or https://$LOGGER:443 for an appliance version. Replace the $LOGGER variable with the hostname or IP address of your Logger.

What are ArcSight Logger default login and password ?

ArcSight Logger default login and password are “admin” / “password” 🙂

How many Storage Groups are available in ArcSight Logger ?

ArcSight Logger propose 6 Storage Groups, one of them is reserved for internal activities and one will be created by default. You have to create the 4 others Storage Groups during the Logger setup, after the installation you will no more able to create additional Storage Groups.

Do an ArcSight SmartConnector require a server ?

Depending on your architecture, you will require or not a server to host an ArcSight SmartConnector.

Cases you don’t need a server to host a SmartConnector :

  • You have a L3x00 serie Logger. These Logger series have an embedded SmartConnector appliance, so you will be able to manage embedded SmartConnectors and a certain number of remote SmartConnectors directly from the Logger.
  • You have a SmartConnector appliance. SmartConnector appliances are able to manage a certain number of embedded SmartConnectors, so you will be able to manage embedded SmartConnectors and a certain number of remote SmartConnectors directly from the Logger.
Cases you will need a server to host a SmartConnector :
  • You have a software Logger (L750MB or L5GB). Software Logger doesn’t provide any embedded SmartConnector appliance, you will not be able to manage remote SmartConnectors through the Logger.
  • You have a L7x00 serie Logger. These Logger series doesn’t provide any embedded SmartConnector appliance, you will not be able to manage remote SmartConnectors through the Logger.
  • You have ArcSight ESM. ESM don’t provide any embedded SmartConnectors, but you will able to manage remote SmartConnectors.

2 thoughts on “ArcSight Logger and SmartConnectors Questions and Answers

  1. Arcsight is not collecting logs… what are the dependency services for Arcsight

Comments are closed.