Modify ArcSight log format

Question

Anyone know if it is possible to modify the ArcSight logging format for ASM logs?  Would like to throw the Host header value into destinationHostName, but I'm unsure if it's possible to modify the canned CEF structure.&nbsp;
Thanks!&nbsp;
-Kevin&nbsp;

malak_samir_218 · Answer

Hi  KB13&nbsp;
did manage to find a way to customize the CEF formate? &nbsp;

suttonsc · Answer

The format is pre-defined and unfortunately can not be changed.&nbsp;
K16702: The remote logging format for ArcSight and Reporting Server remote storage types&nbsp;
The storage format for the syslog option can be configured:&nbsp;
K9435: Overview of the Storage Format option for a remote logging profile&nbsp;

Forum Discussion

Modify ArcSight log format

2 Replies

Recent Discussions

F5 terminal - help to run commands - disk space full

import live updates from version x to version y

Tenant image upgrade

iRule editor partition button does not work

F5Access | MacOS Sonoma

Related Content

Format objectGUID attribute from hexadecimal to bindable string (hyphen-separated format)

X509 Subject Formatting

iRule to modify a content-security-policy header

Import certificate as pfx format

Modify SSL profiles via REST API