Page 1 of 1
Best practice to send Nagios Service Alerts to ArcSight?
Posted: Thu Aug 06, 2015 3:52 pm
by edward.bosco
All -
Was wondering about the 'best' way to send Nagios Service Alerts and Notifications to an ArcSight server from a RH Linux 6 machine?.
Would there be a Nagios ArcSight daemon available for RH to feed an ArcSight connector?
and thanks much.
Re: Best practice to send Nagios Service Alerts to ArcSight?
Posted: Thu Aug 06, 2015 8:03 pm
by Box293
This PDF might help:
http://www.hpenterprisesecurity.com/col ... oducts.pdf
It seems to mention that there is a SmartConnector for Nagios available.
Otherwise you could look at using the SNMP Trap Sender component.
Or perhaps use the obsessive feature of Nagios Core.
I did not find anything on the Nagios Exchange.
Re: Best practice to send Nagios Service Alerts to ArcSight?
Posted: Fri Aug 07, 2015 8:40 am
by edward.bosco
Thanks much, Box293.
I came across that same PDF, and on contacting HP Support, they didn't have the particulars of which connector might provide that capability. Maybe I should contact HP Sales.
CEF formatted output from Nagios server to the ArcSight connector would seem to be the preferred solution, if I understand correctly.
Still looking; appreciate your response.
Re: Best practice to send Nagios Service Alerts to ArcSight?
Posted: Fri Aug 07, 2015 11:32 am
by lmiltchev
Sounds good, edward.bosco. I will keep this topic open for a while in case you have some feedback (more info) after talking to HP Sales.