Question about arcsight

[tontod]

I've posted this question in the arcsight forums, but not having much luck. I've built a time based DB flex connector, and I'm using:

timestamp.field=CREATION_TIME

where CREATION_TIME is a column in the table I am querying and the datatype is Timestamp with Timezone. When I start up the connector, I receive this error:

FATAL EXCEPTION
Unable to convert [oracle.sql.TIMESTAMPTZ@1757337] to required type [DateTime] for CREATION_TIME


Is there a function in arcsight that I can use to force the conversion from Timestamp with Timezone to DateTime? This is an example of whats in this CREATION_TIME field:

11-JUL-11 05.02.38.485826000 PM +00.00

If this does not work, I was thinking of just switching to an ID based DB flex connector. There is a SEQUENCE_ID column in the table which I can use.


Thanks.

 

[Dravic]

arcsight is an enterprise level SIEM, and only one of many. Your best bet would be to go through support. That's why they are there . You don't pay enterprise level software prices then go it alone.

I've worked with a few SIEMs, and all there parsers, connectors and event/correlation triggers are unique to the apps themselves. I doubt you will find someone on these forums with that kind of knowledge of arcsight.

 

[tontod]

Yeah, a couple of people posted, but didnt really help my case. My company is too cheap to pay for professional services support. But, I got around the problem anyway.

 

[agent123]

Hi,
I am implementing Arcsight Express V3.0 for a client. I tried installing the Active Directive Model to send Actors from the Active Directive LDAP to the ESM. But i kept getting error that the connector could not bind with the LDAP in spite of using the right Admin logon Credentials. when i checked the error type on google, it states that wrong credentials. This is confusing since my login credentials has Admin rights. Please help.