| Table of Contents |
|---|
Overview
Since version 6.7 FIXEdge provides the functionality of event notifications that can be processed as ArcSight events (t. The fixicc-agent logs don't have this feature).
The list of application lifecycle events is described there: Logging for lifecycle FIXEdge events.
| Info |
|---|
The described functionality was tested with version 6.6.1of ArcSight |
Connection with ArcSight is supported over TCP.
Interaction model
Forwarding messages from FIXEdge to ArcSight is maintained viaLog4Cplus and SocketTCPAppender.
Configuring
1. Upgrade FIXEdge to version 6.7
2. Set the format for lifecycle FIXEdge events log entries
- To forward traceable events to ArcSight you need to set a log category (e.g. "CEF") for all events in FIXEdge.properties file.
- Configure events patterns in CEF format for output (also see Format of event entries for transfer to ArcSight).
| Code Block | ||||
|---|---|---|---|---|
| ||||
#--------------configure Application Lifecycle events-------------------------------
#for output to the log system use CEF category
Log.Events.LogCategory = CEF
#set patterns for lifecycle events
Log.Events.Event.AppStarting = %X{DateTimeMSUTC}|CEF:0|EPAM|FixEdge|%E\{.AppVersion}|AP01|application starting|INFO|cs1=APP-STARTING externalID=0
Log.Events.Event.AppStarted = %X{DateTimeMSUTC}|CEF:0|EPAM|FixEdge|%E\{.AppVersion}|AP02|application started|INFO|cs1=APP-STARTED externalID=1
Log.Events.Event.AppReady = %X{DateTimeMSUTC}|CEF:0|EPAM|FixEdge|%E\{.AppVersion}|AP03|application ready|INFO|cs1=APP-READY externalID=2
Log.Events.Event.AppFailed = %X{DateTimeMSUTC}|CEF:0|EPAM|FixEdge|%E\{.AppVersion}|AP08|application failed|FATAL|msg="%X\{msg}" cs1=APP-FAILED externalID=6
Log.Events.Event.AppComplete = %X{DateTimeMSUTC}|CEF:0|EPAM|FixEdge|%E\{.AppVersion}|AP05|application completed|INFO|cs1=APP-COMPLETE externalID=4
|
In this example, only 5 lifecycle events (AppStarting, AppStarted, AppReady, AppFailed, AppComplete) will be forwarded to ArcSight. Patterns for other events are configured the same way.
...
Then in FIXEdge.properties file add Log4Cplus device for Log.Device property and configure log4cplus parameters as follows:
...
Solution:To resolve problems with the access to the ArcSight system.