Overview

This course provides you the essentials of the ArcSight Logger solution – both hardware and software - as well as giving you information on how to architect a complete solution. This 5 day ILT course will cover the core features of the ArcSight Logger solution as well as more advanced features.


This course, in addition to Logger experience, prepares you for the Logger certification exam. The exam is administered on the last day of the instructor-led class and is a hands-on, performance based exam. The VILT offering does not include a certification exam.

Prerequisites

To be successful in this course, you should have the following prerequisites or knowledge:

  • Common network device functions such as routers, switches, and hubs.
  • TCP/IP functions such as CIDR blocks, subnets, addressing, and communications
  • Windows operating systems tasks such as installations, services, sharing, and navigation
  • Linux or Cent OS experience with shell command lines

Recommended:

  • Successful completion of Use Case Foundations course or equivalent experience
  • Successful completion of Building Advanced Content course or equivalent experience
  • Successful completion of Flex Connector Configuration course or equivalent experience


Delegates will learn how to

Upon successful completion of this course, you should be able to:

  • Describe, access, and use the basic features and functions of ArcSight Logger
  • Initialize Logger appliance
  • Install and update Logger Software form factor
  • Explain and implement initial Logger storage and retention policy settings
  • Describe and configure event source devices and device groups, event receivers, forwarders and destinations
  • Locate and configure network settings, error logs, remote support access and security certificate trust stores

Outline

Modules

Objectives

Introduction to Logger

  • What is Logger?
  • What is an Event?
  • ArcSight Log Management Platform
  • Logger Features
  • Deployment Scenarios
  • What’s new in Logger
  • Logger family of products
  • Logger Use Cases

Install and Initialize Logger Appliance

  • Installing and initializing Logger Appliance
  • Post-initialization settings
  • Appliance upgrade

Installing and Initialize Software Logger

  • Installing and configuring Linux Software Logger
  • Software Logger Upgrade and un-install
  • Logger browser interface login

Navigating Logger

  • Logger UI Information Band and Options
  • Tabs, Menus and Feature Navigation
  • Main Function Tabs

Logger Configuration

  • Configuration Sidebar Menu functions
  • Configuring Peer Loggers
  • System Maintenance Operations

Configuring Logger Event Input and Output

  • Receivers, Source Types and Parsers
  • Devices and Device Groups
  • Storage Rules
  • Forwarders
  • SSL Certificates
  • ESM Destinations

System Admin Settings

  • Appliance and Software Admin differences
  • System Admin tab
  • Exploring each sub-menu tab

Managing Users and Groups

  • User Group Privileges
  • Managing Users, User Groups & Authentication
  • User login banner

Event Search

  • Logger search overview
  • Search input
  • Search results display
  • Search techniques
  • Pipeline operators
  • Search performance
  • Wild cards
  • Peer Logger search
  • Indexing

Search Tools

  • Customizing time ranges and Field Sets
  • Search helper
  • Creating complex queries using Search Builder
  • Raw events and Regex Helper
  • Validating Queries with Search Analyzer
  • Refining and re-running searches
  • Exporting search results
  • Live Event Viewer

Filters, Saves Searches & Scheduled Alerts

  • Saving and retrieving a query
  • Types of Filters
  • Managing Filters
  • Creating Saved Search Jobs
  • Creating Saved Scheduled Alerts
  • Saving Searches as Dashboard Panels
  • Advanced Search Options
  • Searching from ESM Console

Logger Reports

  • Types of reports
  • Viewing reports
  • Report task options
  • Running reports
  • Publishing and emailing report results
  • Scheduling report jobs
  • Report administration

Designing Reports

  • Copying reports
  • Using the Adhoc Report Designer
  • Editing a report
  • Customizing report layout

Generating Reports

  • Search Queries and Report Queries
  • Creating and Editing Queries for Reports
  • Using the SQL Editor
  • Report Query Field Attributes and Properties
  • Parameters and Parameter Groups

Using and Designing Report Dashboards

  • Dashboards and Report Home Pages
  • Creating a Report Dashboard

Alerts and Notifications

  • Configuring Notification Destinations
  • Configuring Alerts and Notifications
  • Viewing Alerts
  • Exporting Alerts

Import, Export, Backup and Restore

  • Configure Backup and Restore
  • Content Management – Export and Import
  • Event Archiving
  • Retrieving Audit and Error Logs