Menu

We! Analyze By Or Cohen

Or Cohen

Hello Everyone,
One of the biggest issues we have as ArcSight administrators is knowing what's going on with our connectors.
A connector may be "up and running" but actually it has not sent a single event in weeks.
Also, many single connectors collect events from multiple locations (multi database, multi file, WUC) and we might never know one of these locations is unavailable as events from the other locations are arriving so the connector seems to be working fine.
Eventually, when we do understand that something is wrong, it takes a while to analyze, understand and solve.

In light of these problems in the process of error detection in connectors, I have developed is an automated tool named 'We! Analyze' with its own UI which analyzes connector logs manually or using an API that can be started from the command line, a schedule task or from the console with an action in rule, tool or integration command (if you use the API you can forward the events to a syslog listener in CEF format).
You may choose to run We! Analyze on all of your connectors at 7AM, forward it by syslog to a syslog listener and into your ArcSight ESM or Express so when you arrive to work you'll have a report waiting for you in your mailbox with all the issues you have with you connectors.
Post analyze, We! Analyze suggests possible solutions to 129 known errors (in version 3.0.0.0) as well as Google search an error, search ArcSight forum for the error and mailing the error to your colleagues.

We! Analyze enables us to change our approach towards connector troubleshooting -- we know that something is wrong much faster than we knew before so we can fix it much faster and avoid critical errors like data loss.
Please view some of the following videos demostrating how We! Analyze works:
http://www.youtube.com/watch?v=tgoYO3YZQ5I&hd=1
http://www.youtube.com/watch?v=9ZbmHZOhC4g&hd=1

Please also view the following presentation for technical description:
http://www.slideshare.net/cohen88or/we-analyze-desc3

Enjoy and feel free to contact me about anything:
http://www.linkedin.com/pub/or-cohen/23/816/974
cohen88or@gmail.com
or@we-can.co.il

Or Cohen

Want the latest updates on software, tech news, and AI?
Get latest updates about software, tech news, and AI from SourceForge directly in your inbox once a month.