Perform the following task to integrate VLOG with ArcSight using ArcSight CEF folder follower scanner smart connector type:
Configure the smart connector to listen on vlog output directory. For example, /root/vlogs.
Run vlog utility with the option, /opt/novell/vigil/bin/vlog -d -f cef -R 100MB -o /root/vlogs/vlog_cef_output.cef -t.
NOTE:For the ArcSight smart connector folder follower scanner to process the *.cef files, we have to create a trigger file with the name *.cef_ready. The “-t” option is introduced to do this automatically when provided along with format type CEF. For other formats, an option will create the trigger file without any name. If needed, we can provide any custom extension as the argument to the “-t “option.
Log files once processed will be renamed as, vlog_cef_output<timestamp>.cef_processed.