Vous êtes sur la page 1sur 1

ArcSight - Windows Event Collection WUC or WiNC

WUC – Operating Systems Supported


Support for Windows Event Log Security, System, and Application
event collection from hosts running the following Microsoft OS
versions:
Microsoft Windows Server 2003, 2008, 2008 R2, 2012, 2012 R2
Microsoft Windows Vista
Microsoft Windows 7
Microsoft Windows 8
Support is provided for collecting events forwarded from source
hosts to a Windows Event Collector (WEC) as well as from WEC
hosts is available for these operating systems:
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2
Send Events to Microsoft Windows Server 2012
TCP 443 Microsoft Windows Server 2012 R2
ESM and/or
Logger WINC – Operating Systems Supported for Event Collection
SmartConnector Windows Event Log – Native supports Windows Event Log
and Logger Security, System, and Application event collection from hosts
running the following Microsoft OS versions.
Windows Event Collector Server Management Microsoft Windows Vista
Microsoft Windows Server 2008
Microsoft Windows Server 2008 R2

ArcMC
WUC or Syslog Connector Microsoft Windows Server 2012
WiNC (or other connector Microsoft Windows Server 2012 R2
Connector if desired) Microsoft Windows 7
TCP 9001 Microsoft Windows 8

Installation Requirements
TCP 9002 Use unique ports to
System Requirement
manage
This connecter can be installed on only one of the following
connectors on the
supported MSWindows 64-bit plat forms:
same host
Microsoft Windows 2008
Microsoft Windows 2008 R2
Microsoft Windows 2012
Microsoft Windows 2012 R2

.NET Requirement
.NET 4.5

TCP 445 UDP 514 Log Parser Support


Push or Pull Syslog The SmartConnector supports parsing for the following logs:
Security
System
Application (event header)
Forwarded Events (for forwarded security, system, and application
(event Header) events

Parser support for the following application events is provided :


Microsoft Active Directory
Microsoft Exchange Access Auditing
Microsoft Forefront Protection 2010
Microsoft SQL Server Audit
Oracle Audit
Symantec Mail Security for Exchange

Parser support for the following system events is provided:


Microsoft Network Policy Server
Microsoft Remote Access
Microsoft Service Control Manager
Microsoft WINS Server

Windows DC and Member Servers Syslog Hosts


v1 - 20160128