how to send each log category from wazuh to separate Arcsight connector

[Hrd]

Hello everyone

according to attachment, i have a server zone containing Windows servers, Servu servers, ... . these servers logs send to wazuh manager.

I want send each log category (windows logs and servu logs) to separate arcsight connectors. (in format of JSON)

arcight connectors will parsing logs and sent it to arcsight ESM.

how to configure wazuh for this scenario?

Best regards

hamidreza

[Francis Timilehin Jeremiah]

Hello, If the Windows and Servu logs have separate rule IDs, we can send the events from Wazuh using syslog using the IDs. I see that ArcSight has these options for data collection. Let me know if this helps.