Re: BSM and ArcSight Logger Connector (182 Views)
Reply
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 1 of 19 (251 Views)
Accepted Solution

BSM and ArcSight Logger Connector

I am struggling ot understand the concept, and therefore determine how to get events from ArcSight Logger into OMi. Having read the documentation, it appears that you have to:

 

1. Setup event integration from BSM to ArcSight. How would you define this?

2. Set up a trrusted relationship between BSM and the ArcSight Logger host. How is this done? The ArcSight Logger is a CentOS box, and has no HPOA installed.....

 

3. Install the BSM ArcSight Connector. Really? How is that done? Is the ArcSight one a Remote or Local Connector install?

 

I don't seem to have any document that deals speoicifically with integration of the ArcSight Logger app into BSM. Is there one?

 

Really struggling here, so appreciate any and all feedback.

 

 

 

 

 

 

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 2 of 19 (248 Views)

Re: BSM and ArcSight Logger Connector

BSM is 9.23 and the ArcSight Logger is 5.3 Free.

Please use plain text.
HP Expert
Dmitry Shevchenko
Posts: 4,663
Registered: ‎01-30-2008
Message 3 of 19 (231 Views)

Re: BSM and ArcSight Logger Connector

Here are high level steps you need to take to integrate events from ArcSight Logger into BSM/OMi. Specific details for every step below can be found in appropriate manuals (either BSM or ArcSight).

 

Prerequisites:

Make sure you have BSM up and running, ArcSight Logger up and running, BSM Connector up and running (and integrated with your BSM).

 

1. Download ArcSight Logger Forwarding Connector for BSM/OMi.

2. Install this connector on a server which has connection to both BSM connector and ArcSight Logger server.

3. Navigate to ArcSight Logger and configure which events should be forwarded to BSM through the Forwarding Connector you installed at step 2.

4. Download ArcSight OM/OMi SNMP Interceptor policy (from the same place where you got the forwarding connector).

5. Upload and enable the policy in BSM Connector UI.

 

That's it. Now if you did everything correctly events from ArcSight Logger should appear in OMi Event Browser.

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 4 of 19 (210 Views)

Re: BSM and ArcSight Logger Connector

Can you help me locate the OMI Web Interface address? Install docs for the Arcsight Logger want the SmartConnector pointed at, https://<BSM Server>/opr-console/rest/event_list but that does not exist on my BSM server.

 

Any ideas? I have tried http://nbvm-bsm-lab.corp.innovative.co/opr-web/rest/9.10/event_list which returns a page result but also returns this error:

 

"This XML file does not appear to have any style information associated with it. The document tree is shown below."

 

Jim
     

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 5 of 19 (205 Views)

Re: BSM and ArcSight Logger Connector

Does BSM Connector get installed on the BSM box, or the Arcsight box?
Please use plain text.
HP Expert
PatWest
Posts: 695
Registered: ‎03-06-2008
Message 6 of 19 (198 Views)

Re: BSM and ArcSight Logger Connector

 

try this one http://nbvm-bsm-lab.corp.innovative.co/opr-console/rest/9.10/event_list

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 7 of 19 (193 Views)

Re: BSM and ArcSight Logger Connector

Failed with an invalid URL message:

 

BSMArcsightConnFail.PNG

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 8 of 19 (191 Views)

Re: BSM and ArcSight Logger Connector

Anyone?

Does BSM Connector get installed on the BSM box, or the Arcsight box?
Please use plain text.
HP Expert
Dmitry Shevchenko
Posts: 4,663
Registered: ‎01-30-2008
Message 9 of 19 (182 Views)

Re: BSM and ArcSight Logger Connector

>>>Does BSM Connector get installed on the BSM box, or the Arcsight box?

 

BSMC is supposed to be installed on its own dedicated box. You cannot install it on any BSM server - it won't work. Mixing it with ArcSight Logger was never tested either, though it may work.

Please use plain text.
HP Expert
PatWest
Posts: 695
Registered: ‎03-06-2008
Message 10 of 19 (169 Views)

Re: BSM and ArcSight Logger Connector

here are the steps in a nutshell. 

 

ArcSight Logger server (dedicated box)

 

BSM/OMi 9.2x server (dedicated box)

 

BSM Connector Server (dedicated box)

 

ArcSight Forward Connector software (can be installed any server)

 

 

 

1. Download ArcSight Logger Forwarding Connector from BSM/OMi from support site under my downloads

 

HP_ArcSight_Logger_Forwarding_Connector_for_BSM_Logger-Forwarding-Connector-for-BSM

 

From  Support site under ArcSight

 

2. Install to server which has connection to both BSM connector and ArcSight Logger server. Pay attention to two screens.

 

This should be name or IP address of your BSM connector. If you have installed on same server as BSM connector it can be local host.

 

3. Go to ArcSight Logger server user interface, go to ArcSight server user interface, Configuration > Event  Output

 

4.  Configure ArcSight Forward Event Connector server  as your target server port 514 as your destination.

 

Be carefully about your filter, it can generate  to many events.

 

5. Download the latest policy files from the ArcSight download site where you obtained the connector.

 

Refer to the ArcSight™ HP M and HP OMi SNMP Interceptor Policy Readme for details on

uploading the template.

 

6. Go to  BSM connector user interface and upload policy

 

7. Go to BSM/OMi user interface to verify event are arriving to  BSM

 

Check from ArcSight Logger user interface to make sure events are collected by Logger and forwarded to  BSM.

 

 

Hope this helps,
PatW

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 11 of 19 (137 Views)

Re: BSM and ArcSight Logger Connector

Pat,

 

Sorry for not responding sooner, it has been a bit mental here trying to fix this! I finally got the BSMC installed and working, and added to the BSM config. Excellent. A step closer.

 

Trying to get HP to give me the Arcsight software and docs, as I don't have an Arcsight account, which you need....

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 12 of 19 (127 Views)

Re: BSM and ArcSight Logger Connector

Can you help me locate the Arcsight Logger Forwarding Connector please?

 

Regards,

Please use plain text.
HP Expert
PatWest
Posts: 695
Registered: ‎03-06-2008
Message 13 of 19 (113 Views)

Re: BSM and ArcSight Logger Connector

It is on the Software Download page for BSM, see the screenshot.

 

downloadpage-ArcSightLoggerforw.connector.jpg

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 14 of 19 (109 Views)

Re: BSM and ArcSight Logger Connector

This is really frustrating as it is not showing up at all on any of my SAID's.. Do you know the parent product it comes under?

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 15 of 19 (108 Views)

Re: BSM and ArcSight Logger Connector

Pat, found it! Thank you very much indeed. Downloading it as we speak.

Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 16 of 19 (98 Views)

Re: BSM and ArcSight Logger Connector

OK, so now I have the forwarder installed, and an SNMP trap policy written to catch stuff coming in. Trouble is I cannot activate the policy as there is an issue with the certs on my BSMC box. Requesting a cert seems ot complete but the request is not hitting the BSM box.

 

The BSMC and BSM boxes are on the same network, no firewalls in pace and no LB. Ping is fine both ways. 

 

Am I going to have to do the manual cert exchange thing?

 

 

Please use plain text.
HP Expert
PatWest
Posts: 695
Registered: ‎03-06-2008
Message 17 of 19 (93 Views)

Re: BSM and ArcSight Logger Connector

Yes, go for the manual exhange of certificates:

 

 

certificates_exchange.jpg

HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
Frequent Advisor
SuperCoolNothin
Posts: 37
Registered: ‎02-04-2014
Message 18 of 19 (82 Views)

Re: BSM and ArcSight Logger Connector

5. Download the latest policy files from the ArcSight download site where you obtained the connector.

 

Refer to the ArcSight™ HP M and HP OMi SNMP Interceptor Policy Readme for details on

uploading the template.

 

So, this looks like it might be the last part of the jigsaw.

 

I have the BSMC stood up, and connected at last to BSM. All looks good there now. Thank you very much Pat for sticking by me with this.

 

Anyone got the SNMP policy template I can have please? I have a policy in place I have created from scratch, but a known wqorking one to compare mine with would be the icing on the cake. ;o)

 

 

Please use plain text.
HP Expert
PatWest
Posts: 695
Registered: ‎03-06-2008
Message 19 of 19 (73 Views)

Re: BSM and ArcSight Logger Connector

Thanks for the good news. Please mark this thread as "Solved" thx.

If you needs examples of policy templates, it might be useful to post a new message on this.

Pat
HP Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
Please use plain text.
The opinions expressed above are the personal opinions of the authors, not of HP. By using this site, you accept the Terms of Use and Rules of Participation