ArcSight Best Practices
cancel

HOW TO - ArcMC manage a Logger

HOW TO - ArcMC manage a Logger - by pbrettle, in ArcSight discussions:

One of the frequent questions I get is around management of Logger and how you can add one to ArcMC for centralized management. With more and more customers using multiple Logger instances, ArcMC is the best way to do this. But how do you get it 'hooked up' - pretty simple and screenshots and information below:

First off, make sure your ArcMC license has the requisit ADP license - this means that you are able to manage 'products' such as Logger. You can quickly see this when you log into the main ArcMC monitoring interface:

2017-06-12 09_33_06-ArcSight Management Center.png

 

Additionally, you will need to make sure your Logger license is supposed to managed by ArcMC. These are licensing issues (you can still have stand-alone Logger and ArcMC - as customers have requested). Simply go through the support portal and request an updated license if you dont. Again, you can confirm this in Logger from the main landing screen:

2017-06-12 09_41_41-Dashboards _ HPE ArcSight Logger 6.3.0.7861.0.png

Make sure you add the licenses to ArcMC and Logger FIRST before you start doing anything. But once you do, you will see the relevant messages in ArcMC and Logger. Now we can start the process of the setup.

Go to Node Management, then go to the part of the configuration tree that you want to add this particular Logger. Once you have the relevant section, click the Add Host button:

2017-06-12 09_33_42-ArcSight Management Center.png

Here you can see there is no Logger above, so press the Add Host button and complete the dialog box:

2017-06-12 09_36_00-ArcSight Management Center.png

Complete the form as needed - make sure you use the correct NAME of the Logger host, as it will check the certificate that it has. IP address usually wont work, so give the name that is in the certificate. You can check this from the Logger interface and use the normal browser mechanism to show the certificate in use. Add in the username and password needed also. Please note that my Logger install here is a software version, so the port number is 443, but confirm that you have the correct port number specified (if you changed it or are using the appliance version) - just check when you have logged into Logger and what the port number used for this. Once ready, click the add button.

The first thing it will do is import the certificate:

2017-06-12 09_36_14-ArcSight Management Center.png

Then it will add the host details and load the agent:

2017-06-12 09_36_25-ArcSight Management Center.png

Once added, it will appear in the list of added hosts (you can do mulitple as needed):

2017-06-12 09_36_39-ArcSight Management Center.png

Now close this dialog box and view the hosts that are defined, you should see something like this. My agent version is out of date for this Logger host, but it will clearly show this:

2017-06-12 09_37_03-ArcSight Management Center.png

If it is out of data, simply click to highlugh the relevant Logger host and then click the Update Agent button. Hightlight so it looks like this:

2017-06-12 09_37_51-ArcSight Management Center.png

This will start the wizard process:

2017-06-12 09_38_14-ArcSight Management Center.png

Click next and continue with the process:

2017-06-12 09_38_31-ArcSight Management Center.png

Once complete you will get the final dialog box. Any errors will be displayed here:

2017-06-12 09_40_35-ArcSight Management Center.png

The agent will need to restart, so you might get the following message, but thats OK. Just wait a minute or two and it will complete:

2017-06-12 09_40_57-ArcSight Management Center.png

Once it restarts, you should get the following dialog and show the updated agent:

2017-06-12 09_41_28-ArcSight Management Center.png

Switching over to the Logger interface, it will take a few minutes to register the updated management and what is in place. You will most likely still see this:

2017-06-12 09_41_41-Dashboards _ HPE ArcSight Logger 6.3.0.7861.0.png

The Logger is still showing that it is unmanaged, but waiting a little while longer and you should see the banner disappear. However, you should now see the Logger appear in the ArcMC management interface for management:

2017-06-12 09_52_38-ArcSight Management Center.png

 

And thats it! Now on to the HOW TO - Config Logger from ArcMC!!! To get to that part, see the following link:

https://community.saas.hpe.com/t5/ArcSight-Discussions/HOW-TO-ArcMC-configure-Logger-settings/td-p/1594251

 

 

 

Version history
Revision #:
1 of 1
Last update:
‎03-09-2018 03:34 AM
Updated by: