For information regarding operating systems and platforms supported, see the SmartConnector Product and Platform Support document. For complete installation instructions for a particular SmartConnector, see the configuration guide for that connector.
The product-specific configuration guide provides device configuration information, installation parameters, and device event mappings to ArcSight ESM fields.
1 Insert the ArcSight Installation CD into your CD-ROM drive or navigate to the location of the ArcSight SmartConnector Installer directory.
2 Start the ArcSight SmartConnector Installer by executing the file for your operating system. Installation files follow the format:
Verify that the ESM Database, Manager, and Console are installed and operating.
When the Introduction window is displayed, read the information and click Next when ready.
At a minimum, SmartConnectors must be running version 4021 to communicate with a version 4.0 Manager.
Windows ArcSight-5.0.x.nnnn.y-Connector-Win.exe Solaris ArcSight-5.0.x.nnnn.y-Connector-Solaris.bin AIX ArcSight-5.0.x.nnnn.y-Connector-AIX.bin Linux ArcSight-5.0.x.nnnn.y-Connector-Linux.bin
4 Installing SmartConnectors
3 Next, accept the default location for "Where Would You Like to Install?," or click Choose… to select another folder for installation. Click Next when ready.
It is a good practice to develop and use a standard naming convention to specify directory locations, file names, and menu option names for the SmartConnectors you install. Typically, if you install multiple connectors on a particular machine, you should install each SmartConnector in a separate directory.
4 Choose from the following types installation; for most connectors, Typical is the appropriate selection. Click Next.
5 On the following window, accept the default shortcut folder location or select a new or existing Program Group. (Windows users can select the Create Icons for All Users
check box to create icons for all users accessing ArcSight SmartConnectors.) Click Next when you have finished making your selections.
6 Verify your selections on the Pre-Installation Summary window; click Install to begin installation of the SmartConnector core component software.
If the summary is incorrect, click Previous to make changes.
7 An installation process window is displayed during installation of core connector software (click Cancel if you want to cancel the installation).
4 Installing SmartConnectors
8 When the installation of ArcSight SmartConnector core component software is finished, the following window is displayed:
9 Make sure ArcSight Manager (encrypted) is selected and click Next.
For information about the ArcSight Logger SmartMessage (encrypted)
destination, see Chapter 8‚ Using SmartConnectors with ArcSight Logger‚ on page 105.
For information about NSP Device Poll Listener, see Chapter 9‚ Using SmartConnectors with NSP‚ on page 117.
10 The Wizard first prompts you for Manager certificate information. The default selection is No, the ArcSight Manager is not using a demo certificate. Choose Yes if ArcSight Manager is using a demo certificate. (Before selecting this option, make sure the Manager is, in fact, using a demo SSL certificate. If you are not certain, select No or consult your system administrator.). If your ArcSight Manager is using a self-signed or CA-signed SSL certificate, select No, the ArcSight Manager is not using a demo certificate and click Next.
11 On the next window, replace localhost with the host name of the Manager with which the SmartConnector is to communicate (localhost is appropriate only when the SmartConnector is installed on the same host as the Manager, which is not recommended in a production environment). This name must match the host name in
After completing the SmartConnector installation wizard, remember to manually configure the connector for the type of SSL certificate your Manager is using. See the ArcSight ESM Administrator's Guide for instructions about configuring your SmartConnector when the Manager is using a self-signed or CA-signed certificate and for instructions about enabling SSL client
authentication on SmartConnectors so that the Connectors and the Manager authenticate each other before sending data.
the Manager’s certificate, which is usually the fully-qualified name. For example, instead of gabriel, specify gabriel.sales.mycompany.com.
For Manager Port, leave the default value of 8443.
For AUP Master Destination, generally leave this false. If, however, you will have one or more non-ESM destinations, and you want to share this ESM destination's AUP configuration (such as zones) with those destinations, select true. Only do so for one primary destination; if you select true for more than one primary destination or any failover destination, the setting is ignored for all but the first such primary destination.
For Filter Out All Events, select true if you want all events filtered out. This means the connector sends no events to this destination. This is useful when an ESM destination is added solely for the purpose of being the AUP master; this value is usually false unless the AUP Master Destination parameter is set to true.
12 Enter a valid ArcSight user name and password for the ArcSight ESM Manager. This is the same user name and password you created during ESM Manager installation.
13 Select one of the possible SmartConnectors from the window displayed. Scroll down to find the appropriate SmartConnector.
4 Installing SmartConnectors
If you are installing a syslog SmartConnector, there are 3 different syslog types: the Syslog Pipe, Syslog File, or Syslog Daemon. For detailed information about syslog SmartConnectors refer to the SmartConnector Configuration Guide for your device.
The SmartConnectors that appear in the list are those that can be installed on the same platform from which you are running the installation program. For example, if you are running on Windows, the list contains a list of those SmartConnectors that are supported on Windows. Similarly, if you are running the installer on a Linux or Solaris-based system, the installer displays a list of SmartConnectors supported on those platforms.
14 After selecting the connector you want to install from the list of SmartConnectors, in this example, SAP Security Audit File, click Next.
15 The next window requests specific parameters for the particular SmartConnector you selected. These parameters vary depending upon the device and are described and explained in the SmartConnector Configuration Guide for the selected SmartConnector.
manually or import multiple hosts. See “Entering Table Parameter Values During Installation” on page 52 for detailed information.
To manually enter parameter values, click the Add button. See “Manually Entering Table Parameter Values” on page 53 for details.
To locate the .csv file you want to import, click the Import button. Click the Export button to create a .csv file containing the values you have entered in the parameter table. See “Importing and Exporting CSV Files” on page 53 for details.
16 Click Next when you have completed entering data.
17 Give your new SmartConnector a descriptive name to identify it for ArcSight Console users. You also can specify optional location information and add any appropriate comments.
If there are no Import and Export buttons on the parameter entry window for the connector you’ve selected, the parameters are not entered into a table format and this feature does not apply.
4 Installing SmartConnectors
In this context, SmartConnector Location refers to the host where you are installing the SmartConnector as well as where within the resource tree this SmartConnector is listed on the ArcSight Console.
Device Location describes the host on which the IDS, syslog, or other software is running. If the device is physical hardware, the Device Location is particularly useful for specifying, for example, a certain position within a specific rack.
18 Click Next when you have finished entering data.
19 Review the summary of data and click Next.
If you choose to configure the SmartConnector to run as a service, the wizard prompts you for the service’s internal and display names.
Each SmartConnector name should be unique. If two similarly named connectors appear in the same SmartConnector Location, an error occurs.
20 Most SmartConnectors can be installed as a Windows service (or Linux/UNIX daemon) so that the SmartConnector runs automatically when the host is restarted. If the SmartConnector is not configured as a service, it must be started manually whenever it is not running. Select Yes or No and click Next.
21 If you choose not to run the SmartConnector as a service, a window such as the following is displayed.
22 Click Finish to complete connector configuration.
For some SmartConnectors, a system restart is required before the configuration settings you made can take effect. If a System Restart window is displayed, read the information and initiate the system restart operation.
Save any work on your computer or desktop and shut down any other running applications, including the ArcSight Console, if it is running; then shut down the system.
4 Installing SmartConnectors