This document provides instructions for installing and configuring the Logger Forwarding Connector for HP Operations Manager (OM). It describes how to send event logs from ArcSight Logger to HP OM by creating a Logger forwarder to send events via SNMP, and generating an SNMP interceptor policy in HP OM to receive the events. The document also provides tips for troubleshooting issues with duplicate or dropped events, and adjusting the event processing rate.
In this paper, an improved secure address resoluti
on protocol is presented where ARP spoofing
attack is prevented. The proposed methodology is a
centralised methodology for preventing
ARP spoofing attack. In the proposed model there is
a central server on a network or subnet
which prevents ARP spoofing attack.
Make servers of web service, ftp service, VoIP video call service
Monitor & manage them centrally from a host in private connection or from remote connection.
The remote connection can be established through Secure Shell (SSH) connection which will connect to the servers through Router (or Routers).
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Detailed presentation on how queries and updates behave on updateable secondary. A few nuggets of best practices to make sure your HDR configuration works well.
NetSim Technology Library - Software defined networksVishal Sharma
Software Defined Networking (SDN) module is featured from NetSim v11 onwards. This
module features an SDN controller which can be used to control packet forwarding of all Layer
3 devices in the Network.
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
In this presentation, we will discuss the L3 Redundancy Requirement which primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Layer-3-Redundancy-for-Mobility-Master-ArubaOS/td-p/382029
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
During this webinar, we will discuss how starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode and the implications tied to that. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AP-Discovery-amp-Deployment-Policy-ArubaOS-8-x/m-p/394540/
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Applying Control Theoretic Approach To Mitigate SIP OverloadYang Hong
The Session Initiation Protocol (SIP) retransmission mechanism is designed to maintain reliable transmission over lossy or faulty network conditions. However, the retransmission can amplify the traffic overload faced by the SIP servers. In this paper, by modeling the interaction between an overloaded downstream server and its upstream server as a feedback control system, we propose two Proportional-Integral (PI) control algorithms to mitigate the overload by regulating the retransmission rate in the upstream server. We provide the design guidelines for both overload control algorithms to ensure the system stability. Our OPNET® simulation results demonstrate that: (1) without the control algorithm applied, the overload at a downstream server may propagate to its upstream servers and cause widespread network failure; (2) in case of short-term overload, both proposed feedback control solutions can mitigate the overload effectively without rejecting calls or reducing resource utilization, thus avoiding the disadvantages of existing overload control solutions for SIP networks.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels. Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Airheads-Tech-Talks-Cloud-Guest-SSID-on-Aruba-Central/td-p/524320
In this presentation, we will learn more on how to implement 802.1x authentication with ClearPass and how to authenticate users of an active directory domain. Check out the webinar recording where this presentation was used.
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Technical-Webinar-Recording-Slides-ClearPass-Dot1X-Purpose-of/td-p/282188
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
In this paper, an improved secure address resoluti
on protocol is presented where ARP spoofing
attack is prevented. The proposed methodology is a
centralised methodology for preventing
ARP spoofing attack. In the proposed model there is
a central server on a network or subnet
which prevents ARP spoofing attack.
Make servers of web service, ftp service, VoIP video call service
Monitor & manage them centrally from a host in private connection or from remote connection.
The remote connection can be established through Secure Shell (SSH) connection which will connect to the servers through Router (or Routers).
In this presentation, we will cover ArubaOS’ AP Fast Failover feature, extended controller capacities, how to configure High Availability and several deployment models. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Recording-Slides-ArubaOS-High-availability/td-p/286231
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Detailed presentation on how queries and updates behave on updateable secondary. A few nuggets of best practices to make sure your HDR configuration works well.
NetSim Technology Library - Software defined networksVishal Sharma
Software Defined Networking (SDN) module is featured from NetSim v11 onwards. This
module features an SDN controller which can be used to control packet forwarding of all Layer
3 devices in the Network.
During this webinar, we will cover AppRF - a suite of application visibility and control features that are part of Aruba's Policy Enforcement Firewall. AppRF is a PEF feature that is designed to give network administrators insight into the applications that are running on their network, and who is using them. Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Aruba-AppRF-AOS-6-x-amp-8-x/td-p/490800
In this presentation, we will discuss the L3 Redundancy Requirement which primarily comes from customers who want to handle the complete Data Center Failure during natural disasters or other catastrophic events. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-Layer-3-Redundancy-for-Mobility-Master-ArubaOS/td-p/382029
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
During this webinar, we will discuss how starting from ArubaOS 8.2.0.0, selected APs can run in both controller-based mode and controller-less mode and the implications tied to that. Check out the webinar recording where this presentation was used: http://community.arubanetworks.com/t5/Wireless-Access/Technical-Webinar-AP-Discovery-amp-Deployment-Policy-ArubaOS-8-x/m-p/394540/
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
Applying Control Theoretic Approach To Mitigate SIP OverloadYang Hong
The Session Initiation Protocol (SIP) retransmission mechanism is designed to maintain reliable transmission over lossy or faulty network conditions. However, the retransmission can amplify the traffic overload faced by the SIP servers. In this paper, by modeling the interaction between an overloaded downstream server and its upstream server as a feedback control system, we propose two Proportional-Integral (PI) control algorithms to mitigate the overload by regulating the retransmission rate in the upstream server. We provide the design guidelines for both overload control algorithms to ensure the system stability. Our OPNET® simulation results demonstrate that: (1) without the control algorithm applied, the overload at a downstream server may propagate to its upstream servers and cause widespread network failure; (2) in case of short-term overload, both proposed feedback control solutions can mitigate the overload effectively without rejecting calls or reducing resource utilization, thus avoiding the disadvantages of existing overload control solutions for SIP networks.
Many applications are network I/O bound, including common database-based applications and service-based architectures. But operating systems and applications are often untuned to deliver high performance. This session uncovers hidden issues that lead to low network performance, and shows you how to overcome them to obtain the best network performance possible.
Aruba Central user may need a centralized web-server to host captive portal page for their distributed networks across the globe like coffee shops, restaurant or hotels. Aruba central 2.0 has a new feature called Cloud Guest or Guest Management that allows administrator to create a splash page for guest users using Web server and radius server running in the cloud.
Check out the webinar recording where this presentation was used:
https://community.arubanetworks.com/t5/Cloud-Managed-Networks/Airheads-Tech-Talks-Cloud-Guest-SSID-on-Aruba-Central/td-p/524320
In this presentation, we will learn more on how to implement 802.1x authentication with ClearPass and how to authenticate users of an active directory domain. Check out the webinar recording where this presentation was used.
http://community.arubanetworks.com/t5/AAA-NAC-Guest-Access-BYOD/Technical-Webinar-Recording-Slides-ClearPass-Dot1X-Purpose-of/td-p/282188
Register for the upcoming webinars: https://community.arubanetworks.com/t5/Training-Certification-Career/EMEA-Airheads-Webinars-Jul-Dec-2017/td-p/271908
SOCRadar Research Team: Latest Activities of IntelBrokerSOCRadar
The European Union Agency for Law Enforcement Cooperation (Europol) has suffered an alleged data breach after a notorious threat actor claimed to have exfiltrated data from its systems. Infamous data leaker IntelBroker posted on the even more infamous BreachForums hacking forum, saying that Europol suffered a data breach this month.
The alleged breach affected Europol agencies CCSE, EC3, Europol Platform for Experts, Law Enforcement Forum, and SIRIUS. Infiltration of these entities can disrupt ongoing investigations and compromise sensitive intelligence shared among international law enforcement agencies.
However, this is neither the first nor the last activity of IntekBroker. We have compiled for you what happened in the last few days. To track such hacker activities on dark web sources like hacker forums, private Telegram channels, and other hidden platforms where cyber threats often originate, you can check SOCRadar’s Dark Web News.
Stay Informed on Threat Actors’ Activity on the Dark Web with SOCRadar!
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I ...Juraj Vysvader
In 2015, I used to write extensions for Joomla, WordPress, phpBB3, etc and I didn't get rich from it but it did have 63K downloads (powered possible tens of thousands of websites).
Providing Globus Services to Users of JASMIN for Environmental Data AnalysisGlobus
JASMIN is the UK’s high-performance data analysis platform for environmental science, operated by STFC on behalf of the UK Natural Environment Research Council (NERC). In addition to its role in hosting the CEDA Archive (NERC’s long-term repository for climate, atmospheric science & Earth observation data in the UK), JASMIN provides a collaborative platform to a community of around 2,000 scientists in the UK and beyond, providing nearly 400 environmental science projects with working space, compute resources and tools to facilitate their work. High-performance data transfer into and out of JASMIN has always been a key feature, with many scientists bringing model outputs from supercomputers elsewhere in the UK, to analyse against observational or other model data in the CEDA Archive. A growing number of JASMIN users are now realising the benefits of using the Globus service to provide reliable and efficient data movement and other tasks in this and other contexts. Further use cases involve long-distance (intercontinental) transfers to and from JASMIN, and collecting results from a mobile atmospheric radar system, pushing data to JASMIN via a lightweight Globus deployment. We provide details of how Globus fits into our current infrastructure, our experience of the recent migration to GCSv5.4, and of our interest in developing use of the wider ecosystem of Globus services for the benefit of our user community.
Enhancing Research Orchestration Capabilities at ORNL.pdfGlobus
Cross-facility research orchestration comes with ever-changing constraints regarding the availability and suitability of various compute and data resources. In short, a flexible data and processing fabric is needed to enable the dynamic redirection of data and compute tasks throughout the lifecycle of an experiment. In this talk, we illustrate how we easily leveraged Globus services to instrument the ACE research testbed at the Oak Ridge Leadership Computing Facility with flexible data and task orchestration capabilities.
Developing Distributed High-performance Computing Capabilities of an Open Sci...Globus
COVID-19 had an unprecedented impact on scientific collaboration. The pandemic and its broad response from the scientific community has forged new relationships among public health practitioners, mathematical modelers, and scientific computing specialists, while revealing critical gaps in exploiting advanced computing systems to support urgent decision making. Informed by our team’s work in applying high-performance computing in support of public health decision makers during the COVID-19 pandemic, we present how Globus technologies are enabling the development of an open science platform for robust epidemic analysis, with the goal of collaborative, secure, distributed, on-demand, and fast time-to-solution analyses to support public health.
Understanding Globus Data Transfers with NetSageGlobus
NetSage is an open privacy-aware network measurement, analysis, and visualization service designed to help end-users visualize and reason about large data transfers. NetSage traditionally has used a combination of passive measurements, including SNMP and flow data, as well as active measurements, mainly perfSONAR, to provide longitudinal network performance data visualization. It has been deployed by dozens of networks world wide, and is supported domestically by the Engagement and Performance Operations Center (EPOC), NSF #2328479. We have recently expanded the NetSage data sources to include logs for Globus data transfers, following the same privacy-preserving approach as for Flow data. Using the logs for the Texas Advanced Computing Center (TACC) as an example, this talk will walk through several different example use cases that NetSage can answer, including: Who is using Globus to share data with my institution, and what kind of performance are they able to achieve? How many transfers has Globus supported for us? Which sites are we sharing the most data with, and how is that changing over time? How is my site using Globus to move data internally, and what kind of performance do we see for those transfers? What percentage of data transfers at my institution used Globus, and how did the overall data transfer performance compare to the Globus users?
Advanced Flow Concepts Every Developer Should KnowPeter Caitens
Tim Combridge from Sensible Giraffe and Salesforce Ben presents some important tips that all developers should know when dealing with Flows in Salesforce.
Paketo Buildpacks : la meilleure façon de construire des images OCI? DevopsDa...Anthony Dahanne
Les Buildpacks existent depuis plus de 10 ans ! D’abord, ils étaient utilisés pour détecter et construire une application avant de la déployer sur certains PaaS. Ensuite, nous avons pu créer des images Docker (OCI) avec leur dernière génération, les Cloud Native Buildpacks (CNCF en incubation). Sont-ils une bonne alternative au Dockerfile ? Que sont les buildpacks Paketo ? Quelles communautés les soutiennent et comment ?
Venez le découvrir lors de cette session ignite
Gamify Your Mind; The Secret Sauce to Delivering Success, Continuously Improv...Shahin Sheidaei
Games are powerful teaching tools, fostering hands-on engagement and fun. But they require careful consideration to succeed. Join me to explore factors in running and selecting games, ensuring they serve as effective teaching tools. Learn to maintain focus on learning objectives while playing, and how to measure the ROI of gaming in education. Discover strategies for pitching gaming to leadership. This session offers insights, tips, and examples for coaches, team leads, and enterprise leaders seeking to teach from simple to complex concepts.
Experience our free, in-depth three-part Tendenci Platform Corporate Membership Management workshop series! In Session 1 on May 14th, 2024, we began with an Introduction and Setup, mastering the configuration of your Corporate Membership Module settings to establish membership types, applications, and more. Then, on May 16th, 2024, in Session 2, we focused on binding individual members to a Corporate Membership and Corporate Reps, teaching you how to add individual members and assign Corporate Representatives to manage dues, renewals, and associated members. Finally, on May 28th, 2024, in Session 3, we covered questions and concerns, addressing any queries or issues you may have.
For more Tendenci AMS events, check out www.tendenci.com/events
Multiple Your Crypto Portfolio with the Innovative Features of Advanced Crypt...Hivelance Technology
Cryptocurrency trading bots are computer programs designed to automate buying, selling, and managing cryptocurrency transactions. These bots utilize advanced algorithms and machine learning techniques to analyze market data, identify trading opportunities, and execute trades on behalf of their users. By automating the decision-making process, crypto trading bots can react to market changes faster than human traders
Hivelance, a leading provider of cryptocurrency trading bot development services, stands out as the premier choice for crypto traders and developers. Hivelance boasts a team of seasoned cryptocurrency experts and software engineers who deeply understand the crypto market and the latest trends in automated trading, Hivelance leverages the latest technologies and tools in the industry, including advanced AI and machine learning algorithms, to create highly efficient and adaptable crypto trading bots
Software Engineering, Software Consulting, Tech Lead.
Spring Boot, Spring Cloud, Spring Core, Spring JDBC, Spring Security,
Spring Transaction, Spring MVC,
Log4j, REST/SOAP WEB-SERVICES.
Exploring Innovations in Data Repository Solutions - Insights from the U.S. G...Globus
The U.S. Geological Survey (USGS) has made substantial investments in meeting evolving scientific, technical, and policy driven demands on storing, managing, and delivering data. As these demands continue to grow in complexity and scale, the USGS must continue to explore innovative solutions to improve its management, curation, sharing, delivering, and preservation approaches for large-scale research data. Supporting these needs, the USGS has partnered with the University of Chicago-Globus to research and develop advanced repository components and workflows leveraging its current investment in Globus. The primary outcome of this partnership includes the development of a prototype enterprise repository, driven by USGS Data Release requirements, through exploration and implementation of the entire suite of the Globus platform offerings, including Globus Flow, Globus Auth, Globus Transfer, and Globus Search. This presentation will provide insights into this research partnership, introduce the unique requirements and challenges being addressed and provide relevant project progress.
How to Position Your Globus Data Portal for Success Ten Good PracticesGlobus
Science gateways allow science and engineering communities to access shared data, software, computing services, and instruments. Science gateways have gained a lot of traction in the last twenty years, as evidenced by projects such as the Science Gateways Community Institute (SGCI) and the Center of Excellence on Science Gateways (SGX3) in the US, The Australian Research Data Commons (ARDC) and its platforms in Australia, and the projects around Virtual Research Environments in Europe. A few mature frameworks have evolved with their different strengths and foci and have been taken up by a larger community such as the Globus Data Portal, Hubzero, Tapis, and Galaxy. However, even when gateways are built on successful frameworks, they continue to face the challenges of ongoing maintenance costs and how to meet the ever-expanding needs of the community they serve with enhanced features. It is not uncommon that gateways with compelling use cases are nonetheless unable to get past the prototype phase and become a full production service, or if they do, they don't survive more than a couple of years. While there is no guaranteed pathway to success, it seems likely that for any gateway there is a need for a strong community and/or solid funding streams to create and sustain its success. With over twenty years of examples to draw from, this presentation goes into detail for ten factors common to successful and enduring gateways that effectively serve as best practices for any new or developing gateway.
Into the Box Keynote Day 2: Unveiling amazing updates and announcements for modern CFML developers! Get ready for exciting releases and updates on Ortus tools and products. Stay tuned for cutting-edge innovations designed to boost your productivity.
OpenFOAM solver for Helmholtz equation, helmholtzFoam / helmholtzBubbleFoamtakuyayamamoto1800
In this slide, we show the simulation example and the way to compile this solver.
In this solver, the Helmholtz equation can be solved by helmholtzFoam. Also, the Helmholtz equation with uniformly dispersed bubbles can be simulated by helmholtzBubbleFoam.
Prosigns: Transforming Business with Tailored Technology SolutionsProsigns
Unlocking Business Potential: Tailored Technology Solutions by Prosigns
Discover how Prosigns, a leading technology solutions provider, partners with businesses to drive innovation and success. Our presentation showcases our comprehensive range of services, including custom software development, web and mobile app development, AI & ML solutions, blockchain integration, DevOps services, and Microsoft Dynamics 365 support.
Custom Software Development: Prosigns specializes in creating bespoke software solutions that cater to your unique business needs. Our team of experts works closely with you to understand your requirements and deliver tailor-made software that enhances efficiency and drives growth.
Web and Mobile App Development: From responsive websites to intuitive mobile applications, Prosigns develops cutting-edge solutions that engage users and deliver seamless experiences across devices.
AI & ML Solutions: Harnessing the power of Artificial Intelligence and Machine Learning, Prosigns provides smart solutions that automate processes, provide valuable insights, and drive informed decision-making.
Blockchain Integration: Prosigns offers comprehensive blockchain solutions, including development, integration, and consulting services, enabling businesses to leverage blockchain technology for enhanced security, transparency, and efficiency.
DevOps Services: Prosigns' DevOps services streamline development and operations processes, ensuring faster and more reliable software delivery through automation and continuous integration.
Microsoft Dynamics 365 Support: Prosigns provides comprehensive support and maintenance services for Microsoft Dynamics 365, ensuring your system is always up-to-date, secure, and running smoothly.
Learn how our collaborative approach and dedication to excellence help businesses achieve their goals and stay ahead in today's digital landscape. From concept to deployment, Prosigns is your trusted partner for transforming ideas into reality and unlocking the full potential of your business.
Join us on a journey of innovation and growth. Let's partner for success with Prosigns.
3. Confidential 3
Contents
Configuration Guide for Logger Forwarding Connector for HP OM .......................................................... 5
Supported Versions of HP OM ............................................................................................ 5
Sending Events From Logger to HP OM ............................................................................... 6
Installing the Connector ................................................................................................... 6
Logger Forwarders .......................................................................................................... 9
Creating a Forwarder to Forward Events ..................................................................... 10
Creating an SNMP Interceptor Policy ................................................................................ 11
Uploading Interceptor Template ................................................................................ 11
Deploying the Policy ................................................................................................ 11
Troubleshooting Tips ............................................................................................... 11
Duplicate Events ............................................................................................... 11
Dropped Events ................................................................................................ 11
Adjusting the Event Processing Rate ................................................................................ 12
5. Confidential 5
Configuration Guide for Logger
Forwarding Connector for HP OM
This guide provides information on installing and configuring the Logger Forwarding
Connector for HP OM. This software supports Logger versions 5.0 and 5.1.
ArcSight Logger is a log management solution that is optimized for extremely high event
throughput, efficient long-term storage, and rapid data analysis. Logger receives and
stores events; supports search, retrieval, and reporting; and can forward selected
events.The ArcSight Logger Forwarding Connector allows you to send these event logs
from Logger to the HP Operations Manager (HP OM).
HP Operations Manager (HP OM) provides comprehensive event management,
proactive performance monitoring, and automated alerting, reporting, and graphing for
operating systems, middleware, and applications. It is designed to provide service-driven
event and performance management of business-critical enterprise systems, applications,
and services.
Supported Versions of HP OM
The supported versions of HP OM include
HP OM for Windows v9.0 and 8.16 (patch level 90)
HP OM for UNIX v9.10
HP OM for Linux v9.10
“Supported Versions of HP OM” on page 5
“Sending Events From Logger to HP OM” on page 6
“Installing the Connector” on page 6
“Logger Forwarders” on page 9
“Creating an SNMP Interceptor Policy” on page 11
“Uploading Interceptor Template” on page 11
“Deploying the Policy” on page 11
“Troubleshooting Tips” on page 11
“Adjusting the Event Processing Rate” on page 12
6. Configuration Guide for Logger Forwarding Connector for OM
6 Confidential
Sending Events From Logger to HP OM
ArcSight Logger sends events to the Logger Forwarding Connector using CEF Syslog, then
forwards the events to HP OM via SNMP. A Logger forwarder must be created to send these
events. For instructions on how to create a forwarder to send the events, see “Creating a
Forwarder to Forward Events” on page 10.
HP OM uses an SNMP interceptor policy to allow ArcSight events to be accepted within the
HP OM environment. For instructions on how to create an SNMP interceptor policy, see
“Creating an SNMP Interceptor Policy” on page 11.
Installing the Connector
Before you install the connector, make sure that the ArcSight products with which the
connectors will communicate have already been installed correctly (the ArcSight Logger, for
example) and you have assigned appropriate privileges. For data security, ArcSight
recommends that you install the connector and the HP Operations Agent on the same
system.
1 Download the ArcSight executable for your operating system from the ArcSight
Customer Support Site.
2 Start the ArcSight Installer by running the executable.
Follow the installation wizard through the following folder selection tasks and
installation of the core connector software:
Introduction
Choose Install Folder
Choose Install Set
Choose Shortcut Folder
Pre-Installation Summary
Installing...
3 The following destination window is displayed; click Next to continue.
7. Configuration Guide for Logger Forwarding Connector for OM
Confidential 7
4 Fill in the parameter information required for connector configuration, then click Next.
Parameter Description
Host Enter the Host name or IP address of the HP OM
device. This is the HP OM managed node (the system
where the HP Operations Agent is installed, and to
which the SNMP interceptor policy is deployed).
Port Enter the port to be monitored for events by the HP
Operations Agent.
Version Accept the default value of SNMP_VERSION_2.
SNMP_VERSION_3 is not available at this time.
Read Community(v2) Enter the SNMP Read Community name.
Write Community(v2 Enter the SNMP Write Community name.
Authentication
Username(v3)
For use with SNMP v3; not available at this time.
Authentication Password(v3)
Security Level(v3)
Authentication Scheme(v3)
Privacy Password(v3)
Context Engine Id(v3)
Context name(v3)
8. Configuration Guide for Logger Forwarding Connector for OM
8 Confidential
5 Click Logger to OM, then click Next.
6 Enter the Logger information, then click Next.
Parameter Description
Network Port 514 or another port that matches the Receiver
IP Address IP or host name of the Logger
Protocol UDP or Raw TCP
Note: Whichever protocol you choose, it must match
that of the forwarder type chosen during Logger
Forwarder configuration.
9. Configuration Guide for Logger Forwarding Connector for OM
Confidential 9
7 Enter a name for the connector and provide other information identifying the
connector's use in your environment. Click Next.
8 Read the installation summary and click Next. If the summary is incorrect, click
Previous to make changes.
9 When the connector completes its configuration, click Next. The Wizard now prompts
you to choose whether you want to run the connector as a process or as a service.
If you choose to run the connector as a service, the Wizard prompts you to define
service parameters for the connector.
10 After making your selections, click Next. The Wizard displays a dialog confirming the
connector's setup and service configuration.
11 Click Finish.
12 Click Done.
Logger Forwarders
Logger forwarders allow you to send all events, or events which match a particular filter, to
another destination, in this instance, to HP OM. However, the ability to define a different
filter for each forwarder allows Logger to divide traffic among several destinations or limit
the events sent to a single destination. For example, because Logger can handle higher
event rates, it might be used to forward events to another HP OM management server
and/or an ArcSight ESM Manager. Forwarder query filters make it possible to split the flow
between the different devices, using one forwarder for each.
Logger forwarding uses several forwarder types, but the Logger Forwarding Connector
operates with UDP and TCP forwarder types only.
UDP Forwarders forward events as User Datagram Protocol messages, such as
Syslog format datagrams.
TCP Forwarders forward events as Transmission Control Protocol messages.
You cannot configure a Logger Forwarder to send data to a destination on
the same system.
10. Configuration Guide for Logger Forwarding Connector for OM
10 Confidential
Creating a Forwarder to Forward Events
In order to successfully forward events from Logger to HP OM, a forwarder must be
created. To do so, complete the following steps within the ArcSight Logger web application.
1 Click Configuration from the top-level menu bar.
2 Click Event Input/Output in the left panel.
3 Click the Forwarder tab, then click Add. The Add Forwarder page appears.
4 Enter a name for the new forwarder and choose either “UDP Forwarder” or “TCP
Forwarder”.
5 Click Next.
6 The Edit Forwarder page appears.
7 Within the Query field, create a query to filter the events sent to HP OM, or leave the
default, NONE, to send all events.
8 Continue to fill in the remaining parameters, ensuring that the Ip/Host field contains
the correct Logger Forwarding Connector IP address and that the Port number
matches that of the connector.
9 Click Save. The following page appears.
10 New forwarders are initially disabled, so click the disabled icon ( ) to enable the new
forwarder.
The forwarder is now enabled.
11 Start the Logger Forwarding Connector.
For more detailed information on Logger forwarders, see the ArcSight Logger
Administrator’s Guide.
Whichever forwarder type you choose, it must match that of the
SmartConnector protocol and port chosen during installation.
Wait a few minutes after enabling a forwarder before disabling it. Likewise,
wait before enabling a forwarder that has just been disabled. Background
tasks initiated by enabling or disabling a forwarder can produce unexpected
results if they are interrupted.
11. Configuration Guide for Logger Forwarding Connector for OM
Confidential 11
Creating an SNMP Interceptor Policy
An SNMP interceptor policy is a type of HP OM policy, with rules, conditions, and actions.
Rules define what a policy should do in response to a specific type of event. Each rule
consists of a condition and an action. SNMP interceptor policies monitor SNMP events, and
can start actions when an SNMP event contains a specified character pattern. The Logger
Forwarding Connector sends security events as SNMP traps to an HP OM SNMP interceptor
policy that you will create.
SNMP interceptor policies can be configured on either HP OM UI, HP OM for Windows, or
HP OM for UNIX or Linux.
Uploading Interceptor Template
Download the latest policy files from the ArcSight download site where you obtained the
connector.
Refer to the ArcSight™ HP OM and HP OMi SNMP Interceptor Policy Readme for details on
uploading the template for Operations Manager for Windows and Operations Manager for
UNIX or Linux.
Deploying the Policy
Once you have created your customized SNMP interceptor policy, deploy or assign the
policy through the HP OM for Windows or HP OM for UNIX or Linux Administration UI. For
details, refer to the HP Operations Manager online help and documentation.
The systems that send the SNMP traps to the logger must also be set up as nodes in HP
OM, because HP OM discards messages from unknown systems. Set up an external node or
an SNMP node. For details, refer to the HP Operations Manager online help and
documentation.
Also, configure the HP Operations Agent for SNMPv2 by setting the
SNMP_SESSION_MODE variable using the ovconfchg command line tool. Refer to the
HP Operations Manager or HP Operations Agent online help and documentation for more
information.
Troubleshooting Tips
Duplicate Events
If there appear to be duplicate events forwarded to the HP OM console:
1 Check and modify suppression options as needed.
2 If, after modifying suppression options, there still appear to be duplicate events, check
the Custom Message Attributes (event details and data), and apply rules to
differentiate the events.
Refer to the HP Operations Manager online help for details.
Dropped Events
If you notice that some events forwarded from ArcSight ESM/Logger are dropped, verify
whether the Agent Severity is set correctly in those events. The default SNMP interceptor
policy provided by ArcSight in the connector distribution has rules to pick up and forward
SNMP Traps from ArcSight ESM/Logger based on the Agent Severity. Events that do not
have Agent Severity set are dropped and not forwarded by the SNMP interceptor policy. If
12. Configuration Guide for Logger Forwarding Connector for OM
12 Confidential
the dropped events are correlated events from ESM, make sure that the rules on ESM are
set for the correct Agent Severity in the correlated events they generate. If the dropped
events are normalized events from devices, then verify that the originating connector that
has normalized the event has mapped the Agent Severity correctly from the Device
Severity. If the originating connector (that is not setting the Agent Severity) is a
FlexConnector, review the mappings and map all of the device severities to one of these
Agent Severity values: Low, Medium, High, or Very-High. If the connector is a supported
connector, contact customer support.
Adjusting the Event Processing Rate
The default event processing rate for forwarding events from Logger to HP OM is 50 eps.
If this rate proves excessive for your system, HP OM might drop some incoming events. If
events are being dropped, decrease the event processing rate until you find that all events
have arrived.
If this occurs, you can adjust the rate at which events are forwarded to HP OM. To do so,
you will need to change the event processing rate within your XML properties file.
To adjust the event processing rate,
1 Stop the currently running SmartConnector from operating.
2 From a Windows command line, access your XML properties file using the command
cd %ARCSIGHT_HOME%/current/user/agent
3 Use WordPad or any XML Editor to open the .xml file for your HP OM destination,
similar to the example below:
0Ajv5S8BABCAAeabNXP5Rw==.xml
4 From within the .xml file, search for the following:
ProcessingSettings.ThrottleRate="50"
This value controls the current processing event rate, and has a default value of
50 eps.
5 Change this value to the desired rate of events per second. For example, to lower the
rate of events to 10 eps, change the value after the string to 10:
ProcessingSettings.ThrottleRate="10"
6 Save the .xml file and exit the XML editor.
7 Restart the SmartConnector.
If there are multiple destinations, repeat the steps above to change the
rate for each destination, as required.