Logger 7.2 Release Notes

0 Likes
2 months ago

Labels:

Logger 7.2
Comment List
Anonymous
  • Hi! This procedure didn't work in our case, we have opened a support Case and the solution was replace the SSLCipherSuite parameter in the /opt/arcsight/current/local/apache/conf/httpd.conf config file of ArcSight Logger with the following value:

    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256

    After restart the Logger, legacy connectors started to work...

  • Check the release notes for 7.2. You'll see the following under Adding Cipher Suites on page 23:

    Adding Cipher Suites

    Error messages related to cipher suites will appear for connectors with a version prior than 8.0
    or peers ( Logger prior than 7.1 version or ESM working as a node). Follow the instructions
    below to add the cipher suites.

    1. Go to the logger.defaults.properties file.
    2. Replace with the property below:
    fips.ssl.enabledciphersuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256, TLS_
    RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA.
    3. Restart the Logger services after adding the property:
    /etc/init.d/arcsight_services stop all
    /etc/init.d/arcsight_services start all

    TLS for Connectors has some information concerning the configuration of the connectors. Basically you want to be at TLSv1.2. 

  • Hi Team, we have upgraded to ArcSight Logger 7.2, and we are seeing that ArcSight Connectors with versions previous to 8.0 are not able to connect with it anymore.  Is there any change related with the minimum version of TLS supported or is there any minimum Connector version requirement not documented? Is there any workaround?

    Thanks!

Related Discussions
Recommended