Highlighted
Micro Focus Expert
Micro Focus Expert
12165 views

ArcSight Port and Protocol Information

October 3, 2019

      This information is provided by the ArcSight PreSales organization and is not official documentation. Please read and refer to the official product documentation for additional information.
  • ESM (v7.0)
  • ESM & Express (v6.X/v4.X)
  • Transformation Hub (v3.0.0)
  • Event Broker (v2.20) and Investigate (v2.10)
  • Logger (v6.X)
  • Management Center (v2.X)
  • SmartConnectors
  • Model Import Connectors
  • SmartConnector Load Balancer
  • Connector Appliance (v6.X)
  • DNS Malware Analytics (SaaS/Cloud)
  • Network Synergy Platform (v5.X)
  • Integrated Lights-Out (iLO)

 

18 Replies
Highlighted
Absent Member.
Absent Member.

Thank you.

Its very helpful.

0 Likes
Highlighted
Super Contributor.
Super Contributor.

Where was this?  We were pulling our hair out... This is great?

Logs, logs and more logs
0 Likes
Highlighted
Super Contributor.
Super Contributor.

Thanks!!

Blanca Rodriguez
SIEM Engineer
0 Likes
Highlighted
Absent Member.
Absent Member.

thx its very helpful

0 Likes
Highlighted
Absent Member.
Absent Member.

Do we have similar information for the recent release of smart connectors? I am specifically looking for TLSv1.2 support to meet PCI DSS requirements for smart connectors communications.

0 Likes
Highlighted
New Member.

Thanks, it's useful.

Could you share flex connectors requirement for Application logs on mangesh.salunkhe@gmail.com

Regards,

Mangesh Salunkhe
0 Likes
Highlighted
Regular Contributor.. Regular Contributor..
Regular Contributor..

Nice!

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

FlexConectors will depend on the platform and product you are integrating with. For example, if it's a database app you are trying integrate with, you will have to know the port the database is listening on. But for other FlexConnectors, like syslog and snmp, those can use the standard ports or you could configure them to listen on custom ports.

0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Sorry I missed this one. I don't think I understand what you're asking. If you could clarify the question or if you have some information on what you've found, I'd be glad to add it to the document. Thank you.

0 Likes
Highlighted
Super Contributor.
Super Contributor.

I cannot post new discussion(question) properly to have it listed under the "unanswered questions" so assuming nobody saw my post about this because there is no answer. So I am copying the content here to get some visibility since the issue is rather critical:

We are in the process of upgrading the RADIUS servers that are used for ESM.

Old Radius: CRadius server , RFC 2138 compliant

New Radius: JRadius Server, RFC 2865 compliant

During tests we are getting invalid RADIUS responses from the new one:

"[2016-08-11 16:11:41,535][ERROR][default.com.arcsight.server.auth.b]

javax.security.auth.login.LoginException: Bad RADIUS response packet."

[2016-08-11 16:10:22,256][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] Processing NEXT for panel 'FipsAuthenticationSetup'...

[2016-08-11 16:10:22,256][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:10:23,999][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:10:24,000][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] Processing NEXT for panel 'AuthenticationSetup'...

[2016-08-11 16:10:24,000][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:11:23,874][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:11:23,875][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] Processing NEXT for panel 'RADIUSSetup'...

[2016-08-11 16:11:23,875][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:11:41,350][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:11:41,350][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] Processing NEXT for panel 'AUTHTest'...

[2016-08-11 16:11:41,350][INFO ][default.com.arcsight.install.installserver.ServerConfigurationWizard] -----------------------------------------------

[2016-08-11 16:11:41,353][INFO ][default.com.arcsight.server.auth.k] Authentication Modules: com.theorem.radius3.login.RADIUSLogin [{port=1645, authtype=PAP, secret=xxxxxxxx, server=xxx, debug=true, NAS-IP-Address=@xxx}]

[2016-08-11 16:11:41,370][INFO ][default.com.arcsight.server.management.ManagementAgent] Registered MBean 'Arcsight:service=SessionManager'.

[2016-08-11 16:11:41,535][ERROR][default.com.arcsight.server.auth.b]

javax.security.auth.login.LoginException: Bad RADIUS response packet.

at com.theorem.radius3.login.RADIUSLogin.login(RADIUSLogin.java:350)

at com.arcsight.server.auth.FallbackLoginModule.login(FallbackLoginModule.java:118)

at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method)

at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:39)

at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:25)

at java.lang.reflect.Method.invoke(Method.java:597)

at javax.security.auth.login.LoginContext.invoke(LoginContext.java:769)

at javax.security.auth.login.LoginContext.access$000(LoginContext.java:186)

at javax.security.auth.login.LoginContext$5.run(LoginContext.java:706)

at java.security.AccessController.doPrivileged(Native Method)

at javax.security.auth.login.LoginContext.invokeCreatorPriv(LoginContext.java:703)

at javax.security.auth.login.LoginContext.login(LoginContext.java:575)

at com.arcsight.server.auth.b.run(b.java:388)

[2016-08-11 16:11:41,538][INFO ][default.com.arcsight.server.auth.k] Authentication Modules: com.theorem.radius3.login.RADIUSLogin [{port=1645, authtype=PAP, secret=xxxx, server=xxx, debug=false, NAS-IP-Address=@xxx}]

Can you please advise on how to solve the JRadius Server, RFC 2865 support for the ArcSight ESM ?

Is it supported at all ?

Thanks,

Andras

0 Likes
Highlighted
Outstanding Contributor.
Outstanding Contributor.

Hey , IMHO the internal communication ports for logger are missing in the document.

If for example the port 8089 is blocked by a Splunk Agent, the following error appears during installation of Logger 6.3.1:

Intervention Required

---------------------

Installation Requirements Not Met.

Pre-Install check failed: The following ports are in use -  8089

Please make sure ALL of the following ports are free - 1976 2812 3306 5555

7777 7778 7779 7780 8005 8009 8080 8088 8089 8666 8808 8880 8888 8889  9123

9124 9999 45450

Type [Quit] to exit this installer.

- Tobias

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.