Highlighted
Valued Contributor.
Valued Contributor.
834 views

ArcSight Smart Connector API

Hi All,

Working with the Smart Connector API described here https://asciinema.org/a/1lbh9q5xfoszhbcz69unipbxh I have run into an issue, we are using this script to query all our windowsfg and WINC connectors for configured and devices that these connectors communicate with, I am collecting the getDeviceStatusInfo result from API, and this returns information about servers that are no longer configured or even communicating with the connector.

If I query the connector for the Device Info from our ESM I only get the devices that are configured on the connector, which is a windowsfg (WUC) connector, why am I seeing a different result depending how I query the connector?

 

Cheers,

Tom

0 Likes
4 Replies
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

The connector API is still on my todolist to go through and experiment with, though i think i can still answer your question, as it is more related to device monitoring than the API.

While both the ESM and ArcMC can/has age limits before automatically removing a device from health status, from what i can see the connector does not have that.

It caches all it's hosts in a specific tracking list, by default located here, though might be different in your environment:

\current\user\agent\agentdata\ps.adptracking*

The complete name of the file differentiates between installations, but they should start with ps and include adptracking.

To resolve certain issues, for example when a device get a new IP address or hostname, the connector starts sending duplicate health monitoring events, because by every X amount of minutes that the connector sends an healthcheck, it fetches all devices from this list, grabs the current event statistics for each device, and sends it off to ESM/ArcMC.

The easiest way to resolve this is to stop the connector, delete the file, and start up the connector again.

This do mean though, that if there is a device currently down, you won't notice, because it will only start monitoring any new devices that sends logs to the connector at least once after the file has been deleted.

So if you already know that 100% of your devices is healthy, feel free to apply the file delete action as mentioned above, which should resolve your issue.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
Highlighted
Valued Contributor.
Valued Contributor.

Hi Marius,

Thanks for your reply.

So in other words, it is not possible to ask the connector to deliver a list of active / configured devices, without deleting the ps.adptracking file(s), what about the ps.devicename_Eventlog.* files?

Cheers,

Tom

0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

I can't say it for 100% certainty, as the connector API is normally meant for ArcMC and ESM communication and not directly, so certain features might not work.

What i do know is that device monitoring is based on that list, and the only way to remove old and deprecated devices for me personally in the past, has been to stop the service, delete that file and restart the connector again.

I would recommend testing on a test environment first as always, especially since the API is not exactly a supported feature on the connector.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
Highlighted
Valued Contributor.
Valued Contributor.

Hi Marius,

Thanks for your reply, I think I will code a check against the "lastEventTime" field in the responce.

Cheers,

Tom Stage

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.