Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
Absent Member.
Absent Member.
2614 views

ArcSight on VMware

I've been installing ArcSight in lab environments for testing.  Not knowing that ArcSight does not support VMware, the Lab Manager gave me VMware virtual machines (VMs) and it worked fine.  However I'm in a new lab with VMware and I'm having difficulties getting Oracle installed.  I get a "Failed to start the TNS listener" and permission denied.  All seems to be related to port 1521 (see attached).  Any suggestions to try?  My guess it is a VMware setup issue.  Anybody else get ArcSight 4.5 to work on VMware?

Thanks.

0 Likes
27 Replies
Absent Member.
Absent Member.

I had this exact same error happen the other day.  The only difference that may have caused it was the fact that I was installing from an NFS mount, and I used a limited set of RPMs provided by someone else.  What version of Cent-OS are you running?  Are you sure it's supported by ArcSight?

I doubt the NFS mount was the issue, so I think it was that I didn't have the right RPMs installed (Redhat EL 5.3 64-bit).  Here's a script that I used the other day, that resolved this issue:

rpm -ivh libstdc++-4.1.2-44.el5.i386.rpm --nodeps
rpm -ivh libstdc++-4.1.2-44.el5.x86_64.rpm --nodeps
rpm -ivh libstdc++43-devel-4.3.2-7.el5.i386.rpm --nodeps
rpm -ivh libstdc++43-devel-4.3.2-7.el5.x86_64.rpm --nodeps
rpm -ivh libstdc++-devel-4.1.2-44.el5.i386.rpm --nodeps
rpm -ivh libstdc++-devel-4.1.2-44.el5.x86_64.rpm --nodeps
rpm -ivh glibc-devel-2.5-34.i386.rpm --nodeps
rpm -ivh glibc-devel-2.5-34.x86_64.rpm --nodeps
rpm -ivh libgomp-4.3.2-7.el5.i386.rpm --nodeps
rpm -ivh libgomp-4.3.2-7.el5.x86_64.rpm --nodeps
rpm -ivh binutils-2.17.50.0.6-9.el5.x86_64.rpm --nodeps
rpm -ivh binutils-devel-2.17.50.0.6-9.el5.i386.rpm --nodeps
rpm -ivh binutils-devel-2.17.50.0.6-9.el5.x86_64.rpm --nodeps
rpm -ivh compat-db-4.2.52-5.1.i386.rpm --nodeps
rpm -ivh compat-db-4.2.52-5.1.x86_64.rpm --nodeps
rpm -ivh compat-libstdc++-296-2.96-138.i386.rpm --nodeps
rpm -ivh compat-libstdc++-33-3.2.3-61.i386.rpm --nodeps
rpm -ivh compat-libstdc++-33-3.2.3-61.x86_64.rpm --nodeps
rpm -ivh gcc-4.1.2-44.el5.x86_64.rpm --nodeps
rpm -ivh gcc-c++-4.1.2-44.el5.x86_64.rpm --nodeps
rpm -ivh glibc-2.5-34.x86_64.rpm --nodeps
rpm -ivh glibc-common-2.5-34.x86_64.rpm --nodeps
rpm -ivh glibc-headers-2.5-34.x86_64.rpm --nodeps
rpm -ivh kernel-headers-2.6.18-128.el5.x86_64.rpm --nodeps
rpm -ivh libaio-0.3.106-3.2.i386.rpm --nodeps
rpm -ivh libaio-0.3.106-3.2.x86_64.rpm --nodeps
rpm -ivh libgcc-4.1.2-44.el5.i386.rpm --nodeps
rpm -ivh libgcc-4.1.2-44.el5.x86_64.rpm --nodeps
rpm -ivh make-3.81-3.el5.x86_64.rpm --nodeps
rpm -ivh sysstat-7.0.2-3.el5.x86_64.rpm --nodeps

0 Likes
Absent Member.
Absent Member.

@KMac: thx a lot. I will be able to test this within the next 24h and would be happy to give a positive feedback 😉

BR from Switzerland, Silvan

0 Likes
Absent Member.
Absent Member.

I was able to test it. Change the sqlnet.or file and also checked the installed libs. nothing changed. still the same error.

does anyone have a successful installation on CentOS 5.X ?

BR, Silvan

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

yes me!
0 Likes

Me too.

Centos 5.x install Procedure

# Fake Red Hat release file
cp /etc/redhat-release /etc/redhat-release.orig
cat <<EOF > /etc/redhat-release
Red Hat Enterprise Linux Server release 5.2 (Tikanga)
EOF

# Disable SELinux
setenforce permissive
sed -i 's/SELINUX=enforcing/SELINUX=disabled/' /etc/sysconfig/selinux
chkconfig mcstrans off
chkconfig restorecond off

# Packages needed for ArcSight
cat <<EOF | xargs yum install -y
libXext.i386
libXext.x86_64
libXi.i386
libXi.x86_64
libXp.i386
libXp.x86_64
libXt.i386
libXt.x86_64
libXtst.i386
libXtst.x86_64
sudo
xorg-x11-xauth
EOF

# Packages needed for Oracle
cat <<EOF | xargs yum install -y
binutils
compat-db.i386
compat-db.x86_64
compat-libstdc++-296
compat-libstdc++-33.i386
compat-libstdc++-33.x86_64
elfutils-libelf.i386
elfutils-libelf.x86_64
elfutils-libelf-devel
cpp
gcc
gcc-c++
glibc-common
glibc-devel.i386
glibc-devel.x86_64
glibc-headers
glibc.i686
glibc.x86_64
kernel-headers
libaio.i386
libaio.x86_64
libaio-devel
libgcc.i386
libgcc.x86_64
libgomp.i386
libgomp.x86_64
libstdc++-devel.i386
libstdc++-devel.x86_64
libstdc++.i386
libstdc++.x86_64
make
sysstat
unzip
EOF


# create arcsight user first:
  groupadd --g 234 arcsight
  useradd -c 'ArcSight ESM' -d /opt/arcsight -g arcsight -m -r -u 234 arcsight
  chmod +x /opt/arcsight

# Database

mkdir -p /var/lib/oracle/{archives/arcsight,databases/arcsight,logs/arcsight}
chown 50:60 /var/lib/oracle/{archives/arcsight,databases/arcsight,logs/arcsight}
chmod go-rwx /var/lib/oracle/{archives/arcsight,databases/arcsight,logs/arcsight}

cat <<EOF >> /etc/aliases
arcsight-info:    root
arcsight-error:    root
EOF
newaliases

mkdir -p /opt/arcsight/database
chmod go-rwx /opt/arcsight/database

Install in /opt/arcsight/database
  Oracle User Home & Install: /opt/oracle
  Oracle Home: /opt/oracle/arcsight

Instance
  Control File 1: /opt/oracle/arcsight/oradata/arcsight
  Control File 2: /var/lib/oracle/databases/arcsight
  Control File 3: /var/lib/oracle/logs/arcsight
  Data File: /var/lib/oracle/databases/arcsight
  Redo Logs: /var/lib/oracle/logs/arcsight
  Log Archives: /var/lib/oracle/archives/arcsight

(as oracle user)
  lsnrctl stop
  sed -i 's/HOST = [^)]*/HOST = localhost/' /opt/oracle/arcsight/network/admin/*.ora
  lsnrctl start

Schema
  Data File Path: /var/lib/oracle/databases/arcsight

Notification
  Notification: arcsight-info@localhost.localdomain
  Escalation: arcsight-error@localhost.localdomain

Archiving (if enabled)
  Archive Directory: /var/lib/oracle/archives/arcsight

# Manager (as arcsight user)

sed -i 's/Defaults    requiretty/#Defaults    requiretty/' /etc/sudoers
cat <<EOF >> /etc/aliases
arcsight-info:   root
arcsight-error:  root
EOF
newaliases

mkdir -p /opt/arcsight/manager
chmod go-rwx manager

Install in /opt/arcsight/manager

Make sure the machine can resolve the manager hostname!

Notification
  From: arcsight@<hostname>
  Recipients: arcsight-error@localhost.localdomain

0 Likes
Absent Member.
Absent Member.

@StevenvandeBraak: I did your preps then installled on CentOS5 no problems at all. thanks-
0 Likes
Absent Member.
Absent Member.

@StevenvandeBraak: I'm not sure what the problem could be, but I don't have the time to try & error all day long. So I started the CentOS 5.4 installation from scracht on my vmware server. Add another 300gb disk on /opt/arcsight and started the installation. Actually it looks good and I will post here my experience. Before I was using some vmware CentOS image where I don't know exactly all the paramenteres for the installation at this time. So I fell acutally better to do it from scracht by my own.

BTW: your script is very helpfull 😉

Best wishes, Silvan

0 Likes
Absent Member.
Absent Member.

All,

I was able to get ArcSight installed when I used a version of the OS that wasn't patched.  I used Microsoft Windows Server 2003 R2 Enterprise x64 Edition Service Pack 2 with no software updates.  This solved my problem and I'm moving forward with the rest of my project.  If I have the time I may try to find out which patch caused the problem and if I do I will report it here.  My guess that there is some relationship between the Oracle files and the OS that I didn't know (and still don't).

Thanks everyone.

0 Likes
Absent Member.
Absent Member.

Do you have Oracle and ESM on the same box?  If they are on separate boxes and you have TCP.INVITED_NODES defined on your Oracle's sqlnet.ora you will need to update that to include the IP address of the ESM box. That could be what is preventing your Oracle DB to be accessed from another server. sqlnet.ora is located under $ORACLE_HOME/network/admin. I have lab instances of Vmware (mostly RHEL5) and everything works fine for testing purposes.

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Well, "not supported on VMWare" is true, but can be workarounded in several manners.

First of all, it's not supported from a performance / OS point of view but if your issue is content-related, I guess you can "omit" to say to support you're working on VMWare, they won't ask your full platform spec anyway.

Then, it's valid for ESM manager and databases, but this "unsupported" ArcSight statement doesn't stand when it comes to Console, Web or even SmartConnectors because there are plenty of ArcSight customers which don't have any choice but running them in a virtualized environement. MSSP, for instance, sometimes can't choose the platform the connector is running on (the machine belongs to their customers) and most enterprises now have desktops running in virtual environment : you can't force your whole company to move out of virtualized desktop environments just because of ArcSight Console (and same applies to ArcSight Web).

And last but not least, I would say every platform is supported as long as you can prove the bug/problem you're experiencing is reproducible in a supported environment. So if you can install a dummy instance on a non-virtualized system and reproduce it, then you can get support. Same applies if you use an unsupported linux distro or windows version, BTW.

0 Likes
Absent Member.
Absent Member.

hey guys,

Finally, it's done! OVER & OUT 😉

I forced myself to setup a proper CentOS 5.4 but have a look at the proper steps:

  1. Installation of CentOS 5.4 (NetInstall)

    1. no SELinux

    2. Selected also the Server Package

  2. Installed the following packages like Steven:

    1. # Packages needed for ArcSight
      cat <<EOF | xargs yum install -y
      libXext.i386
      libXext.x86_64
      libXi.i386
      libXi.x86_64
      libXp.i386
      libXp.x86_64
      libXt.i386
      libXt.x86_64
      libXtst.i386
      libXtst.x86_64
      sudo
      xorg-x11-xauth
      EOF

    2. # Packages needed for Oracle
      cat <<EOF | xargs yum install -y
      binutils
      compat-db.i386
      compat-db.x86_64
      compat-libstdc++-296
      compat-libstdc++-33.i386
      compat-libstdc++-33.x86_64
      elfutils-libelf.i386
      elfutils-libelf.x86_64
      elfutils-libelf-devel
      cpp
      gcc
      gcc-c++
      glibc-common
      glibc-devel.i386
      glibc-devel.x86_64
      glibc-headers
      glibc.i686
      glibc.x86_64
      kernel-headers
      libaio.i386
      libaio.x86_64
      libaio-devel
      libgcc.i386
      libgcc.x86_64
      libgomp.i386
      libgomp.x86_64
      libstdc++-devel.i386
      libstdc++-devel.x86_64
      libstdc++.i386
      libstdc++.x86_64
      make
      sysstat
      unzip
      EOF

  1. Changed redhat-release

  2. Installed DB binary with root

And that's it. It's working.

Thanks a lot for all the help. Finally I think it was something in the vmware image I got from a colleague. I don't know exactly what but something was wrong with it. But I'm completely sure -

You will be able to install ESM 5.0 on CentOS 5.4 / 64-Bit on a VMware Server

0 Likes
Fleet Admiral
Fleet Admiral

Just a couple of quick comments on the 'not supported on VMware' part. When ArcSight says that its 'not supported' it means that the support team cannot offer technical assistance on problems that related to performance or other issues that are related to the virtualisation system. Clearly it works, but it has been proven that VMware does have some issues when under heavy load and this could have an impact on the way that ESM does its processing. Also, Oracle is not currentlys supported on VMware, so there isnt much that can be done there too.

But there are quite a few customers who are happily running production ESM systems on virtualised environments. Its not necessarily recommended, but I remember one customer I was working with who has a policy to use virtualisation where possible. We explained the issues and they then worked out a way of having a physical system in test with content copied from the production system as part of a procedure. So should any problem occur, the automatic thing is to test on the physical system to see if its an OS, virtualisation or ArcSight issue. If its an ArcSight one, we can look at fixing it as its present on both virtualised and real environments.

As with most things, a bit of planning and its usually not an issue. Just be careful with the phrase 'not supported though' it can mean different things.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.