Can a connector be installed on a Workstation instead of a server?
Can an ArcSight Connector, such as Syslog Daemon or Windows Event Log Unifed, be installed on a workstation instead of a server? I have a few outports that I need to have install those 2 connectors for their servers and network devices however they are strapped for space and time to get a server to install them on. I was thinking maybe they could install them on an unused desktop until they can solve their issues and put them on a server.
I believe it is possible to do this as a temporary solution as long as the workstation has adequate resources i.e. Memory, Storage, supported OS e.t.c. This can also be done on a VM. Release notes and Connector documentation will provide you all the requirements you need to get this setup and I recommend consulting them. You will also need to create firewall rules on any firewalls between your work station and the ESM/Logger destinations where the connector will send logs. Also remember to open certain ports like 445 for WUC and 514 for syslog on the firewalls between your source nodes and the workstation/VM. Potentially also you may need to open the ports locally on the workstation/VM OS firewall if they are closed. In this case for syslog which will be a push to your workstation/VM connector, 514 will need to be open at the workstation/VM end for it to receive the UDP traffic.