Collecting events when logging on via kerberos
I use ArcSight WinC Connector Version: 188.8.131.5239.0
I am trying to configure the event collection from the domain controller.
The controller uses kerberos authentication. In the agent.properties configuration file I set the
authentication to kerberos. But the connection does not go through and I get a log error:
<ArcSight Connector Version: 184.108.40.20639.0>
<ArcSight Parser Version: 220.127.116.1139.0>
[2020-09-15 12:08:31,986][ERROR][default.com.arcsight.agent.util.m][createParameterVerificationMessage] Error [Encountered  errors for command [GetLogAccessValidationResult].
EventLog: [System], Reason: [Cannot retrieve log info: [javax.xml.ws.WebServiceException: Could not send Message.]]
EventLog: [Application], Reason: [Cannot retrieve log info: [javax.xml.ws.WebServiceException: Could not send Message.]]
EventLog: [Security], Reason: [Cannot retrieve log info: [javax.xml.ws.WebServiceException: Could not send Message.]]]. Possible Solution 
Port 5986 is open for communication, no problems on the network lock side.
I use CentOS 7.6. The krb5.conf configuration file is configured and I successfully get the ticket by running command kinit user_name@QWE.LOCAL
Can you tell us what the problem may be and how to solve it?
You're running the WiNC on SmartConnector CentOS 7.6? From the WiNC SmartConnector configuration guide that set up is not supported.
SmartConnector for Windows Event Log - Native Limitations
Runs only on Windows; it cannot be run on Management Center, Connector Appliance, or Linux/Unix OS, although it can be remotely managed from Management Center
Excuse me, I missed the titles)))
I use: Windows SmartConnector Config (commonly known as WiSC) is a Linux-based SmartConnector
that collects logs from Windows hosts.
i would strongly recommend you avoid using WISC / WINC on Linux - it is not stable and you will lose events. Have a look at the release notes for the limitations.
Try to use a Windows Server to host a WINC, you will regret trying to get WISC working!