Highlighted
Regular Contributor.
Regular Contributor.
780 views

ESM Migration to new IP

Dear Experts,

need an assistance how can we migrate the existing Arcsight ESM to the new IP having the same version.

what are the requirements/prereqs has to keep in mind.

what will be the strategy to achive.

Thanks.

Junaid

Labels (2)
0 Likes
6 Replies
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: ESM Migration to new IP

Change IP but keep same hostname ?

in life... you win.... you lose... but at least you tried....
0 Likes
Highlighted
Acclaimed Contributor.
Acclaimed Contributor.

Re: ESM Migration to new IP

In nutshell dont change host name because then your ESM certificate does not work anymore.

Mr
0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Re: ESM Migration to new IP

Hi, Thanks for your reply we need to change the hostname as well.

0 Likes
Highlighted
Regular Contributor.
Regular Contributor.

Re: ESM Migration to new IP

Hi, Thanks for your reply can we regenerate the certificate after changing hostname.

0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: ESM Migration to new IP

then your in for a ride...

about Gayan Ranasinghe... the statement made is totally correct... dont forget that as soon as you change the ESM hostname... all communication with what could be Loggers (receivers/peered) and/or Smart Connectors, LDAPS authentication/autorizatoin also will be lost... even probably the HA ESM ( if you have one ). you could also be required to ask for another Certificate from your provider ( ex: Entrust ).

PLAN,PLAN and PLAN again...

make a complete backup and if you can... setup an ESM VM with all your saved config/state_tables etc... just in case..

if this is not possible... then make sure that someone has made the FORMAL request to have you do this.. and that they are ready to accept the RISK of loosing data and/or the ESM. CYA

also... important

you have the ESM and the WEB SSL cert to change...when you change the IP and hostname. this is 2 distainc processes which will required you to use "keytoolgui"

another important point

have you change the mysql database password (little hint : obfuscated Password )?

i just did exactly what you are about the perform  ( ip change, host name change and Upgrade from 6.5c to 6.9.1c Patch 3 ) and since the database password had a special caracter in it... we got scr.....

make sure that your password is as simple as it can be ( for the change of course ) then of course... change it back.

did i mention to make a backup (configbackup and state tables (even events if you can) before doing anything

about the database password... we did try to : modify it, re-run managersetup, copy paste... nothing could do it... the only thing that could do it was.... take a copy of another backup we had ( same machine before we change the password ) and put it back... then it was ok... but nothing else would do it...

also remember that "WE ARE NEVER AS SURE AS WE CAN BE IF WE DONT MAKE OUR OWN MIND"

meaning that i can say and give info but you can never be sure unless you make your own mind about it..

here is the info i can give..( which i was able to find in different places)

==================================

Changing the IP Address of Your Machine

If you have configured peering, make sure to re-establish the peer relationship.

In case you want to change the IP address of your machine after running the First Boot

Wizard successfully, follow these steps:

Please note, that the Manager setup command must be run when logged in

as user “arcsight.”

1 Stop all ArcSight services by running (as user arcsight): /sbin/service arcsight_services stop all

2 Change the IP address of your machine.

( MAKE SURE THAT YOUR HOST FILE INCLUDE ALL NECESSARY NAME for the ESM

ex:

127.0.0.1 arcsight esm blablabla.yourdomain.com

192.168.0.2 arcsight esm blablabla.yourdomain.com

sometime... if you can.. validate your hostname with running the "setup" command in CLI)

3 Reboot the machine.

4 Stop the Manager by running (as user arcsight): /sbin/service arcsight_services stop manager

5 Stop ArcSight Web by running (as user arcsight): /sbin/service arcsight_services stop arcsight_web

6 While logged in as user arcsight, run the following to start the setup program for the Manager from:

  /opt/arcsight/manager/bin directory: 

                                        ./arcsight managersetup

This will open the Manager’s setup wizard.

               a Enter the new IP address (that you set for your machine in Step 2 above) in the

                    Manager Host Name field when prompted by the wizard.

               b Make sure to select the self-signed keypair option when prompted by the wizard

                    and enter the required information to generate the self-signed certificate containing the new IP address.

7 Start the Manager by running (as user arcsight): /sbin/service arcsight_services start manager

8 Export the Manager’s newly generated self-signed certificate and import it into ArcSight Web using the keytoolgui tool. See the Administrator’s Guide for details on how to export and import a certificate. See the “Using Keytoolgui to Export a Certificate” and “Using Keytoolgui to Import a Certificate” sections in the “Configuration” chapter in the Administrator’s Guide available on the HP ArcSight Customer Support download site for details on how to do this.

9 While logged in as user arcsight, run the following to start the setup program for

ArcSight Web from the /opt/arcsight/web/bin directory:

                                   ./arcsight websetup

               a Enter the new IP address (that you set for your machine in Step 2 above) in

               Webserver Host Name field when prompted.

               b Select the self-signed keypair option when prompted by the wizard and enter the

               required information to generate the self-signed certificate containing the new IP address.

10 Start ArcSight Web by running (as user arcsight): /sbin/service arcsight_services start arcsight_web

11 Import the Manager’s newly generated certificate on all clients (Console and connectors) that will be accessing the Manager. You can do so using the keytoolgui. See the “Using Keytoolgui to Import a Certificate” section in the “Configuration” chapter in the Administrator’s Guide available on the HP ArcSight Customer Support download site for details on how to do this.

12 Test to make sure that:

                the clients can connect to the Manager

                peer configuration works as expected. If not, redo the peer configuration.

======================================================================================

Changing the Host Name of the Machine After Running the First Boot Wizard

In case you want to change the host name of the machine after running the First Boot

Wizard successfully, follow these steps:

1 Stop all services by running (as user arcsight): /sbin/service arcsight_services stop all

2 Change the host name of your machine.

3 Reboot the machine.

If you had entered a host name (instead of an IP address) when configuring the Manager

in the First Boot Wizard, then you will be required to do the following in addition to the

steps mentioned above:

4 Stop the Manager by running (as user arcsight): /sbin/service arcsight_services stop manager

5 Stop ArcSight Web by running (as user arcsight): /sbin/service arcsight_services stop arcsight_web

6 While logged in as user arcsight, run the Manager’s setup program from the

          /opt/arcsight/manager/bin directory as user “arcsight”:

                    ./arcsight managersetup

               a Enter the new host name (that you set for your machine in the steps above), in

               the Manager Host Name field when prompted by the wizard.

               b Make sure to select the self-signed keypair option when prompted by the wizard

               and enter the required information to generate the self-signed certificate containing the new host name.

7 Start the Manager by running (as user arcsight): /sbin/service arcsight_services start manager

8 Export the Manager’s newly generated self-signed certificate and import it into ArcSight Web using the keytoolgui tool. See the “Using Keytoolgui to Export a Certificate” and “Using Keytoolgui to Import a Certificate” sections in the “Configuration” chapter in the Administrator’s Guide available on the HP ArcSight Customer Support download site for details on how to do this.

9 While logged in as user arcsight, run the following to start the setup program for ArcSight Web from the /opt/arcsight/web/bin directory: ./arcsight websetup

Please note that the Manager setup command must be run when logged in as user “arcsight.”

          a Enter the new host name in Webserver Host Name field when prompted.

          b Select the self-signed keypair option when prompted by the wizard and enter the

          required information to generate the self-signed certificate containing the new hostname.

10 Start ArcSight Web by running (as user arcsight): /sbin/service arcsight_services start arcsight_web

11 Import the Manager’s certificate on all clients (Console and connectors) that will be accessing the Manager. You can do so using the keytoolgui. See the “Using Keytoolgui to Import a Certificate” section in the “Configuration” chapter in the Administrator’s

Guide available on the HP ArcSight Customer Support download site for details on how to do this.

12 Test to make sure that the clients can connect to the Manager.

hope this is a good startup...

keep us posted..

good luck.

in life... you win.... you lose... but at least you tried....
0 Likes
Highlighted
Trusted Contributor.
Trusted Contributor.

Re: ESM Migration to new IP

almost forgot...

make sure that all necessary folders are owned by the arcsight user...

validate this before .... going ahead...

in life... you win.... you lose... but at least you tried....
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.