Samour Absent Member.
Absent Member.
1787 views

How to reset schema/database password in ESM 6.51

Jump to solution

Hi,

How can I reset the schema/database password in ESM 6.51?

I tried the steps in a KB about CORR-E as well as other commands I was provided earlier by support but none seem to work.

Let me know if anyone has got this working before.

Thanks,

Samer

Labels (1)
0 Likes
1 Solution

Accepted Solutions
Samour Absent Member.
Absent Member.

Re: How to reset schema/database password in ESM 6.51

Jump to solution

Asked and answered

Was finally able to get this working with help from support.

Had to tweak some of the commands, but these steps have been tested and work with ESM 6.51:

The following is the procedure to reset the arcsight's password:

A. Login to the server as 'arcsight'

1. Stop all services:

/etc/init.d/arcsight_services stop arcsight_web

/etc/init.d/arcsight_services stop manager

/etc/init.d/arcsight_services stop mysqld

/etc/init.d/arcsight_services stop logger_httpd

2.

cp -p /opt/arcsight/logger/data/mysql/my.cnf /opt/arcsight/logger/data/mysql/my.cnf.old

vi /opt/arcsight/logger/data/mysql/my.cnf

add skip-grant-tables under the [mysqld] section

save the file

3. start the mysqld service:

/etc/init.d/arcsight_services start mysqld

4. cd /opt/arcsight/logger/current/arcsight/bin

5. ./mysql -u root (you get access with no password )

6. use mysql;

7. update user set password=PASSWORD('<password>') where user='arcsight';

#replace <password> with your password

8. flush privileges;

9. exit

new password is the password that you enter.

10. cd /opt/arcsight/manager/bin

11. ./arcsight managersetup

follow the instruction in the wizard to synchronize the CORRE password with the Manager

12. Backup your /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties

cp -p /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties.old

13. Change mysql password in logger.defaults.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties -p server.mysql.password

enter the new password you entered for mysql above in step #7

14. /etc/init.d/arcsight_services stop mysqld

15. remove the skip-grant-tables from my.cnf file

vi /opt/arcsight/logger/data/mysql/my.cnf

16. Start all services:

/etc/init.d/arcsight_services start all

3 Replies
Samour Absent Member.
Absent Member.

Re: How to reset schema/database password in ESM 6.51

Jump to solution

Asked and answered

Was finally able to get this working with help from support.

Had to tweak some of the commands, but these steps have been tested and work with ESM 6.51:

The following is the procedure to reset the arcsight's password:

A. Login to the server as 'arcsight'

1. Stop all services:

/etc/init.d/arcsight_services stop arcsight_web

/etc/init.d/arcsight_services stop manager

/etc/init.d/arcsight_services stop mysqld

/etc/init.d/arcsight_services stop logger_httpd

2.

cp -p /opt/arcsight/logger/data/mysql/my.cnf /opt/arcsight/logger/data/mysql/my.cnf.old

vi /opt/arcsight/logger/data/mysql/my.cnf

add skip-grant-tables under the [mysqld] section

save the file

3. start the mysqld service:

/etc/init.d/arcsight_services start mysqld

4. cd /opt/arcsight/logger/current/arcsight/bin

5. ./mysql -u root (you get access with no password )

6. use mysql;

7. update user set password=PASSWORD('<password>') where user='arcsight';

#replace <password> with your password

8. flush privileges;

9. exit

new password is the password that you enter.

10. cd /opt/arcsight/manager/bin

11. ./arcsight managersetup

follow the instruction in the wizard to synchronize the CORRE password with the Manager

12. Backup your /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties

cp -p /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties.old

13. Change mysql password in logger.defaults.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.defaults.properties -p server.mysql.password

enter the new password you entered for mysql above in step #7

14. /etc/init.d/arcsight_services stop mysqld

15. remove the skip-grant-tables from my.cnf file

vi /opt/arcsight/logger/data/mysql/my.cnf

16. Start all services:

/etc/init.d/arcsight_services start all

nurbolat.tazhke Absent Member.
Absent Member.

Re: How to reset schema/database password in ESM 6.51

Jump to solution

Thanks Samer. That is helpful;

However, I noticed problem with archiving after performing all steps.

In my case the problem was the password have not sync-ed in logger.properties. (it showed old hash)

So I would suggest:

13. Change mysql password in logger.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/logger/current/arcsight/logger/config/logger/logger.properties -p server.mysql.password  and enter new password

Now I do not have any problem with archiving.

Thanks.

0 Likes
shaig1 Absent Member.
Absent Member.

Re: How to reset schema/database password in ESM 6.51

Jump to solution

Hi Nurbolat and Samer,

I've also followed Samer's procedure and encountered an Error in archiving afterwards (by sec.13 in Samer's answer).

After I've changed it in properties file : "logger.propeties" and not "logger.defaults.properties" it worked fine.

I've also opened a ticket on this matter and this is the official response I've got - There is a KB on this that is very good and works perfectly. Here is the link to the KB - KM00287364 - https://softwaresupport.hp.com/group/softwaresupport/search-result/-/facetsearch/document/KM00287364

For your Convinience - I'm Copying the full KB in here also:

Title :

Changing mysql arcsight schema user password for CORR Engine Appliance

Document ID :

KM00287364

Product - Version:

arcsight enterprise security manager ;

OS :

Updated :

יול 2015-13-

Summary :

Changing mysql arcsight schema user password for CORR Engine Appliance

How can I change the mysql arcsight schema user password for the CORR Engine Appliance?

Solution

To change mysql arcsight user password, follow these steps:

1. Login as arcsight user, as follows:

a. /sbin/service arcsight_services stop arcsight_web

b. /sbin/service arcsight_services stop manager

c. /sbin/service arcsight_services stop logger_servers

d. Execute the following command from /opt/arcsight/logger/current/arcsight/bin:

./mysql -u root -p mysql

e. Enter the password.

2. Issue the following mysql commands:

update user set password=PASSWORD('<new password>') where user='arcsight';

flush privileges

3. Execute the following command from the <ARCSIGHT_HOME> as arcsight user:

/opt/arcsight/manager/bin/arcsight managersetup

4. When prompted, change the password.

5. Backup the files:

a. /opt/arcsight/logger/current/arcsight/logger/user/logger/logger.properties

b. /opt/arcsight/manager/config/database.properties

6. Change mysql the password in logger.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/logger/current/arcsight/logger/user/logger

/logger.properties -p server.mysql.password

7. Enter the new password you entered for mysql above in step #2

8. Change mysql the password in database.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/manager/database.properties -p logger.password

9. Enter the new password you entered for mysql above in step #2

NOTE: If you cannot login as root, use the following steps:

1. Stop all services:

Changing mysql arcsight schema user password for CORR Engine Appliance

Feedback

Changing mysql arcsight schema user password for CORR Engine Applianc... https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac...

1 17/08/2015 מתוך 2 14:41

a. /sbin/service arcsight_services stop arcsight_web

b. /sbin/service arcsight_services stop manager

c. /sbin/service arcsight_services stop logger_servers

2. Edit /opt/arcsight/logger/data/mysql/my.cnf

3. Add skip-grant-tables under the [mysqld] section

4. Start the mysqld service (service arcsight_services start mysqld)

5. go to /opt/arcsight/logger/current/arcsight/bin directory

6. Issue the below command

./mysql -u root -p mysql

NOTE: At this point, you should be able to access the database with no password.

7. Issue mysql command

update user set password=PASSWORD('<new password>') where user='arcsight';

flush privileges

8. Run /opt/arcsight/manager/bin/arcsight managersetup

9. When prompted, change the schema user password

10. Backup the files:

11. Change mysql the password in logger.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/logger/current/arcsight/logger/user/logger

/logger.properties -p server.mysql.password

12. enter the new password you entered for mysql above in step #7

13. Change mysql the password in database.properties:

/opt/arcsight/manager/bin/arcsight changepassword -f /opt/arcsight/manager/database.properties -p logger.password

14. Enter the new password you entered for mysql above in step #2

15. Stop mysqld and remove the skip-grant-tables

16. Start all services.

a. /opt/arcsight/logger/current/arcsight/logger/user/logger/logger.properties

b. /opt/arcsight/manager/config/database.properties

Changing mysql arcsight schema user password for CORR Engine Applianc... https://softwaresupport.hp.com/group/softwaresupport/search-result/-/fac...

2 17/08/2015 מתוך 2 14:41

The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.