Big news! The community will be moving to a new platform April 21. Read more.
Big news! The community will be moving to a new platform April 21. Read more.
1079 views

IBM AIX Audit File on Windows

Jump to solution

Hi,

I'm integrating the AIX system, and installing the smart connector on Windows machine. In the guide, you should specify the "Absolute path to the log file folder". But AIX and windows can't share files?! or is there a way.

Also there's a know limitation mentioned in the guide "ArcSight SmartConnector Known Limitations": "All SmartConnectors on IBM AIX platform Running the SmartConnector as a service is currently not supported on IBM AIX version 7100-03. However, SmartConnectors can still be run in standalone mode on 7100-03."

So why is the smart connector available as a windows installation?! I got confused.

I'm going to install the agent on my AIX servers using the AIX installation file, but this means I have to install the agent on each AIX server.

Any advise?

Mustapha
Labels (1)
0 Likes
1 Solution

Accepted Solutions
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi,

Most people put one "connector server" in the network. On thie connector server there are several smartconnectors installed. Right now connector servers with WIndows are preferred cause the Winc and the exchange powershell connector only work on windows.

Then when you have a Windows Server running with smartconnectors on them you can choose:

1. To use the FTP service of windows (or some open source FTP server).

     * Create a script on the IBM server that is periodically copying (using a cronjob) to the Windows FTP server. And use this for all the IBM instances.


2. make a file server on the Windows Server.

     * mount a CIFS share to the windows file server.

     * have a script copy periodically events to Windows Connector

Kind regards,

Jurgen

View solution in original post

0 Likes
9 Replies
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi,

Most people put one "connector server" in the network. On thie connector server there are several smartconnectors installed. Right now connector servers with WIndows are preferred cause the Winc and the exchange powershell connector only work on windows.

Then when you have a Windows Server running with smartconnectors on them you can choose:

1. To use the FTP service of windows (or some open source FTP server).

     * Create a script on the IBM server that is periodically copying (using a cronjob) to the Windows FTP server. And use this for all the IBM instances.


2. make a file server on the Windows Server.

     * mount a CIFS share to the windows file server.

     * have a script copy periodically events to Windows Connector

Kind regards,

Jurgen

View solution in original post

0 Likes

Thanks Jurgen,

FTP seems to be a good solution.

Do you have any info about the Limitation of installing the SC on AIX and running it as a service?

Mustapha
0 Likes

Hello Mustapha,

I can confirm you that I installed an Oracle SYSDBA SmartConnector on an AIX server just last week and the limitation is there - when you get to configuring the "Run as a service" part, in the end you get the result "Could not configure the SmartConnector to run as a service.".

As a workaround I installed it as a standalone application and I ran the agent using the following command:

nohup ./arcsight connectors > /dev/null 2>&1 &

This way the process will run in the background, all output (stdout/stderr) will be redirected to /dev/null (so you will not get any messages on the console) and also the process will not terminate once you close the shell.

I don't know whether or not what I did is the standard procedure/best practice, it was just something I made up on the spot. Perhaps you or Jurgen might have some suggestions regarding my solution?

All the best,

Stefan

0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Hi,

I would not run a SC on a system itself, just run it on a seperate connector server. because if it started caching the disk will use 1GB per destination. also if you upgrade it and other things.

I have no experience running unix services in another alternative ways, (maybe google around?)

Kind regards,

Jurgen

0 Likes

Hello,

Thanks for the suggestion. My idea was also to have the connector running on the already existing dedicated connectors' server - however the end user wanted this one on the database server itself, it was their call.

As for running the agent as an application, what I proposed is already implemented and it is working (I don't know whether I was specific enough in my previous post). I was just wondering if anybody else has another solution.

Best regards,

Stefan

0 Likes

I liked your suggestion Stefan, to have a separate AIX server to collect from all other AIX's, and the way you can run the connector as a workaround.

I have opened a feature request: CON-14616, for the "run as a service" limitation.

Thanks guys.

Mustapha
0 Likes
Absent Member.
Absent Member.

Hello All,

We have the requirement to integrate AIX servers with ArcSight. Version' are 6.1 and 5.2.

Very few servers are reporting through syslog mechanism, but having parsing problem.

As you guys mentioned, AIX and windows can't share files, so what would be the best way to integrate this.

Please suggest.

Thanks,

Sandeep N

0 Likes

Hi Sandeep,

As Stefan suggested, this is the best why you can do the integration, have an AIX server that can connect to all your servers.

HTH.

Mustapha
0 Likes
Cadet 2nd Class Cadet 2nd Class
Cadet 2nd Class

Get yourself added to the feature request of AIX Integration Using syslog. Filereader is really a pain.

And instead of AIX Connector server, a Linux based Connector server is better and in terms of managing, otherwise you will be depending on your infra team to manage that AIX connector server

Using FTP looks a viable option but its a crucial finding you'll get in your audits and you can't have ftp tunneled over ssh also, i would not recommend this, rather you can use either linux machine as connector server and have NFS share mounted over here which works pretty well.

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.