DerManni Contributor.
Contributor.
265 views

Monitor ESM via shell or API

Hey Guys,

after searching through the community and reading some documentations I didn't found anything for my issue.

In our company there is a grown monitoring system (icinga/nagios) and we would like to monitor the ESM over this system.

Is there any possibility to get monitoring relevant data out of the ESM over the linux shell or an API (REST) interface? The best solution for us is an shell command like 

/opt/arcsight/manager/bin/arcsight serviceStatus -action status -service aps,execprocsvc,logger_httpd,logger_servers,logger_web,manager,mysqld,postgresql

Thanks in advance.

Best regards, Manni

 

Labels (3)
0 Likes
8 Replies
Micro Focus Expert
Micro Focus Expert

Re: Monitor ESM via shell or API

Unfortunately ESM does not expose much system information directly from the API (only through a web based jsp page called manage.jsp.

When I managed process status before, we just built a wrapper script that used the output of /etc/init.d/arcsight_services status and returned the error codes nagios expects for each service to show that the processes are either up or down.

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
DerManni Contributor.
Contributor.

Re: Monitor ESM via shell or API

Thanks for your reply. Do you know how I can view/reach this manage.jsp?

We are also interrsted in information about the connectors which are registered or other ESM system data.
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Monitor ESM via shell or API

It should be available from 

https://<your manager>:8443/arcsight/web/manage.jsp 

 

It includes several good performance metrix'es for troubleshooting for example.

Normally it's recommended to do monitoring of ArcSight components like Connectors and Loggers from ArcMC and then send SNMP traps to nagios afterwards, there is an unofficial ConnectorService API on the ESM, though I would need to test to see if that works currently.

A third option to get proper statistics, though also unofficial and it requires some work on your end is JMX monitoring.

All Java applications normally has the possibility to open up remote statistics through JMX, and most monitoring solutions supports it in some ways, example: https://www.nagios.com/solutions/jmx-monitoring/

A similar example of that using ELK is located here, though remember it is unsupported: https://community.microfocus.com/t5/ArcSight-User-Discussions/Void-the-Warranty-Monitor-ESM-CORR-with-JMX-ELK-and-TICK/m-p/1589050?

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
DerManni Contributor.
Contributor.

Re: Monitor ESM via shell or API

Thanks Marius,

I appreciate your help.
The next days I will check your suggestions and share my results.

Is there anyway to access the url with username and passwort in the url?
For example: https://<your manager>:8443/arcsight/web/manage.jsp?login=<username>&password=<password>

Greetings, Manni
0 Likes
Highlighted
Micro Focus Expert
Micro Focus Expert

Re: Monitor ESM via shell or API

Hmm I would recommend trying to proxy your request, either using a browser addon or some free software like Fiddler to capture the request and remake it using a script.

Now that I think about it, there is actually certain monitoring numbers that are logged as audit events in the ESM, like CPU/Memory, database queries and waiting time ++ more things.

You could potentially create a Query + Queryviewer for those statistics and use the QueryViewer API to gather the details.

It really boils down to what you want to achieve in the end and which tools you would want to use.

Example of the QueryViewerAPI is here: https://community.microfocus.com/t5/ArcSight-User-Discussions/ArcSight-ESM-API-for-Getting-the-Query-Viewer-Data/m-p/1687030#M45999

-----------------------------------------------------------------------------------------
All topics and replies made is based on my personal opinion, viewpoint and experience, it does not represent the viewpoints of MicroFocus.
All replies is based on best effort, and can not be taken as official support replies.
//Marius
0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Monitor ESM via shell or API

Hello,

If you choose to take a scripting route,  you might also consider taking and parsing the server.status.log files.  These generally reflect the same metrics that you would potentially be taking from the management (manage.jsp) interface (but without any of the risks!)..

Although it's quite a task to sift through all of the information in server.status.log,  in general, it is arranged in a consistent fashion, with most of the data being stored as comma separated variables under the relevant subsystems.   You can use awk/sed, perl etc to process this.  For example, to get connector agent statistics you can run something like:

grep "AgentStatuses" server.status.log | cut -c51- |tail -n 1 | sed 's/\,/\n/g' | column -t -s"|"

Hope this helps,

Best regards,
Darren

 

ArcSight Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
DerManni Contributor.
Contributor.

Re: Monitor ESM via shell or API

Hello,

@Darren Hammond :

I think the best way (at the moment) is the tip from Darren. We have to process data per script anyway, so we try to extract relevant per Logfiles (didnt had that in mind).

@Marius2 :

Sry for the simple question, but do I need the enable the REST-API at first or is the API activated per default?

Thanks in advance.

Manni

0 Likes
Micro Focus Expert
Micro Focus Expert

Re: Monitor ESM via shell or API

Hi Manni,

You do not need to activate the API,  you make authenticated requests to the manager on port 8443.

There are a few guides that might help you out.  Here are some links:

https://community.microfocus.com/t5/ESM-and-ESM-Express/Micro-Focus-Security-ArcSight-ESM-Service-Layer-API-Reference/ta-p/1661019

https://community.microfocus.com/t5/ESM-and-ESM-Express/Micro-Focus-Security-ArcSight-ESM-API-Reference-Vol-2-Manager/ta-p/1661020

Thanks,
Darren

ArcSight Support
If you find that this or any post resolves your issue, please be sure to mark it as an accepted solution.
0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.