Setting Up ArcSight Console (v6.9.1) on MacOS
There have been many posts on this in the past and as a Mac user myself, I though I would post up a document to guide you through the process. Please note that I am using the very latest version of MacOS (Sierra) and the latest Console version for ESM (220.127.116.115). Obviously older versions exist and do work, but I am using the latest one as an attempt to 'put a stake in the ground' with regards to how to do this.
I dont use a massively powerful MacBook Pro for this, but the above specification is more than sufficient to cope with pretty much anything the console needs. I do find that the Console is faster and more responsive on MacOS though. However, be aware that there have been some issues with certain dashboards and views not working though. These issues have been fixed, but primary support is on Windows and not MacOS, just be aware.
I don recommend making sure you have the latest versions of Java installed. In the past you didnt need this, but with subsequent chances to MacOS and the console build, we now require this to be in place (unlike Windows, where its self-included). So make sure you have the latest and update it accordingly. As you can see, I have the latest for today - 28th Nov. Download from java.com.
When you download the Console on MacOS, it will appear as a .ZIP in the download catalog, but will actually download and uncompress automatically. So you will find the following:
When you are ready to install, just double click the .APP and it will start the process:
Unfortunately we dont sign it, so you will have to accept this. If you have locked settings for System Preferences, do go in and then to security and change the rights to allow it to run. I have set a low level of security here so it will run, but this is not the default setting. Go to System Preferences -> Security & Privacy and change the option for Allow Apps Downloaded from: to allow the app to run.
You will get the incorrect version alert, but the version of Java will support it fine, so you can accept this and move on.
I have skipped a few dialog boxes here, but you will have to scroll to the bottom of the dialog and then accept the license to move on.
Install directory is in the following folder by default. Be aware that you can change this, but make sure you remember and have access rights to the relevant location (access rights and apps dont play well together in this example) - /Applications/arcsight/Console/
You can decide where your icon will be installed. I tend to go with the desktop as you can then drag and drop it where you want, such as Applications or the Dock, but its your choice at this point.
It goes away and installs everything and copies the files etc. This is just copy / install and not setup though, that comes later.
I am assuming this is a fresh install, so go with the No option here. Be ware that the transfer option does work, but I have had issues in the past and the certs dont always get pulled across and you have to mess around with keytoolgui which is a pain!
Again, I will assume default mode rather than FIPS. For FIPS, please refer to the manual on how to set this up.
You will need to enter the hostname of the server for ESM. This MUST resolve and be correct and matching to the DNS / FQDN / certificate that ESM has. In general this is fine and I will assume you have it setup correctly (mine is a VM setup), but if you need to edit your /etc/hosts file, remember you will need to use sudo to make this happen. There are a few apps on the AppStore if you want to manage it that way too. Check with a ping from terminal before going any further. And for all versions of OS (Linux, Windows or Mac), the DNS / FQDN and certificate WILL BE CHECKED at this point.
I will assume a direct connection for this.
And I will assume simple authentication here too.
You do have the option to select your browser of choice for external browser integration with the console. The default one is provided, but I am bigger fan of Firefox when using it on MacOS, so I would browse to that folder and select the relevant app for this. Change as needed, but I will go with the default for this purpose.
This option is more relevant to Windows but I do believe it is supposed to work on MacOS too. Basically it saves the preferences for the console in a per user folder, or in the users home folder. The difference is that if you have separate users and home folders, they will not be able to see the other persons home folders, hence the support for a per-user folder. Its a small thing, but only really relevant if you have a jump box for the console - so using Windows Terminal Services really. Not relevant here, so just go with the default.
When its finished, you need to run the console to finish up the setup process. Enter a valid username and password combination for the ESM system. On first connect (remember we selected to create a new setup here) so it will connect, check the DNS / FQDN and certificate names and connect. It will see that the cert isnt downloaded, so will allow you to download at this point. The cert is displayed
If you are happy with this, just click OK and allow it to import it. Now, this is the big difference with the later versions of the Console and the latest Java version running on Sierra. Before, it will attempt to download the cert to the local Keystore in MacOS and this would cause lots of issues and problems and usually ask for passwords that you either dont know or won't share with the app (its just asking for authorization, nothing more). With the later versions, it will actually import the cert into the keystore for Java for this console install! No more Keystore, no more importing certs, just let it finish and it will import the cert as needed.
And when you press OK it will finish and you will be in. The good news is that you can get to the certificate store for Java now and you can run the keytoolgui tool as needed (run it from the /current/bin folder with './arcsight keytoolgui'. Don't forget to get to the cacerts file (which is in the /Applications/arcsight/Console/current/jre/lib/security folder). When you start the keytoolgui, click open, browse to the cacerts file and enter the correct password for this - see the manual for the default password - ESM Administrator's Guide (ESM v6.9.1c)
Thats about it. Good luck and hope this helps.
Re: Setting Up ArcSight Console (v6.9.1) on MacOS
You really should use the normal support site for this. It will confirm your login, eligibility and details and provide it from there. Its also a hell of a lot faster because its multi-hosted around the world.
However, you can find the 6.9.1 version of the Mac Client here - it wont be here for long as I regularly clean up my Dropbox areas. So please download ASAP.