

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Please find below the thread which I initiated after facing issue integrating Cisco IPS with SmartConnector.
I have almost concluded that the root cause is due to special characters used in the password of the account that I created in Cisco IPS with viewer privilege.
I will come to final conclusion (& further taking this up with HP Support) upon doing another test tomorrow in a different network.
Meanwhile, can anyone has faced this type of issue before?
-Suresh.
Accepted Solutions

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Over the years there have been a number of instances where special characters have caused issues authenticating to the system, devices and log sources. Most have been fixed, but I would suggest that its something to be cautious of and make sure its simple and easy to deal with.
For example, I have done a lot of work in Turkey, and fell for the oldest trick in the book / keyboard - the 'i' character has a special one and a normal one - get it wrong and its incorrect. There are lots of examples of this from around the world. Why mention this? Because its also an easy one to trip up on - for example, language settings, code pages for Windows and international settings for your log source and the SmartConnector you are running often are in conflict with each other - as a result, its easy to get them wrong and trip up. The mixed support of languages and keyboards on appliances (not just ArcSight but other vendors too) causes issues also, so its worth bearing this in mind.
Finally, SmartConnectors use Java as the environment to run and are defined as American English if they fail to read the underlying OS settings. Thats OK, but keyboard mappings can be different, ability to understand certain characters may not be there and hence it simply could get it wrong as you type the password. Personally, if you hit any issues like this - go in to the SmartConnector without using the wizard mode (i.e. go to "arcsight agentsetup" from the command line and when it asks, don't use the wizard). This opens up the full dialog box and you can check the settings from there - as in see the fields and you can directly enter them, such as password - you won't see what they are (they are obfuscated), but you can enter them in here too.
There is a way to obfuscate the password in an agent.properties file - but don't have it to hand at the moment. You can't unobfuscate it, but you can run the password you think it is and compare it to what is stored - hence check what is possibly going wrong.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
That sounds something new to me but quite interesting. So what is the result when you use, simple password and try to integrate.


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Amit,
One of the consultants here confirms :"I had also observed the same for ASA firewalls while defining pre-shared keys of site to site VPN tunnels."
So the issue may be related only to the behaviour of Cisco devices. I am following up with HP ArcSight already. Will update you soon.

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Suresh,
I viewed ur post about CISCO IPS!
I' too faced the same issue ,, once I not opt - validate certificate - then it works perfect,,,
but password I used with special characters, i never faced issue with special characters passwords in any of the connector.
This is new for me , waiting for your update.
regards
Santhosh


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Santhosh,
I may be wrong about passwords with special characters. I have been following up with HP ArcSight support. Will let you know their response.
-Suresh.


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I have got verbal confirmation during HP Workshop held two days back that they are aware about problems with passwords having special characters. I will wait for the return of the support guy after vacation to elaborate on this.


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Two years since my last post on this, I am still coming across cases of integration failures root cause of which is due to Special Characters in the passwords. Sample situation: Cisco IPS.
Can someone confirm this is the case?

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Hi Suresh,
Is this something with the Device end configuration or Connector Authentication issue


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
I've used a few special characters in passwords in my day and do not remembering having much of an issue.
This strikes me weird.


- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content

- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Email to a Friend
- Report Inappropriate Content
Over the years there have been a number of instances where special characters have caused issues authenticating to the system, devices and log sources. Most have been fixed, but I would suggest that its something to be cautious of and make sure its simple and easy to deal with.
For example, I have done a lot of work in Turkey, and fell for the oldest trick in the book / keyboard - the 'i' character has a special one and a normal one - get it wrong and its incorrect. There are lots of examples of this from around the world. Why mention this? Because its also an easy one to trip up on - for example, language settings, code pages for Windows and international settings for your log source and the SmartConnector you are running often are in conflict with each other - as a result, its easy to get them wrong and trip up. The mixed support of languages and keyboards on appliances (not just ArcSight but other vendors too) causes issues also, so its worth bearing this in mind.
Finally, SmartConnectors use Java as the environment to run and are defined as American English if they fail to read the underlying OS settings. Thats OK, but keyboard mappings can be different, ability to understand certain characters may not be there and hence it simply could get it wrong as you type the password. Personally, if you hit any issues like this - go in to the SmartConnector without using the wizard mode (i.e. go to "arcsight agentsetup" from the command line and when it asks, don't use the wizard). This opens up the full dialog box and you can check the settings from there - as in see the fields and you can directly enter them, such as password - you won't see what they are (they are obfuscated), but you can enter them in here too.
There is a way to obfuscate the password in an agent.properties file - but don't have it to hand at the moment. You can't unobfuscate it, but you can run the password you think it is and compare it to what is stored - hence check what is possibly going wrong.