Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
mennab1 Trusted Contributor.
Trusted Contributor.
2663 views

problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Dears;

We are in process to integrate Cisco firepower management center version 6.2.3 with arcsight ESM express, we follow all the steps mentioned in the configuration guide (ArcSight Cef cisco FireSight Syslog)  but we have many problems to obtain SSL certificate using installCert agent after we download JDBC driver from firepower.

Also we have problem to run cef_agent.pl on windows machine.

The SC agent version 7.8 installed on windows server 2012R2, appreciate any help and if any one did the integration before to share its experiance with us.

Appreciate.

Mohammad Ennab

Labels (1)
0 Likes
1 Solution

Accepted Solutions
mennab1 Trusted Contributor.
Trusted Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Dears;

The Opened Case support with HP team dont give us any positive value and no solution provided how to fix PERL and SSL issue.

We did the integration successfully last week based on our research and contacts with Cisco. the mentioned configuration settings in FireSight CEF syslog documentation guide not used.

There is a new python script (eNCORE.py) you can request this script from Cisco, and run it on Centos OS. its support eStreamer Server. No need more to configure DataBase with External DB user.

 

This version is Beta and support only this events (connection, AMP, IPS) and its not get URL and user name. but at least consider better than nothing you have.

 

Hope this information help you all.

 

 

 

View solution in original post

12 Replies
alexandros_n Honored Contributor.
Honored Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

You need Perl installed and follow the steps on the guide. My opinion is Linux.

0 Likes
mennab1 Trusted Contributor.
Trusted Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Hello Alexandros;

 

Thanks for your reply. We still have an issue to install SSL certificate from client machine which include(SC agent and JDBC driver).

I opened a case with HP support to give us their recommendations.

If you have any other suggestions, please share it with me

Regards;

Mohammad Ennab

0 Likes
skrc851 Respected Contributor.
Respected Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Hi, 

What is the problem you face with installcert.,

Also can you provide the download link for 'installcert' application. I'll be configuring this connector at one of my customer today or tomorrow. I'll keep you posted if I overcome this.

0 Likes
mennab1 Trusted Contributor.
Trusted Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Hi;

You will find InstallCert when you install JDBC driver after you configured External Database access at FirePower Management Center.

The problem is when try to export ssl certificate, you fill have a SSL Socket timeout and connection dropped down.

Please keep us with any updates from your side.

 

Regards;

 

0 Likes
Regular Contributor.. mahesh.v1 Regular Contributor..
Regular Contributor..

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

In our scenario, we have established connection with DB on port 2000 and downloaded the SSL certifcate of Defence center too. But, I have a problem with the script which has been throwing errors as below when run. 

 

Any help around this is appreciated. 

I am running the script on Windows 2012 R2 with Strawbery perl.

 

Can't locate NetAddr/IP.pm in @INC (@INC contains: C:/Strawberry/perl/site/lib C
:/Strawberry/perl/vendor/lib C:/Strawberry/perl/lib .) at SFStreamer.pm line 141
.
BEGIN failed--compilation aborted at SFStreamer.pm line 141.
Compilation failed in require at cef_agent.pl line 56.
BEGIN failed--compilation aborted at cef_agent.pl line 56.

 

 

0 Likes
Stephen Kreusch Respected Contributor.
Respected Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Had the same problem on Redhat Linux with two missing Perl modules:

Can't locate IO/Socket/SSL.pm in @INC (@INC contains: /usr/local/lib64/perl5 /usr/local/share/perl5 /usr/lib64/perl5/vendor_perl /usr/share/perl5/vendor_perl /usr/lib64/perl5 /usr/share/perl5 .) at cef_agent.pl line 43.
BEGIN failed--compilation aborted at cef_agent.pl line 43.

Can't locate NetAddr/IP.pm in @INC

This was resolved by running:

yum install perl-IO-Socket-SSL
yum install perl-NetAddr-IP

I'm not familar with Strawberry Perl, but it looks like the following should work for you:

cpan IO::Socket::SSL
cpan NetAddr::IP

Regards
Stephen

0 Likes
Regular Contributor.. mahesh.v1 Regular Contributor..
Regular Contributor..

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Thank  you Stephen for the pointers. Can I request your help on the suggestions you have shared here?

I would like to know if those are some commands to added to the script or separate perl modules that need to be downloaded?

I am sorry if its a lame question but frankly I have no experience or knowledge with Perl scripting/language. I am trying to use google help as much as I can, but request your addtional suggestions on this.

Regards,

Mahesh.V

0 Likes
Highlighted
siraj1 Respected Contributor.
Respected Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Hello,

Please make sure you have the following packages installed on the machine where you are planning to install the connector.

For Linux
sudo yum install python
sudo yum install python-pip python-devel openssl-devel gcc
sudo pip install pyOpenSSL


For Windows
pip install pyOpenSSL
pip install win-inet-pton

0 Likes
Regular Contributor.. mahesh.v1 Regular Contributor..
Regular Contributor..

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Thank you Siraj for the pointers and suggestions.

Request your help with the Windows option here. Is this something compatible to be installed with Strawberry perl software that I have already installed in my server? Or should I unistall Strawberry pearl and use any other pearl software to have these packkages supported?

Additionally where can I download the packages/software for these installations. Kindly suggest.

Thanks and Regards,
Mahesh.V

0 Likes
mennab1 Trusted Contributor.
Trusted Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Dears;

The Opened Case support with HP team dont give us any positive value and no solution provided how to fix PERL and SSL issue.

We did the integration successfully last week based on our research and contacts with Cisco. the mentioned configuration settings in FireSight CEF syslog documentation guide not used.

There is a new python script (eNCORE.py) you can request this script from Cisco, and run it on Centos OS. its support eStreamer Server. No need more to configure DataBase with External DB user.

 

This version is Beta and support only this events (connection, AMP, IPS) and its not get URL and user name. but at least consider better than nothing you have.

 

Hope this information help you all.

 

 

 

View solution in original post

steven.harvin@h Contributor.
Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Does anyone already have the eNCORE.py script?  I am at a location that is moving to FireSight 6.0 and I am having the same issues with testing since there is no connector for eNcore support yet.  Our FireSight admin spoke with Cisco about eNCORE.py but they would not provide it to him yet as they said it was not ready/available yet.  

0 Likes
Heiha9 Trusted Contributor.
Trusted Contributor.

Re: problem installing SmartConnector for ArcSight CEF Cisco FireSIGHT Syslog.

Jump to solution

Hey Steven,

did you manage to get your hands on this? Since Cisco has published an "operations guide" in August 2017,(https://www.cisco.com/c/en/us/td/docs/security/firepower/622/api/estreamer_encore/eStreamereNcoreOperationsGuide_30.html), I would expect it's available and ready to use.

I also found a hint that there's a version 3.5.3 now: https://splunkbase.splunk.com/app/3662/

Regards,

Heiko

 

0 Likes
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.