Welcome Serena Central users! CLICK HERE
The migration of the Serena Central community is currently underway. Be sure to read THIS MESSAGE to get your new login set up to access your account.
Highlighted
james.hardman@h Absent Member.
Absent Member.
706 views

How to add a SmartConnector to ESM (certificate based on IP not hostname) ?

Hi,

I currently have this situation:

Connector - 31.45.87.91 (SmartConnector, SSH access only)

ESM - 60.20.30.15 (Console and SSH access)

I wish to add the connector to the ESM for management purposes.  The connector shows and error in the agent.log file about not being able to find the certificate of the ESM when attempting to add thr ESM as a destination normally. Thus I've had to manually download the certificate off the ESM (went to https://60.20.30.15:8443 and downloaded it) and upload it into the Connector with the following command:

 

./arcsight agent keytool -store clientcerts -importcert -alias esm_31.45.87.91 -file /home/admin/esm_31.45.87.91.cer

And this seems to have added correctly.

Now when I attempt to add the ESM as a destination for the connector, it just hangs at:


Performing add destination

- Destination parameters {port=8443, host=60.20.30.15, aupmaster=false, filterevents=true}

- Connector chckpoint1:checkpointfirewall_ad_opsec

Continue [yes] [yes/no/back/cancel]?yes


Registering the primary destination for [chckpoint1:checkpointfirewall_ad_opsec://Default/Localhost/Container 1]

And never returns anything.

A TCPDump does show a short communication between the connector and ESM but by the end, the Connector is just sending 'ack's on port 8443 and the ESM does not respond.

agent.log file on the connector shows:

[2013-06-07 15:05:24,502][INFO ][default.com.arcsight.agent.loadable.transport.event._AgentHTTPEventTransport][registerDestination] Attempting login to [https://60.20.30.15:8443/arcsight/servlet/XmlRpc]...

[2013-06-07 15:05:24,557][INFO ][default.com.arcsight.agent.loadable.transport.event._AgentHTTPEventTransport][registerDestination] Login successful.

[2013-06-07 15:05:24,557][INFO ][default.com.arcsight.agent.qc.c][doRegistration] Enabling log transfer. Manager Version is [5.0.2.6715.0]

Have I missed anything off or is there anything I can check?

P.s. - those are not the real IPs as you can appreciate

Labels (2)
0 Likes
Reply
2 Replies
Ignight71 Absent Member.
Absent Member.

Re: How to add a SmartConnector to ESM (certificate based on IP not hostname) ?

You have to use the connector Installer user to sync it with ESM. Create a user and browse to it in resources. Double click to edit it. Underneath the User ID should be User Type. That should be Connector Installer. Specify that user when configuring the Connector.

You probably figured it out already though.

Regards,

Aaron

0 Likes
Reply
james.hardman@h Absent Member.
Absent Member.

Re: How to add a SmartConnector to ESM (certificate based on IP not hostname) ?

Thank you for the reply.  I use my admin username and password to add connectors.

The issue here is that we have a destination NAT for the ESM which the connector must use.  Therefore although the real IP address of the EMS is, say, 31.45.87.91, the NAT destination IP for this ESM is 60..20.30.15.  In this case, as the ESM hostname is it's IP address and not a domain name, the 'host name' value within the certificate is set to 31.45.87.91.  The connector will only add the ESM as a destination if the hostname in the certificate of the ESM matches the destination hostname you are entering as the ESMs destination.  Therefore, in our case, the two are different and thus it does not work.

The two solutions to this are:

- Remove the destination NAT (not possible in our case)

- Apply a hostname to the ESM and re-create the certificate

Another ArcSight lesson learned

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.