Highlighted
jhare@thevigila1 Absent Member.
Absent Member.
1360 views

Test Alert Connector Command Line Options

I have created my replay files, and I have successfully sent the events to the Manager using the Test Alert Agent GUI. However I need to run the Connector in a command line mode for scripting purposes and have it send the events from the replay files.

I checked the knowledge base and the connector notes / documentation but I couldn't find anything on how to run it from the command line.

I assume it would be something like, "./arcsight agents -f <replay file name>"

Alternatively, is there a way to leverage bleep or kick bleep to accomplish the same goal?

Labels (2)
0 Likes
Reply
7 Replies
jbur Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

You have to modify the agent.properties file.  This will allow you to run it from the CLI or as a service.


agents[0].autoload=true
agents[0].continuous=true
agents[0].enabled=true
agents[0].eventrateunit=Second
agents[0].loadall=true
agents[0].markasreplayed=false
agents[0].maxrate=100
agents[0].maxratesupported=5000
agents[0].startpaused=false
agents[0].uienabled=false

Put the replay files in the "current" folder and they will all be automatically replayed the next time your agent starts.

-Joe

0 Likes
Reply
heiko.hansen@hp Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

...but I won't terminate afterwards. That's the issue I also face some months ago. I asked ArcSight for a solution and researched here a little. The most valuable answer was here on Protect 724.

In the end I created a script that I scheduled then with crontab. For "...", the correct path needs to be set.

#!/bin/ksh

CONNECTORHOME=/opt/arcsight/...
unset DISPLAY

cd $CONNECTORHOME

timestamp=`date +%Y%m%d%H%M%S`
echo Move old log out of the way.
mv $CONNECTORHOME/logs/agent.log $CONNECTORHOME/logs/agent.log.$timestamp

echo Start connector.
bin/arcsight connectors &

echo Waiting for closeCache line in log...
rc=1
while [[ rc -gt 0 ]]; do
        grep "closeCache.*dummy-events" $CONNECTORHOME/logs/agent.log
        rc=$?
        sleep 30
done
echo ...found.

echo Shutdown connector.
bin/arcsight agentcommand -c terminate

0 Likes
Reply
jbur Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

You could also start and stop the connector service using an interactive CLI or via cron.

-Joe

0 Likes
Reply
heiko.hansen@hp Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

Yes, I tried that also and it works. The downside is that you usually would do that as root (e.g. using sudo).

0 Likes
Reply
jhare@thevigila1 Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

Thanks everyone. Setting the agent.properties parameters worked. I was running it from the command line, so need to interrupt or kill it based on an entry in the log file.

Jodie

0 Likes
Reply
Absent Member.. Mostafa_Soliman Absent Member..
Absent Member..

Re: Test Alert Connector Command Line Options


Hi Jodie,

Could you please advise how did you configure and selected which files to be played by the test connector ? there is an option to select which event files to run and send events to Connector Destination, correct?

BR,

Mostafa

0 Likes
Reply
heiko.hansen@hp Absent Member.
Absent Member.

Re: Test Alert Connector Command Line Options

See Joe's post.

Heiko

0 Likes
Reply
The opinions expressed above are the personal opinions of the authors, not of Micro Focus. By using this site, you accept the Terms of Use and Rules of Participation. Certain versions of content ("Material") accessible here may contain branding from Hewlett-Packard Company (now HP Inc.) and Hewlett Packard Enterprise Company. As of September 1, 2017, the Material is now offered by Micro Focus, a separately owned and operated company. Any reference to the HP and Hewlett Packard Enterprise/HPE marks is historical in nature, and the HP and Hewlett Packard Enterprise/HPE marks are the property of their respective owners.