Installing ArcSight SmartConnector by using the console (Linux)

You can install ArcSight SmartConnector on Linux by using the console instead of the GUI installer.

To install ArcSight SmartConnector by using the console:

  1. In the console, run the ArcSight SmartConnector installer.
  2. Read the Introduction section and press Enter.
  3. When prompted, select Choose Install Folder, and type the full path to the directory where ArcSight SmartConnector will be installed (%ARCSIGHT_HOME%).

    The default value of the installation directory is /root/ArcSightSmartConnectors.

  4. When prompted, select Choose Link Location, and specify whether a link to the installation directory must be created.

    We recommend that you specify Don't create links.

  5. Make sure that the Pre-Installation Summary section lists the correct values of the installation settings. Press Enter if the values are correct.

    After ArcSight SmartConnector is installed, the following information will be displayed in the console:

    Installation Complete

    ---------------------

    The core components of the ArcSight SmartConnector have been successfully installed to:

    %ARCSIGHT_HOME%

    To finish the configuration of the SmartAgent, please go to the folder:

    %ARCSIGHT_HOME%/current/bin/

    and execute the script:

    ./runagentsetup.sh

  6. Run %ARCSIGHT_HOME%/current/bin/runagentsetup.sh.
  7. Run Add a Connector.
  8. Specify Syslog Daemon as the connector type.
  9. Specify the following settings of the connector:
    • Network Port

      Specify the port to which Feed Service sends events. This port is specified on the Settings > Service tab of Kaspersky CyberTrace Web (by default, it is 9998).

    • IP Address

      Specify the IP address to which Feed Service sends events. This IP address is specified on the Settings > Service tab of Kaspersky CyberTrace Web (by default, it is 127.0.0.1).

      You can specify ALL if you want Arcsight SmartConnector to receive events from all network interfaces of the computer on which it runs. (Note that you cannot specify ALL in the Feed Service configuration file.)

    • Protocol

      Specify Raw TCP.

    • Forwarder

      Specify false.

  10. Specify ArcSight Manager (encrypted) as the destination type.
  11. Specify whether to mask passwords.

    It is recommended to specify yes.

  12. Specify the following connection settings of ArcSight Manager:
    • Manager Hostname

      ArcSight Manager host.

    • Manager Port

      ArcSight Manager port. By default, it is 8443.

    • User

      Name of the user that has the right to register a connector in ArcSight.

    • Password

      Password of the specified user.

    • AUP Master Destination

      Specify False.

    • Filter Out All Events

      Specify False.

    • Enable Demo CA

      Specify False.

  13. Specify the following connector settings:
    • Name

      Arbitrary value can be specified.

    • Location

      Arbitrary value can be specified.

    • DeviceLocation

      Arbitrary value can be specified.

    • Comment

      Arbitrary value can be specified.

    After this, the connector will be registered.

  14. Specify the following action for importing the certificate: Import the certificate to connector from destination.
  15. Make sure that the displayed data to check is correct.

    If correct data is displayed, type yes.

  16. Specify how the connector must be installed: Install as a service.
  17. Specify the service settings:
    • Service Internal Name
    • Service Display Name
    • Start the service automatically

      Indicates whether the service will start on the system startup. We recommend that you specify yes.

  18. Check the specified data. If it is correct, press Enter.

    The connector will be installed as a service.

  19. Start the connector by calling the following command:

    /etc/init.d/arc_$service_name start

    In this command, $service_name is the service internal name that you specified.

After you have installed ArcSight SmartConnector, you can install Kaspersky CyberTrace and integrate it with ArcSight.

Page top