Installing ArcSight SmartConnector (Linux)
April 11, 2024
ID 167453
This section describes how to install ArcSight SmartConnector.
To install ArcSight SmartConnector:
- Run the ArcSight SmartConnector installation application.
This application is a component of HP ArcSight and is not included in Kaspersky CyberTrace.
- Select the ArcSight SmartConnector installation directory (hereinafter referred to as
%ARCSIGHT_HOME%
). - Instruct the installer not to create links.
- After the contents of the binary file are unpacked, select Add a Connector.
Adding a connector
If this window is not displayed, configure ArcSight SmartConnector manually. For this purpose, run the following command:
%ARCSIGHT_HOME%/current/bin/runagentsetup.sh
- Select Syslog Daemon as the connector type.
- In the Enter the parameter details form, specify the following data:
- Network Port—Port to which Kaspersky CyberTrace Service will send detection events.
This is the same port that is specified on the Settings > Service tab of Kaspersky CyberTrace Web (by default, it is
9998
). - IP Address—IP address to which Kaspersky CyberTrace Service will send detection events.
This is the same IP address that is specified on the Settings > Service tab of Kaspersky CyberTrace Web (by default, it is
127.0.0.1
).You can specify
(ALL)
if you want Arcsight SmartConnector to receive events from all network interfaces of the computer on which it runs. (Note that you cannot specify(ALL)
in the Kaspersky CyberTrace Service configuration file.) - Protocol—Specify
Raw TCP
. - Forwarder—Specify
false
.
Parameters for sending detection events
Click Next.
- Network Port—Port to which Kaspersky CyberTrace Service will send detection events.
- Specify ArcSight Manager (encrypted) as the type of destination.
Type of destination
Click Next.
- Specify other destination settings:
- Manager Hostname—Host where ArcSight Manager is running.
- Manager Port—Port where ArcSight Manager is available.
By default, it is 8443.
- User—Name of the ArcSight ESM user that has rights for registering the connector.
- Password—Password of the ArcSight ESM user.
- AUP Master Destination—Specify
false
. - Filter Out All Events—Specify
false
. - Enable Demo CA—Specify
false
.
Destination parameters
Click Next.
- Specify the connector details: the name (arbitrary value permitted), location (arbitrary value permitted), location of the device that will send events to the connector (arbitrary value permitted, can be empty), and comment about the connector (arbitrary value permitted, can be empty).
Connector details
Click Next.
- If the ArcSight Manager parameters are valid, accept importing the certificate from the destination.
- If the certificate is imported successfully, install the ArcSight SmartConnector service.
- If you do not run the installation as root, a warning will be displayed.
Warning about user privileges
You can either run the Connector Setup Wizard as root, or run the following command as root:
%ARCSIGHT_HOME%/current/bin/arcsight agentsvc -i -u $username -sn $service_name
Here:
$username
is the name of the operating system user that will run the service.$service_name
is the service name.We recommend that you set the service name to be the same as the connector name.
The
%ARCSIGHT_HOME%/current/logs/agent.log
log file will contain messages about the installation process.Skip the next step that describes how to specify the service parameters.
- If you run the installation as root, select Install as a service.
Click Next.
- Specify the service parameters.
We recommend that you set the service name to be the same as the connector name.
Specifying service parameters
Click Next.
- Start ArcSight SmartConnector by calling the following command:
/etc/init.d/arc_$service_name start
In this command,
$service_name
is the service name.
After you have installed ArcSight SmartConnector, you can install Kaspersky CyberTrace Service and integrate it with ArcSight.