SlideShare a Scribd company logo
HPE Security ArcSight Logger
Forwarding Connector for HPE NNMi
Software Version: 7.3.0.7837.0
Configuration Guide
August 30, 2016
Legal Notices
Warranty
The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an additional warranty.
Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein.
The information contained herein is subject to change without notice.
The network information used in the examples in this document (including IP addresses and hostnames) is for illustration
purposes only.
HPE Security ArcSight products are highly flexible and function as you configure them. The accessibility, integrity, and
confidentiality of your data is your responsibility. Implement a comprehensive security strategy and follow good security
practices.
This document is confidential.
Restricted Rights Legend
Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use or copying.
Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical
Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license.
Copyright Notice
© Copyright 2011-2016 Hewlett Packard Enterprise Development, LP
Follow this link to see a complete statement of copyrights and acknowledgements:
https://www.protect724.hpe.com/docs/DOC-13026
Support
Phone Alistof phone numbers is available on the HPE Security ArcSightTechnical Support
Page: https://softwaresupport.hp.com/documents/10180/14684/esp-support-
contact-list
Support Web Site https://softwaresupport.hpe.com
Protect 724 Community https://www.protect724.hpe.com
Contact Information
Configuration Guide
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 2 of 18
Contents
ArcSight Logger Forwarding Connector for HPE NNMi 4
About HPE ArcSight Logger and HPE NNMi 4
Sending Events From Logger to NNMi 5
Installing the Connector 5
Configure for HPE Network Node Manager (NNMi) 8
NNMi Console 9
Logger Forwarders 11
Creating a Forwarder to Forward Events 11
Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages 13
Cisco Router Sub-messages 13
HPE H3C Sub-messages 15
HPE ProCurve Sub-messages 16
Send Documentation Feedback 18
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 3 of 18
ArcSight Logger Forwarding Connector for
HPE NNMi
This guide provides information on installing and configuring the ArcSight Logger Forwarding
Connector for HPE NNMi on Windows, Linux and Solaris platforms. This Logger Forwarding Connector
software supports Logger 6.2, and 6.3, NNMi 9.20, patch 1 and NNMi 10.0.
See "Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages" on page 13 for details on
supported Cisco Router sub-messages.
Note the following:
l You must upgrade to HPE NNMi 9.20, patch 1 or later to be able to use the current Logger
Forwarding Connector for HPE NNMi. If you have a previous version of HPE NNMi installed, the
current Logger Forwarding Connector for HPE NNMi will not function.
l Use the latest version of the SmartConnector with the current Logger Forwarding Connector for
NNMi. If you plan to process events from HPE ProCurve devices, you must also install the latest
SmartConnector build.
Note: The following changes start with the next release:
o Windows and Linux 64-bit operating systems will be supported.
o Solaris operating system will no longer be supported.
About HPE ArcSight Logger and HPE NNMi
HPE ArcSight Logger is a log management solution that is optimized for extremely high event
throughput, efficient long-term storage, and rapid data analysis. Logger receives and stores events;
supports search, retrieval, and reporting; and can forward selected events.The HPE ArcSight Logger
Forwarding Connector allows you to send these event logs from Logger to the HPE Network Node
Manager (HPE NNMi).
HPE Network Node Manager (NNMi) provides continual network discovery using unified fault,
availability, and performance monitoring. HPE NNMi enables network management teams to detect,
locate, and diagnose faults and performance degradations of the network quickly, analyze the business
and service impact of outages, and increase network staff efficiency and productivity.
Using the HPE ArcSight Logger Forwarding Connector and the HPE NNMi integration install, network
staff can view syslog messages from Logger in the NNMi console.
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 4 of 18
Sending Events From Logger to NNMi
Logger sends events to the Logger Forwarding Connector using CEF Syslog, which then forwards the
events to NNMi via SNMP. For Logger to send events to the Logger Forwarding Connector, a Logger
forwarder must be created to send these events. For instructions on how to create a forwarder to send
the events, see "Creating a Forwarder to Forward Events" on page 11.
Installing the Connector
Before you install the connector, make sure that the ArcSight products with which the connectors will
communicate have already been installed correctly (the ArcSight Logger, for example) and you have
assigned appropriate privileges.
1. Download the HPE ArcSight executable for your operating system from My Updates on the HPE
SSO site.
2. Start the HPE ArcSight Installer by running the executable.
Follow the installation wizard through the following folder selection tasks and installation of the
core connector software:
Introduction
Choose Install Folder
Choose Install Set
Choose Shortcut Folder
Pre-Installation Summary
Installing...
3. Select Add a Connector.
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 5 of 18
4. Click Next. Logger to NNMi is selected by default.
5. Click Next. Enter the Logger information.
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 6 of 18
Parameter Description
Network
Port
514 or another port that matches the Receiver (the port to which the Forwarding Connector sends
events)
IP Address IP or host name of the Logger
Protocol UDP or Raw TCP
Note: Whichever protocol you choose, it must match that of the forwarder type chosen during
Logger Forwarder configuration.
6. Click Next. HPE NNMi is selected by default.
7. Click Next. Fill in the parameter information required for connector configuration.
Parameter Description
Host Enter the Host name or IP address of the NNMi device.
Port Enter the port to be used by the adaptor to forward events. The default port
is 162. To determine if the trap port monitored by NNMi is other than the
default, use the NNMi command:
$NnmInstallDir/bin/nnmtrapconfig.ovpl -showProp
See the NNMI ArcSight Logger Integration Guide, HPE ArcSight Logger
chapter for details on HPE NNMI and Logger integration.
Version Accept the default value of SNMP_VERSION_2.
SNMP_VERSION_3 is not available at this time.
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 7 of 18
Parameter Description
Read Community(v2) Enter the SNMP Read Community name.
Write Community(v2) Enter the SNMP Write Community name.
Authentication Username(v3) For use with SNMP v3. This is not available at this time.
Authentication Password(v3) Enter the authentication password.
Security Level(v3) The default value is AuthNoPriv
Authentication Scheme(v3) The default value is MD5.
Privacy Password(v3) Enter the privacy password.
Context Engine Id(v3) Enter the context engine.
Context name(v3) Enter the context name.
8. Click Next. Enter a name for the connector and provide other information identifying the
connector's use in your environment.
9. Click Next. Read the installation summary and click Next. If the summary is incorrect, click Previous
to make changes.
10. When the connector completes its configuration, click Next. The Wizard now prompts you to
choose whether you want to run the connector as a process or as a service.
If you choose to run the connector as a service, the Wizard prompts you to define service
parameters for the connector.
11. Click Next. Choose Exit, to complete the connector installation, or choose Continue, to continue to
make connector modifications. Click Next to exit or continue.
Configure for HPE Network Node Manager (NNMi)
Add new node for the VM with the IP address where you want to receive trap.
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 8 of 18
NNMi Console
These modules are automatically filled in the NNMi Console:
See "Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages" on page 13 for a complete
list of supported sub-messages.
When events are sent from Forwarding Connector to NNMi, only events which contain attribute
mnemonic, shown below, are parsed in syslog message incident.
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 9 of 18
Incidents for these valid events would be shown in the incident view.
Detail of an incident:
Configuration Guide
Installing the Connector
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 10 of 18
Logger Forwarders
Logger Forwarders allow you to send all events, or events which match a particular filter, to another
destination, in this instance to the Logger Forwarding Connector for HPE NNMi. For more detailed
information on Logger Forwarders, see the ArcSight Logger Administrator’s Guide.
Note: You cannot configure a Logger Forwarder to send data to a destination on the same system.
Logger forwarding uses several forwarder types, but the Logger Forwarding Connector operates with
UDP and TCP forwarder types only.
l UDP Forwarders forward events as User Datagram Protocol messages, such as Syslog format
datagrams.
l TCP Forwarders forward events as Transmission Control Protocol messages.
Creating a Forwarder to Forward Events
In order to successfully forward events from Logger to NNMi, a Logger Forwarder must be created. To
do so, complete the following steps in the Logger web application.
1. Click Configuration from the top-level menu bar.
2. Click Event Input/Output in the left panel.
3. Click the Forwarder tab, then click Add. The Add Forwarder page appears.
4. Enter a name for the new forwarder and choose either “UDP Forwarder” or “TCP Forwarder”.
Caution: Whichever forwarder type you choose, it must match that of the SmartConnector
protocol and port chosen during installation.
5. Click Next.
6. The Edit Forwarder page appears.
7. Within the Query field, create a query to filter the events sent to NNMi, or leave the default, NONE,
to send all events.
8. Continue to fill in the remaining parameters, ensuring that the Ip/Host field contains the correct
Logger Forwarding Connector IP address and that the Port number matches that of the
connector.
9. Click Save. The following page appears.
Configuration Guide
Logger Forwarders
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 11 of 18
10. New forwarders are initially disabled, so click the disabled icon ( ) to enable the new forwarder.
The forwarder is now enabled.
Note: To create a specific filter for NNMi, refer to the HPE NNMi documentation.
Tip: Wait a few minutes after enabling a forwarder before disabling it. Likewise, wait before
enabling a forwarder that has just been disabled. Background tasks initiated by enabling or
disabling a forwarder can produce unexpected results if they are interrupted.
Configuration Guide
Logger Forwarders
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 12 of 18
Appendix A: Supported Cisco Router, HPE
H3C, and HPE ProCurve Sub-Messages
This appendix lists Cisco Router, HPE H3C, and HPE ProCurve sub-messages, for which additional
mappings were provided in this release.
Cisco Router Sub-messages
The following Cisco Router sub-messages are provided:
l BGP-5-ADJCHANGE
l CDP-4-DUPLEX_MISMATCH
l DTP-3-NONTRUNKPORTFAIL
l DTP-3-TRUNKPORTFAIL
l DTP-5-NONTRUNKPORTON
l DTP-5-TRUNKPORTCHG
l DTP-5-TRUNKPORTON
l FR-5-DLCICHANGE
l LINEPROTO-5-UPDOWN
l LINK-3-UPDOWN
l STANDBY-3-DUPADDR
l LINK-4-ERROR
l PAGP-5-PORTFROMSTP
l PAGP-5-PORTTOSTP
l PORT_SECURITY-2-PSECURE_VIOLATION_VLAN
l SNMP-5-MODULETRAP
l SPANTREE-5-PORTLISTEN
l SPANTREE-5-ROOTCHANGE
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 13 of 18
l SPANTREE-6-PORTFWD
l SPANTREE-6-PORTLISTEN
l STACKMGR-6-MASTER_ELECTED
l STACKMGR-6-MASTER_READY
l STACKMGR-6-STACK_LINK_CHANGE
l STANDBY-6-STATECHANGE
l SYS-3-MOD_CFGMISMATCH1
l SYS-3-MOD_CFGMISMATCH2
l SYS-3-MOD_CFGMISMATCH3
l SYS-3-MOD_CFGMISMATCH4
l SYS-3-PKTBUFBAD
l SYS-3-PORT_COLL
l SYS-3-PORT_COLLDIS
l SYS-3-PORT_IN_ERRORS
l SYS-3-PORT_RUNTS
l SYS-4-SYS_LCPERR4
l SYS-5-MOD_INSERT
l SYS-5-MOD_OK
l SYS-5-MOD_REMOVE
l SYS-5-MOD_RESET
l SYS-5-RELOAD
l SYS-5-RESTART
l SYS-5-SYS_LCPERR5
Configuration Guide
Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 14 of 18
HPE H3C Sub-messages
The following HPE H3C sub-messages are provided:
l CFM/5/CFM_SAVECONFIG_SUCCESSFULLY
l NTP/5/NTP_SOURCE_LOST
l DEV/4/FAN_FAILED
l OSPF/5/OSPF_NBR_CHG
l DEVM/3/BOARD_REMOVED
l DEV/4/FAN_RECOVERED
l DEVM/2/BOARD_STATE_FAULT
l VRRP/6/VRRP_STATUS_CHANGE
l DEV/4/POWER_FAILED
l DEV/4/POWER_RECOVERED
l MSTP/5/MSTP_BPDU_RECEIVE_EXPIRY
l OPTMOD/4/MODULE_IN
l OSPF/6/OSPF_LAST_NBR_DOWN
l ARP/5/ARP_DUPVRRPIP
l ARP/3/ROUTECONFLICT
l BFD/5/BFD_CHANGE_FSM
l BGP/5/BGP_RECHED_THRESHOLD
l DEV/4/BOARD_LOADING
l DEV/4/LOAD_FINISHED
l DEVM/2/POWER_FAILED
l DEVM/5/POWER_RECOVERED
l DEVM/3/RPS_ABSENT
l DEVM/5/RPS_NORMAL
l DEVM/5/SYSTEM_REBOOT
Configuration Guide
Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 15 of 18
l DEV/4/POWER_ABSENT
l DEV/4/SYSTEM_REBOOT
l LDP/5/LDP_SESSION_DOWN
l OPTMOD/5/CHKSUM_ERR
l OPTMOD/5/IO_ERR
l OPTMOD/5/MOD_ALM_OFF
l OPTMOD/5/MOD_ALM_ON
l OPTMOD/4/MODULE_OUT
l OPTMOD/3/TYPE_ERR
l PIM/5/PIM_NBR_DOWN
l STM/4/LINK_STATUS_CHANGE
l STM/3/STM_LINK_STATUS_DOWN
l STM/6/STM_LINK_STATUS_UP
HPE ProCurve Sub-messages
The following HPE ProCurve sub-messages are provided:
l RMON_PMGR_PORT_UP
l RMON_CHASSIS_FAN_STATUS
l RMON_STP_NEW_ROOT
l RMON_LACP_DYNAMIC_TRUNK_OFF_LINE
l RMON_LACP_DYNAMIC_TRUNK_ON_LINE
l RMON_LACP_ERROR_CONDITION_BLOCK
l RMON_POEMGR_PD_DENIED_POWER
l RMON_POEMGR_PD_OVERCURRENT
l RMON_POEMGR_INTERNAL_50V_FAULT
l RMON_BOOT_CRASH_RECORD0
l RMON_BOOT_CRASH_RECORD1
Configuration Guide
Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 16 of 18
l RMON_BOOT_NO_CRASH_RECORD
l RMON_BOOT_SELFTEST_FAILURE
l RMON_SSH_DISABLED
l RMON_SSH_ENABLED
l RMON_CHASSIS_POWER_STATUS
l RMON_CHASSIS_HEARTBEAT_FAILURE
Configuration Guide
Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 17 of 18
Send Documentation Feedback
If you have comments about this document, you can contact the documentation team by email. If an
email client is configured on this system, click the link above and an email window opens with the
following information in the subject line:
Feedback on Configuration Guide (Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0)
Just add your feedback to the email and click send.
If no email client is available, copy the information above to a new message in a web mail client, and send
your feedback to arc-doc@hpe.com.
We appreciate your feedback!
Documentation Revision History
Date
Product
Version Description
08/30/2016 7.3.0.7837.0 HPE branding.
Updated supported Logger versions.
02/15/2016 7.1.7.7609.0 Support for version 10.0.
Installation support for Windows 2012 R2.
Support for RHEL 7.1.
Support for 64-bit on Linux and Windows platforms.
Support for Logger 6.0.
09/28/2012 5.2.3.6287.0 Added support for selected HP H3C and HP ProCurve submessages. Added
support for HP NNMi 9.20, patch 1 and a new connector installation wizard.
Event data is forwarded as CEF Syslog from Logger to the Logger Forwarding
Connector for HP NNMi. The parsing is now enabled only in the corresponding
release of the SmartConnectors. Forwarding events from supported devices such
as Cisco Router, HP H3C, and HP ProCurve directly to the Logger Forwarding
Connector without SmartConnectors or Logger is not a supported configuration.
05/15/2012 5.2.1.6206.0 Added support for selected Cisco Router sub-messages.
11/15/2011 5.1.7.6081.0 Added support for JRE 1.6.0_26.
HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 18 of 18

More Related Content

PDF
Logger Forwarding Connector for HPE NNMi Configuration Guide 7.1.7.7609.0
PDF
ArcSight Logger Forwarding Connector for HP NNMi 5.2.3.6287.0 Configuration G...
PDF
I psec cisco
PDF
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
PPTX
IPSec VPN & IPSec Protocols
PDF
IS Unit 8_IP Security and Email Security
PPT
PPT
IPSec Overview
Logger Forwarding Connector for HPE NNMi Configuration Guide 7.1.7.7609.0
ArcSight Logger Forwarding Connector for HP NNMi 5.2.3.6287.0 Configuration G...
I psec cisco
Ten new topics on security+ 2011 (sy0 301) (domain 1.0 network security)
IPSec VPN & IPSec Protocols
IS Unit 8_IP Security and Email Security
IPSec Overview

What's hot (17)

PDF
Computer Security - CCNA Security - Lecture 2
PPT
Ip security
PPTX
Palo Alto Networks authentication
DOCX
ITERA Paper - IPSec L2TP Vulnerability
PPTX
Ipsec 2
PPTX
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
PPTX
IP Sec - Basic Concepts
DOCX
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
PPTX
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
PDF
Cns unit4
PPT
Overview of ip_security by JetArvind kumar Madhukar
PDF
CCA security answers chapter 2 test
PDF
IP Security
PPTX
Ipsecurity
PPT
PPTX
IP Security
Computer Security - CCNA Security - Lecture 2
Ip security
Palo Alto Networks authentication
ITERA Paper - IPSec L2TP Vulnerability
Ipsec 2
SITE TO SITE IPSEC VPN TUNNEL B/W CISCO ROUTERS
IP Sec - Basic Concepts
Palo Alto Networks PANOS 5.0 Radius Authentication OTP using Yubikey
Converting your linux Box in security Gateway Part – 2 (Looking inside VPN)
Cns unit4
Overview of ip_security by JetArvind kumar Madhukar
CCA security answers chapter 2 test
IP Security
Ipsecurity
IP Security
Ad

Similar to Logger Forwarding Connector for NNMi 7.3.0.7837.0 Configuration Guide (20)

PDF
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
PDF
ArcSight Logger Forwarding Connector for HP Network Node Manager i
PDF
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
PDF
Logger Forwarding Connector for HPE NNMi Release Notes 7.1.7.7609.0
PDF
Logger Forwarding Connector for OM 7.3.0.7838.0 Configuration Guide
PDF
Logger Forwarding Connector for OMi 7.3.0.7839.0 Configuration Guide
PDF
Logger Forwarding Connector for HPE OMi Release Notes 7.1.7.7610
PDF
Fwd conn configguide_5.2.5.6403.0
PDF
Logger Forwarding Connector for HPE OM Release Notes 7.1.7.7611.0
PDF
Logger Forwarding Connector for OMi 7.3.0.7839.0 Release Notes
PDF
ArcSight Logger Forwarding Connector for HP Operations Manager i
PDF
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
PDF
Logger Forwarding Connector for HPE OMi Configuration Guide 7.1.7.7610.0
PDF
Fwd conn configguide_5.1.7.6151_6154
PDF
ArcSight Logger Forwarding Connector for HP OMi Configuration Guide 5.1.7.6080
PDF
ArcSight Management Center 2.2 Administrator's Guide.pdf
PDF
Logger Forwarding Connector for HPE OM Configuration Guide 7.1.7.7611.0
PDF
ArcSight Forwarding Connector Configuration Guide
PDF
ArcSight Management Center 2.2 P1 Administrator's Guide.pdf
PDF
Logger Forwarding Connector for OM 7.3.0.7838.0 Release Notes
HP ArcSight Logger Forwarding Connector for HP NNMI Configuration Guide 5.2.1...
ArcSight Logger Forwarding Connector for HP Network Node Manager i
ArcSight Logger Forwarding Connector for HP NNMi Configuration Guide 5.1.7.6081
Logger Forwarding Connector for HPE NNMi Release Notes 7.1.7.7609.0
Logger Forwarding Connector for OM 7.3.0.7838.0 Configuration Guide
Logger Forwarding Connector for OMi 7.3.0.7839.0 Configuration Guide
Logger Forwarding Connector for HPE OMi Release Notes 7.1.7.7610
Fwd conn configguide_5.2.5.6403.0
Logger Forwarding Connector for HPE OM Release Notes 7.1.7.7611.0
Logger Forwarding Connector for OMi 7.3.0.7839.0 Release Notes
ArcSight Logger Forwarding Connector for HP Operations Manager i
Forwarding Connector User;s Guide for 5.1.7.6151 and 6154
Logger Forwarding Connector for HPE OMi Configuration Guide 7.1.7.7610.0
Fwd conn configguide_5.1.7.6151_6154
ArcSight Logger Forwarding Connector for HP OMi Configuration Guide 5.1.7.6080
ArcSight Management Center 2.2 Administrator's Guide.pdf
Logger Forwarding Connector for HPE OM Configuration Guide 7.1.7.7611.0
ArcSight Forwarding Connector Configuration Guide
ArcSight Management Center 2.2 P1 Administrator's Guide.pdf
Logger Forwarding Connector for OM 7.3.0.7838.0 Release Notes
Ad

More from Protect724manoj (13)

PDF
ArcSight Logger Forwarding Connector for HP Operations Manager
PDF
Forwarding Connector Configuration Guide 5.1.7.6085
PDF
ArcSight Logger Forwarding Connector for HP OM Configuration Guide 5.1.7.6079
PDF
Logger Forwarding Connector for NNMi 7.3.0.7837.0 Release Notes
PDF
IDS - IPS Monitoring Security Use Case Guide
PDF
Firewall Monitoring 1.1 Security Use Case Guide
PDF
VPN Monitoring Security Use Case Guide version 1.1
PDF
Suspicious Outbound Traffic Monitoring Security Use Case Guide
PDF
Anomalous Traffic Detection Security Use Case Guide
PDF
Brute Force Attack Security Use Case Guide
PDF
Reconnaissance Security Use Case
PDF
Antivirus Monitoring Security Use Case Guide
PDF
HPE ArcSight ESM Support Matrix
ArcSight Logger Forwarding Connector for HP Operations Manager
Forwarding Connector Configuration Guide 5.1.7.6085
ArcSight Logger Forwarding Connector for HP OM Configuration Guide 5.1.7.6079
Logger Forwarding Connector for NNMi 7.3.0.7837.0 Release Notes
IDS - IPS Monitoring Security Use Case Guide
Firewall Monitoring 1.1 Security Use Case Guide
VPN Monitoring Security Use Case Guide version 1.1
Suspicious Outbound Traffic Monitoring Security Use Case Guide
Anomalous Traffic Detection Security Use Case Guide
Brute Force Attack Security Use Case Guide
Reconnaissance Security Use Case
Antivirus Monitoring Security Use Case Guide
HPE ArcSight ESM Support Matrix

Recently uploaded (20)

PDF
System and Network Administration Chapter 2
PPTX
Computer Software and OS of computer science of grade 11.pptx
PPTX
CHAPTER 2 - PM Management and IT Context
PPTX
history of c programming in notes for students .pptx
PDF
How to Choose the Right IT Partner for Your Business in Malaysia
PDF
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
PPTX
Operating system designcfffgfgggggggvggggggggg
PDF
Design an Analysis of Algorithms I-SECS-1021-03
PDF
Softaken Excel to vCard Converter Software.pdf
PDF
Odoo Companies in India – Driving Business Transformation.pdf
PDF
Adobe Illustrator 28.6 Crack My Vision of Vector Design
PDF
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
PDF
top salesforce developer skills in 2025.pdf
PDF
Design an Analysis of Algorithms II-SECS-1021-03
PDF
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
PDF
Wondershare Filmora 15 Crack With Activation Key [2025
PPTX
assetexplorer- product-overview - presentation
PDF
Digital Strategies for Manufacturing Companies
PPTX
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
PDF
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool
System and Network Administration Chapter 2
Computer Software and OS of computer science of grade 11.pptx
CHAPTER 2 - PM Management and IT Context
history of c programming in notes for students .pptx
How to Choose the Right IT Partner for Your Business in Malaysia
Adobe Premiere Pro 2025 (v24.5.0.057) Crack free
Operating system designcfffgfgggggggvggggggggg
Design an Analysis of Algorithms I-SECS-1021-03
Softaken Excel to vCard Converter Software.pdf
Odoo Companies in India – Driving Business Transformation.pdf
Adobe Illustrator 28.6 Crack My Vision of Vector Design
Why TechBuilder is the Future of Pickup and Delivery App Development (1).pdf
top salesforce developer skills in 2025.pdf
Design an Analysis of Algorithms II-SECS-1021-03
Addressing The Cult of Project Management Tools-Why Disconnected Work is Hold...
Wondershare Filmora 15 Crack With Activation Key [2025
assetexplorer- product-overview - presentation
Digital Strategies for Manufacturing Companies
Lecture 3: Operating Systems Introduction to Computer Hardware Systems
Claude Code: Everyone is a 10x Developer - A Comprehensive AI-Powered CLI Tool

Logger Forwarding Connector for NNMi 7.3.0.7837.0 Configuration Guide

  • 1. HPE Security ArcSight Logger Forwarding Connector for HPE NNMi Software Version: 7.3.0.7837.0 Configuration Guide August 30, 2016
  • 2. Legal Notices Warranty The only warranties for Hewlett Packard Enterprise products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. Hewlett Packard Enterprise shall not be liable for technical or editorial errors or omissions contained herein. The information contained herein is subject to change without notice. The network information used in the examples in this document (including IP addresses and hostnames) is for illustration purposes only. HPE Security ArcSight products are highly flexible and function as you configure them. The accessibility, integrity, and confidentiality of your data is your responsibility. Implement a comprehensive security strategy and follow good security practices. This document is confidential. Restricted Rights Legend Confidential computer software. Valid license from Hewlett Packard Enterprise required for possession, use or copying. Consistent with FAR 12.211 and 12.212, Commercial Computer Software, Computer Software Documentation, and Technical Data for Commercial Items are licensed to the U.S. Government under vendor's standard commercial license. Copyright Notice © Copyright 2011-2016 Hewlett Packard Enterprise Development, LP Follow this link to see a complete statement of copyrights and acknowledgements: https://www.protect724.hpe.com/docs/DOC-13026 Support Phone Alistof phone numbers is available on the HPE Security ArcSightTechnical Support Page: https://softwaresupport.hp.com/documents/10180/14684/esp-support- contact-list Support Web Site https://softwaresupport.hpe.com Protect 724 Community https://www.protect724.hpe.com Contact Information Configuration Guide HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 2 of 18
  • 3. Contents ArcSight Logger Forwarding Connector for HPE NNMi 4 About HPE ArcSight Logger and HPE NNMi 4 Sending Events From Logger to NNMi 5 Installing the Connector 5 Configure for HPE Network Node Manager (NNMi) 8 NNMi Console 9 Logger Forwarders 11 Creating a Forwarder to Forward Events 11 Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages 13 Cisco Router Sub-messages 13 HPE H3C Sub-messages 15 HPE ProCurve Sub-messages 16 Send Documentation Feedback 18 HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 3 of 18
  • 4. ArcSight Logger Forwarding Connector for HPE NNMi This guide provides information on installing and configuring the ArcSight Logger Forwarding Connector for HPE NNMi on Windows, Linux and Solaris platforms. This Logger Forwarding Connector software supports Logger 6.2, and 6.3, NNMi 9.20, patch 1 and NNMi 10.0. See "Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages" on page 13 for details on supported Cisco Router sub-messages. Note the following: l You must upgrade to HPE NNMi 9.20, patch 1 or later to be able to use the current Logger Forwarding Connector for HPE NNMi. If you have a previous version of HPE NNMi installed, the current Logger Forwarding Connector for HPE NNMi will not function. l Use the latest version of the SmartConnector with the current Logger Forwarding Connector for NNMi. If you plan to process events from HPE ProCurve devices, you must also install the latest SmartConnector build. Note: The following changes start with the next release: o Windows and Linux 64-bit operating systems will be supported. o Solaris operating system will no longer be supported. About HPE ArcSight Logger and HPE NNMi HPE ArcSight Logger is a log management solution that is optimized for extremely high event throughput, efficient long-term storage, and rapid data analysis. Logger receives and stores events; supports search, retrieval, and reporting; and can forward selected events.The HPE ArcSight Logger Forwarding Connector allows you to send these event logs from Logger to the HPE Network Node Manager (HPE NNMi). HPE Network Node Manager (NNMi) provides continual network discovery using unified fault, availability, and performance monitoring. HPE NNMi enables network management teams to detect, locate, and diagnose faults and performance degradations of the network quickly, analyze the business and service impact of outages, and increase network staff efficiency and productivity. Using the HPE ArcSight Logger Forwarding Connector and the HPE NNMi integration install, network staff can view syslog messages from Logger in the NNMi console. HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 4 of 18
  • 5. Sending Events From Logger to NNMi Logger sends events to the Logger Forwarding Connector using CEF Syslog, which then forwards the events to NNMi via SNMP. For Logger to send events to the Logger Forwarding Connector, a Logger forwarder must be created to send these events. For instructions on how to create a forwarder to send the events, see "Creating a Forwarder to Forward Events" on page 11. Installing the Connector Before you install the connector, make sure that the ArcSight products with which the connectors will communicate have already been installed correctly (the ArcSight Logger, for example) and you have assigned appropriate privileges. 1. Download the HPE ArcSight executable for your operating system from My Updates on the HPE SSO site. 2. Start the HPE ArcSight Installer by running the executable. Follow the installation wizard through the following folder selection tasks and installation of the core connector software: Introduction Choose Install Folder Choose Install Set Choose Shortcut Folder Pre-Installation Summary Installing... 3. Select Add a Connector. Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 5 of 18
  • 6. 4. Click Next. Logger to NNMi is selected by default. 5. Click Next. Enter the Logger information. Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 6 of 18
  • 7. Parameter Description Network Port 514 or another port that matches the Receiver (the port to which the Forwarding Connector sends events) IP Address IP or host name of the Logger Protocol UDP or Raw TCP Note: Whichever protocol you choose, it must match that of the forwarder type chosen during Logger Forwarder configuration. 6. Click Next. HPE NNMi is selected by default. 7. Click Next. Fill in the parameter information required for connector configuration. Parameter Description Host Enter the Host name or IP address of the NNMi device. Port Enter the port to be used by the adaptor to forward events. The default port is 162. To determine if the trap port monitored by NNMi is other than the default, use the NNMi command: $NnmInstallDir/bin/nnmtrapconfig.ovpl -showProp See the NNMI ArcSight Logger Integration Guide, HPE ArcSight Logger chapter for details on HPE NNMI and Logger integration. Version Accept the default value of SNMP_VERSION_2. SNMP_VERSION_3 is not available at this time. Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 7 of 18
  • 8. Parameter Description Read Community(v2) Enter the SNMP Read Community name. Write Community(v2) Enter the SNMP Write Community name. Authentication Username(v3) For use with SNMP v3. This is not available at this time. Authentication Password(v3) Enter the authentication password. Security Level(v3) The default value is AuthNoPriv Authentication Scheme(v3) The default value is MD5. Privacy Password(v3) Enter the privacy password. Context Engine Id(v3) Enter the context engine. Context name(v3) Enter the context name. 8. Click Next. Enter a name for the connector and provide other information identifying the connector's use in your environment. 9. Click Next. Read the installation summary and click Next. If the summary is incorrect, click Previous to make changes. 10. When the connector completes its configuration, click Next. The Wizard now prompts you to choose whether you want to run the connector as a process or as a service. If you choose to run the connector as a service, the Wizard prompts you to define service parameters for the connector. 11. Click Next. Choose Exit, to complete the connector installation, or choose Continue, to continue to make connector modifications. Click Next to exit or continue. Configure for HPE Network Node Manager (NNMi) Add new node for the VM with the IP address where you want to receive trap. Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 8 of 18
  • 9. NNMi Console These modules are automatically filled in the NNMi Console: See "Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages" on page 13 for a complete list of supported sub-messages. When events are sent from Forwarding Connector to NNMi, only events which contain attribute mnemonic, shown below, are parsed in syslog message incident. Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 9 of 18
  • 10. Incidents for these valid events would be shown in the incident view. Detail of an incident: Configuration Guide Installing the Connector HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 10 of 18
  • 11. Logger Forwarders Logger Forwarders allow you to send all events, or events which match a particular filter, to another destination, in this instance to the Logger Forwarding Connector for HPE NNMi. For more detailed information on Logger Forwarders, see the ArcSight Logger Administrator’s Guide. Note: You cannot configure a Logger Forwarder to send data to a destination on the same system. Logger forwarding uses several forwarder types, but the Logger Forwarding Connector operates with UDP and TCP forwarder types only. l UDP Forwarders forward events as User Datagram Protocol messages, such as Syslog format datagrams. l TCP Forwarders forward events as Transmission Control Protocol messages. Creating a Forwarder to Forward Events In order to successfully forward events from Logger to NNMi, a Logger Forwarder must be created. To do so, complete the following steps in the Logger web application. 1. Click Configuration from the top-level menu bar. 2. Click Event Input/Output in the left panel. 3. Click the Forwarder tab, then click Add. The Add Forwarder page appears. 4. Enter a name for the new forwarder and choose either “UDP Forwarder” or “TCP Forwarder”. Caution: Whichever forwarder type you choose, it must match that of the SmartConnector protocol and port chosen during installation. 5. Click Next. 6. The Edit Forwarder page appears. 7. Within the Query field, create a query to filter the events sent to NNMi, or leave the default, NONE, to send all events. 8. Continue to fill in the remaining parameters, ensuring that the Ip/Host field contains the correct Logger Forwarding Connector IP address and that the Port number matches that of the connector. 9. Click Save. The following page appears. Configuration Guide Logger Forwarders HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 11 of 18
  • 12. 10. New forwarders are initially disabled, so click the disabled icon ( ) to enable the new forwarder. The forwarder is now enabled. Note: To create a specific filter for NNMi, refer to the HPE NNMi documentation. Tip: Wait a few minutes after enabling a forwarder before disabling it. Likewise, wait before enabling a forwarder that has just been disabled. Background tasks initiated by enabling or disabling a forwarder can produce unexpected results if they are interrupted. Configuration Guide Logger Forwarders HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 12 of 18
  • 13. Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages This appendix lists Cisco Router, HPE H3C, and HPE ProCurve sub-messages, for which additional mappings were provided in this release. Cisco Router Sub-messages The following Cisco Router sub-messages are provided: l BGP-5-ADJCHANGE l CDP-4-DUPLEX_MISMATCH l DTP-3-NONTRUNKPORTFAIL l DTP-3-TRUNKPORTFAIL l DTP-5-NONTRUNKPORTON l DTP-5-TRUNKPORTCHG l DTP-5-TRUNKPORTON l FR-5-DLCICHANGE l LINEPROTO-5-UPDOWN l LINK-3-UPDOWN l STANDBY-3-DUPADDR l LINK-4-ERROR l PAGP-5-PORTFROMSTP l PAGP-5-PORTTOSTP l PORT_SECURITY-2-PSECURE_VIOLATION_VLAN l SNMP-5-MODULETRAP l SPANTREE-5-PORTLISTEN l SPANTREE-5-ROOTCHANGE HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 13 of 18
  • 14. l SPANTREE-6-PORTFWD l SPANTREE-6-PORTLISTEN l STACKMGR-6-MASTER_ELECTED l STACKMGR-6-MASTER_READY l STACKMGR-6-STACK_LINK_CHANGE l STANDBY-6-STATECHANGE l SYS-3-MOD_CFGMISMATCH1 l SYS-3-MOD_CFGMISMATCH2 l SYS-3-MOD_CFGMISMATCH3 l SYS-3-MOD_CFGMISMATCH4 l SYS-3-PKTBUFBAD l SYS-3-PORT_COLL l SYS-3-PORT_COLLDIS l SYS-3-PORT_IN_ERRORS l SYS-3-PORT_RUNTS l SYS-4-SYS_LCPERR4 l SYS-5-MOD_INSERT l SYS-5-MOD_OK l SYS-5-MOD_REMOVE l SYS-5-MOD_RESET l SYS-5-RELOAD l SYS-5-RESTART l SYS-5-SYS_LCPERR5 Configuration Guide Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 14 of 18
  • 15. HPE H3C Sub-messages The following HPE H3C sub-messages are provided: l CFM/5/CFM_SAVECONFIG_SUCCESSFULLY l NTP/5/NTP_SOURCE_LOST l DEV/4/FAN_FAILED l OSPF/5/OSPF_NBR_CHG l DEVM/3/BOARD_REMOVED l DEV/4/FAN_RECOVERED l DEVM/2/BOARD_STATE_FAULT l VRRP/6/VRRP_STATUS_CHANGE l DEV/4/POWER_FAILED l DEV/4/POWER_RECOVERED l MSTP/5/MSTP_BPDU_RECEIVE_EXPIRY l OPTMOD/4/MODULE_IN l OSPF/6/OSPF_LAST_NBR_DOWN l ARP/5/ARP_DUPVRRPIP l ARP/3/ROUTECONFLICT l BFD/5/BFD_CHANGE_FSM l BGP/5/BGP_RECHED_THRESHOLD l DEV/4/BOARD_LOADING l DEV/4/LOAD_FINISHED l DEVM/2/POWER_FAILED l DEVM/5/POWER_RECOVERED l DEVM/3/RPS_ABSENT l DEVM/5/RPS_NORMAL l DEVM/5/SYSTEM_REBOOT Configuration Guide Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 15 of 18
  • 16. l DEV/4/POWER_ABSENT l DEV/4/SYSTEM_REBOOT l LDP/5/LDP_SESSION_DOWN l OPTMOD/5/CHKSUM_ERR l OPTMOD/5/IO_ERR l OPTMOD/5/MOD_ALM_OFF l OPTMOD/5/MOD_ALM_ON l OPTMOD/4/MODULE_OUT l OPTMOD/3/TYPE_ERR l PIM/5/PIM_NBR_DOWN l STM/4/LINK_STATUS_CHANGE l STM/3/STM_LINK_STATUS_DOWN l STM/6/STM_LINK_STATUS_UP HPE ProCurve Sub-messages The following HPE ProCurve sub-messages are provided: l RMON_PMGR_PORT_UP l RMON_CHASSIS_FAN_STATUS l RMON_STP_NEW_ROOT l RMON_LACP_DYNAMIC_TRUNK_OFF_LINE l RMON_LACP_DYNAMIC_TRUNK_ON_LINE l RMON_LACP_ERROR_CONDITION_BLOCK l RMON_POEMGR_PD_DENIED_POWER l RMON_POEMGR_PD_OVERCURRENT l RMON_POEMGR_INTERNAL_50V_FAULT l RMON_BOOT_CRASH_RECORD0 l RMON_BOOT_CRASH_RECORD1 Configuration Guide Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 16 of 18
  • 17. l RMON_BOOT_NO_CRASH_RECORD l RMON_BOOT_SELFTEST_FAILURE l RMON_SSH_DISABLED l RMON_SSH_ENABLED l RMON_CHASSIS_POWER_STATUS l RMON_CHASSIS_HEARTBEAT_FAILURE Configuration Guide Appendix A: Supported Cisco Router, HPE H3C, and HPE ProCurve Sub-Messages HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 17 of 18
  • 18. Send Documentation Feedback If you have comments about this document, you can contact the documentation team by email. If an email client is configured on this system, click the link above and an email window opens with the following information in the subject line: Feedback on Configuration Guide (Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0) Just add your feedback to the email and click send. If no email client is available, copy the information above to a new message in a web mail client, and send your feedback to arc-doc@hpe.com. We appreciate your feedback! Documentation Revision History Date Product Version Description 08/30/2016 7.3.0.7837.0 HPE branding. Updated supported Logger versions. 02/15/2016 7.1.7.7609.0 Support for version 10.0. Installation support for Windows 2012 R2. Support for RHEL 7.1. Support for 64-bit on Linux and Windows platforms. Support for Logger 6.0. 09/28/2012 5.2.3.6287.0 Added support for selected HP H3C and HP ProCurve submessages. Added support for HP NNMi 9.20, patch 1 and a new connector installation wizard. Event data is forwarded as CEF Syslog from Logger to the Logger Forwarding Connector for HP NNMi. The parsing is now enabled only in the corresponding release of the SmartConnectors. Forwarding events from supported devices such as Cisco Router, HP H3C, and HP ProCurve directly to the Logger Forwarding Connector without SmartConnectors or Logger is not a supported configuration. 05/15/2012 5.2.1.6206.0 Added support for selected Cisco Router sub-messages. 11/15/2011 5.1.7.6081.0 Added support for JRE 1.6.0_26. HPE Logger Forwarding Connector for HPE NNMi 7.3.0.7837.0 Page 18 of 18