1 Reply Latest reply on Sep 12, 2017 1:12 AM by micahwillliams

    Has anyone deployed ArcSight on virtual machines?

    partlycloudy Lurker


      Has anyone landed ArcSight server roles on VMWare virtual machines?  I've "googled" for it, but only found a reference to ArcSight Connectors. 


      Please advise.




        • 1. Re: Has anyone deployed ArcSight on virtual machines?
          micahwillliams Novice

          So, HP ArcSight Logger is a CentOS 6.2 VMWare appliance. If you want to kick the tires, patch it and add a GUI desktop, perform the following steps.

          – Note that this probably voids your support and is totally unsupported by HP.

          1) Download the VM appliance from the URL below. I selected the VMware appliance. Extract the zip file and import the OVA into vCenter.

          Click Trials and Demos here:

          2) The The default root password is arcsight. They have configured ssh to allow remote root logins which is odd for a Security related product.

          -> ssh root@<your logger vm IP>

          3) Add the CentOS repository to yum.conf.

          -> vi /etc/yum.conf and add the section below to the bottom of the file.

          name=CentOS-$releasever – Base
          #released updates

          -> wq!

          4) Import the key.

          -> rpm –import http://mirror.centos.org/centos/RPM-GPG-KEY-CentOS-6

          4) Update yum.

          -> yum update  (enter no to update all packages)

          5) Install the Desktop.

          For a Gnome desktop run:
          -> yum groupinstall Desktop

          For a KDE desktop run:
          -> yum groupinstall “kde desktop”

          When done installing, fix a bug and add a few rpms.

          -> mkdir -p /var/run/dbus/system_bus_socket;chmod 775 /var/run/dbus/system_bus_socket

          -> yum install perl

          -> yum install gpm

          -> -yum install xorg-x11-drv-intel

          6)  Install VMware tools. Copy the vmware tools for linux iso file over to the vm via scp or Winscp, place in /tmp and mount.

          -> mount -o loop VMware-tools-linux-9.0.5-1065307.iso /mnt

          -> cd /mnt

          -> cp VMwareTools-9.0.5-1065307.tar.gz /tmp/

          -> cd /tmp/

          -> umount /mnt

          -> tar -zxvf VMwareTools-9.0.5-1065307.tar.gz

          -> cd vmware-tools-distrib

          -> ./vmware-install.pl  (and follow the prompts – defaults are fine for now)

          -> reboot

          7) Increase the size of /boot so the patches can be applied. Download the systemrescuecd ISO, attach to the VM and boot into it. Note that you may have to boot into the VM bios and change the boot order by moving the CDROM device to the top.
          a) once the ISO boots, at the prompt enter: startx.
          b) Click the CD icon in the lower left corner (like the Start menu in Windows), System > GParted.
          c) Right-click /dev/sda3 and select Resize/move. Reduce the size by 2 Gigs and click Resize/Move. At the top under Partition, click the green Check Mark to apply the changes. This will take about 5 minutes. Right-click /dev/sda3 and select Resize/Move. On the slider bar, click the partition itself and move it to the right as far as it will go. This changes the start of the partition and allows you to resize /boot. Click the green check mark and ignore the warning about moving the partition.
          d) Right-click /dev/sda2 and select Resize/Move. Increase the size by the remaining space available clicking the small up arrow in the New Size field and click Resize/Move. At the top under Partition, click the green Check Mark to apply the changes. This will take about 5 minutes.
          e) Click the CD Icon and click Log Out > Log Out.
          f) Shutdown the VM and disconnect the ISO from within Edit Settings. When done power on the VM.

          8) Log in as root and update the rest of the VM.

          -> yum upgrade

          -> reboot