Scanning a Host
Scanning a host will inventory all currently running containers on the host and the connectors associated with them.
To ensure accuracy and currency of container inventory, you will need to manually scan for new containers in any of the following circumstances:
-
Additional containers or connectors are added to a remote host after it has been added to ArcSight Management Center.
-
Containers and connectors are removed from a remote host managed in ArcSight Management Center.
-
Any containers which were down when the initial, automatic scan was performed have since come back up.
-
The license for a managed ArcSight Management Center (managed by another ArcSight Management Center) is upgraded to increase the number of licensed containers.
Any host that includes containers is scanned automatically when first added to ArcSight Management Center.
You can manually scan any host types that can run containers. These types include:
-
Connector Appliances
-
Loggers (L3XXX models only)
-
ArcSight Management Center Appliances
- Connectors
The Scan Process
A host scan retrieves information on all CA certificates from any running containers on the host. The containers on the remote host can be managed only if ArcSight Management Center can authenticate using the certificates and the credentials. You are prompted to import any retrieved certificates into the ArcSight Management Center trust store.
A manual scan will be discontinued if any of the following are true:
-
Any containers on a scanned Connector Appliance host are down.
-
If you choose not to import any certificates that are retrieved.
-
Authentication fails on any of the containers.
Note: When a Collector and connector are intended to run on the same host, add the Collector to ArcMC first, before the connector. Then perform a scan host to correctly detect the connector.
To manually scan a host:
-
Click Configuration Management > Bulk Operations.
-
In the navigation tree, select the location to which the host has been assigned.
-
Click the Host tab.
-
Select the host you want to scan, click Scan Host. The Host Scan wizard starts.
-
Enter values for the parameters in the following table, and then click Next.
Parameter
Description
Starting Port
The port number on the host on which ArcSight Management Center starts scanning for containers.
Ending Port
The port number on the host on which ArcSight Management Center ends scanning for containers.
Connector Username
The Connector user name to authenticate with the host.
Connector Password
The password for the Connector you provided.
Collector Username
The Collector user name to authenticate with the host.
Collector Password
The password for the Collector you provided.
-
Connector certificates are retrieved automatically so that the ArcSight Management Center can communicate with each connector in a container. The Host Scan wizard lists the certificates. (To see certificate details, hover over the certificate.)
-
To continue the scan, select Import the certificates, and then click Next to import the certificates and continue.
-
Otherwise, select Do not import the certificates, and then click Next. The Host Scan wizard discontinues the scan.