The Configurations Table
The Configurations table lists all currently available subscriber configurations in ArcSight Management Center. Each listed configuration, whether it was created in ArcSight Management Center or imported from an existing node, is considered the baseline copy of that configuration, for pushing to managed nodes. The table includes the following columns.
-
Name: The name of the configuration.
-
Type: The type of configuration.
-
Last Edited By: The most recent user to edit the configuration.
-
Compliance: An aggregation of the status of the individual subscribers to that configuration.
-
Compliant indicates that all subscribers are in compliance.
-
Non-Compliant indicates that at least one subscriber is out of compliance.
-
Unknown indicates that the compliance status for one or more subscribers cannot be determined (for example, because connectivity to one or more subscribers is not available).
Tip: You can check the individual compliance of each subscriber on the Subscribers tab.
Click any column header to sort the Configurations table by that column.
To view the details of any configuration, click its name in the list. The Details and Subscribers tabs will display additional information.
Tip: To select multiple items from any list, Shift+Click or Ctrl+Click while selecting.
The Details Tab
The Details tab shows the specifics of the configuration, including any configured attributes and their values.
Configuration Name
Each configuration has a unique name. A configuration may be up to 255 characters in length.
General
General details describe the basics of the configuration, as follows:
-
Configuration Type: The type of the configuration. For details of configuration types, see Subscriber Configuration Types.
-
Last Edited By: The most recent user to edit the configuration.
Properties
A property is a group of one or more settings for the configuration. For example, for the NTP Server configuration, the property includes two settings: Enable as NTP Server (a Boolean value indicating whether to enable the product as an NTP server), and NTP Servers (a list of NTP servers).
The specific parameters included in each property are pre-defined for each configuration type. ArcSight Management Center prompts for values of each setting when the property is selected. Each parameter must be assigned a valid value corresponding to its data type. For instance, if the data type is integer, you must specify an integer value. A red asterisk (*) indicates a required parameter.
A configuration type that can include more than one property is known as a list configuration. A list configuration represents a configuration with multiple instances of data values of the same kind. Each instance is known as a property.
For example, the Connector Map File configuration could include information on multiple map files. Each Property would represent a different map file (with different values for file path and content).
Note: A pushed list configuration will override any existing configuration of the same type on the managed node. To append data to an existing configuration, use the bulk management tools (Set Configuration)
For a description of supported configuration types, the parameters associated with each type, and their data types, see The Configurations Table.
The Subscribers Tab
The Subscribers list shows all managed nodes currently eligible to receive the configuration. (The list is empty if no hosts have been added yet.)
The tab includes these operations buttons:
Add Subscribers | Adds subscribers to the existing configuration. |
Push | Pushes the configuration to one or more selected subscribers. |
Check Compliance | Checks the compliance of all subscribers with the baseline configuration. |
Unsubscribe | Removes one or more selected subscribers from the subscriber list. |
The list includes the following columns:
-
Path: The path of the subscribing node, consisting of location/hostname/node type.
-
Type: The type of subscribing node.
-
Last Pushed At: The time and date of the most recent push to the subscriber.
-
Last Push Status: The status of the most recent push to the subscriber.
-
Succeeded: The configuration push was successful.
-
Failed: Hover over the link to determine the reason for the push failure. An error message is displayed to help in remediation of the issue. For more information, see Push Remediation .
-
Unknown: Initial status before the subscriber has received any pushes.
-
Last Compliance Check: The date and time of the most recent compliance check.
-
Compliance: Whether the node is in compliance with the configuration.
-
Compliant indicates the node is in compliance. The values for all settings associated with the configuration type match the values from the configuration.
-
Non-Compliant indicates the node is out of compliance. One or more values for the settings associated with the configuration type do not match the values from the configuration. Hover over No to show the cause of the node’s non-compliance.
-
Unknown indicates either that the node’s compliance could not be determined at the time of the most recent compliance check, or that the node has not yet undergone a compliance check.
Non-Compliance Reports
You can determine why a compliance status is Non-Compliant.
For a compliance status of Non-Compliant, click the status to display the Configuration Comparison dialog, which compares all setting values for the configuration on ArcMC and on the managed node.
Click Push Configuration to push the configuration to the managed node in order to make it Compliant.