Connector Configuration Types
Connector configurations set values for settings on containers, connectors, or Collectors. The available connector configuration types are listed here.
BlueCoat Connector Configuration
A BlueCoat Connector configuration defines settings for one or more BlueCoat connectors. The configuration is only pushed to a target if a BlueCoat connector exists.
To push a BlueCoat Connector configuration from to a managed node that already has values defined for all fields listed here, then specify values for all fields in the pushed configuration. Default values may be used if necessary.
Parameter |
Data Type |
Description |
---|---|---|
Row Number* |
Integer |
Row number of the table parameter to which the configuration is pushed. |
Log File Wildcard* |
String |
Log file wildcard. |
Log File Type* |
String |
Log file type. Valid values are:
|
Processing Mode |
String |
Processing mode. Valid values are Batch and Real time. |
Post-Processing Mode |
String |
Post-processing mode. Valid values are:
|
Mode Options |
String |
Mode options. Required if Post-Processing Mode is chosen as |
Processing Threshold |
Integer |
Interval, in hours, after which the log file will be marked as processed. |
Processing Limit |
Integer |
Number of files that can be read in the directory at the same time. |
FIPS Configuration
A FIPS configuration enables or disables FIPS mode on a container.
Parameter |
Data Type |
Description |
---|---|---|
Enabled* |
Boolean |
If Yes, FIPS is enabled on the container. |
Map File Configuration
A map file configuration defines the path and content of one or more container map files. Each Path/Content pair represents a single map file. To include multiple files, add multiple Properties to the configuration.
-
When pushed, the configuration deletes all
*.properties
files in the\map
directory on the target, then adds the list of map files to the target, replacing any existing map files. -
If the configuration contains an empty list, all
*.properties
files are deleted.Note: If importing and uploading a map configuration file, convert the downloaded CSV file into a .properties file before uploading.Uploading Map Files Larger Than 1 MB
-
Log in to the OMT Management Portal. See Accessing the OMT Management Portal for more information.
-
From the left menu select Deployment > Deployments.
-
Click ... (Browse) on the far right and choose Reconfigure. A new screen will open in a separate tab.
-
Select the Fusion tab
-
Scroll down to the ArcMC Configuration section, and enter the desired value for the Maximum In-memory Buffer Size parameter.
-
Click Save. The ArcMC pod will be restarted.
If
<install_dir>/userdata/arcmc/logger.properties
does not exist, then create one in a text editor. This file must be owned by a non-root user. For an ArcMC appliance, use the 'arcsight' user, and for software ArcMC, use the non-root account used to install the ArcMC.Modify the
<install_dir>/userdata/arcmc/logger.properties
by adding:configuration.max.inmemory.mb=2
Note: 2097152 = 2 * 1024 * 1024After adding the previous line, owner and permissions need to be changed:
chown <non-root user>:<non-root user> logger.properties
chmod 660 logger.properties
Finally, restart the web process after making any edits to
logger.properties.
Map File Configuration Parameters
Parameter
Data Type
Description
Path*
String
Path to the map file.
Content*
String
Content of the map file.
-
Parser Override Configuration
A parser override configuration defines the path and content of one or more container parser override files.
Each Path/Content pair represents a single parser override file. To include multiple files, add multiple Properties to the configuration.
-
When pushed, the configuration deletes all
*.properties
files in the\fcp
directory on the target, then adds the list of parser override files to the target, replacing any existing parser override files. -
If the configuration contains an empty list, all
*.properties
files are deleted.Parser Override Configuration Parameters
Parameter
Data Type
Description
Path*
String
Path to the parser override file.
Content*
String
Content of the parser file.
Syslog Connector Configuration
A Syslog connector configuration defines values for one or more Syslog connectors. The configuration is only pushed to the target node if a Syslog connector exists.
Parameter |
Data Type |
Description |
---|---|---|
Port* |
Integer |
Syslog connector port. |
Protocol* |
Enum |
Protocol of the syslog connector (either UDP or Raw TCP). |
Windows Unified Connector (WUC) External Parameters Configuration
A WUC External Parameters connector configuration defines the external parameters for one or more WUC connectors. The configuration is only pushed to the target node if a WUC connector exists.
Limitations to WUC External Parameters Configurations
A WUC external parameters configuration has the following limitations:
-
Domain user password is not supported as a WUC configuration parameter. Instead, domain user password must be managed individually for each WUC host.
-
WUC connectors are not FIPS-compliant.
-
If you wish to push a WUC configuration from ArcMC to a managed node that already has values defined for all fields listed here, then you must specify values for all fields in the pushed configuration. Default values may be used if necessary.
WUC External Parameters Configuration Parameters
Parameter
Data Type
Description
Domain Name*
String
Windows domain name.
Domain User*
String
Windows domain user name.
Active Directory Host
String
Hostname for the Active Directory server, if one is used.
-
If specified, values for User, User Password, Base DN, Protocol, and Port must be specified in subsequent entries.
Active Directory Use
String
Username for the AD server.
-
Required if a value is provided for Active Directory Host.
Active Directory User Password
String
Password for AD server.
-
Required if a value is provided for Active Directory Host.
Active Directory Base DN
String
Base DN of the Active Directory.
-
Required if a value is provided for Active Directory Host.
Active Directory Protocol
String
Protocol for Active Directory.
-
Required if a value is provided for Active Directory Host.
Active Directory Port
String
Port for Active Directory.
-
Required if a value is provided for Active Directory Host.
Global Catalog Server
String
Hostname for the Global Catalog server, if one is used.
-
If specified, values for User Name, User Password, and Base DN must be specified in subsequent entries.
Global Catalog User Name
String
Username for the GC server.
-
Required if a value is provided for Global Catalog server.
Global Catalog User Password
String
Password for the GC server.
-
Required if a value is provided for Global Catalog server.
Global Catalog Base DN
String
Base DN of the GC server.
-
Required if a value is provided for Global Catalog server.
WEF Collection*
String
Indicates if Windows Event Format collection is enabled. Valid values are:
-
Disabled
-
Enabled (use Active Directory for sources)
-
Enabled (do not use Active Directory for sources)
Note: WEF collection is only supported for Connector versions 6.0.6 or later. Otherwise, compliance checks for checks for WUC External Parameters configurations will always fail.
-
Windows Unified Connector (WUC) Internal Parameters Configuration
A WUC Internal Parameters connector configuration defines the internal parameters for one or more WUC connectors. The configuration is only pushed to the target if a WUC connector exists.
Limitations to WUC Internal Parameters Configurations
A WUC internal parameters configuration has the following limitations:
-
Domain user password is not supported as a WUC configuration parameter. Instead, domain user password must be managed individually for each WUC host.
-
WUC connectors are not FIPS-compliant.
-
If you wish to push a WUC configuration from ArcMC to a managed node that already has values defined for all fields listed here, then you must specify values for all fields in the pushed configuration. Default values may be used if necessary
WUC Internal Parameters Configuration Parameters
Parameter
Data Type
Description
Enable GUID Translation*
Boolean
If true, Globally Unique Identifier translation is enabled.
Enable SID Translation*
Boolean
If true, Security Identifier translation is enabled.
Enable SID Translation Always*
Boolean
If true, SID translation is used even for events Windows does not translate.
FCP Version
Integer
File Control Protocol version number.
Global Catalog Port
Integer
Port used by Global Catalog server.
Global Catalog Security Protocol
Enum
Security protocol used by Global Catalog server.
Host Browsing Threads Sleep Time
Integer
Time in milliseconds between host browsing queries.
Inactivity Sleep Time
Integer
Time in milliseconds to sleep if no events are retrieved from the configured hosts
Log Rotation Check Interval
Integer
Time in milliseconds to wait before checking for log rotation.
Reconnect Interval
Integer
Time in milliseconds after which the connection to a previously down host is to be retried.
Rotation Retry Count
Integer
Number of times to check that log has been rotated.
Rotation Retry Interval
Integer
Interval in milliseconds for rotation retry.
Sleep Time
Integer
Time, in milliseconds, to sleep before collecting more events from hosts (-1 means disable sleep time).
Thread Count
Integer
Number of threads to use for the connector.