Installing the Database

This section provides information about configuring the database server and installing the ArcSight Database.

Recon and Intelligence are the only capabilities that need the database currently.

 

Preparing the Database Node for Installation

  1. Provision the server with at least 2 GB of swap space.
    In case the pre-check on swap space fails after provisioned 2 GB on swap, a provision swap with 2.2 GB should solve the problem.
  2. Add the following parameters to /etc/sysctl.conf.
    3. Parameter Description
    net.core.somaxconn = 1024 Increases the number of incoming connections
    net.core.wmem_max = 16777216 Sets the send socket buffer maximum size in bytes
    net.core.rmem_max = 16777216 Sets the receive socket buffer maximum size in bytes
    net.core.wmem_default = 262144 Sets the receive socket buffer default size in bytes
    net.core.rmem_default = 262144 Controls the default size of receive buffers used by sockets
    net.core.netdev_max_backlog = 100000 Increase the length of the network interface input queue
    net.ipv4.tcp_mem = 16777216 16777216 16777216
    net.ipv4.tcp_wmem = 8192 262144 8388608
    net.ipv4.tcp_rmem = 8192 262144 8388608
    net.ipv4.udp_mem = 16777216 16777216 16777216
    net.ipv4.udp_rmem_min = 16384
    net.ipv4.udp_wmem_min = 16384
    vm.swappiness = 1

    Defines the amount and frequency at which the kernel copies RAM contents to a swap space

    For more information, see Check for Swappiness.
  3. Add the following parameters to /etc/rc.local.
    4. The following commands assume that sdb is the data drive ( i.e. /opt ), and sda is the operating system/catalog drive.
    Parameter Description

    echo deadline > /sys/block/sdb/queue/scheduler

    		Resolve FAIL (S0150)

    /sbin/blockdev --setra 2048 /dev/sdb

    		Resolve FAIL (S0020) when database resides on /dev/sdb
    echo always > /sys/kernel/mm/transparent_hugepage/enabled  
    tuned-adm profile throughput-performance Resolve WARN (S0140/S0141) (CentOS only)
  4. In /etc/default/grub, append line GRUB_CMDLINE_LINUX with intel_idle.max_cstate=0 processor.max_cstate=1. For example:
    GRUB_CMDLINE_LINUX="vconsole.keymap=us crashkernel=auto  vconsole.font=latarcyrheb-sun16 rhgb quiet intel_idle.max_cstate=0 processor.max_cstate=1"

    Execute the following command:

    grub2-mkconfig -o /boot/grub2/grub.cfg

  5. Use iptables to disable the firewall WARN (N0010):

    iptables -F

    iptables -t nat -F

    iptables -t mangle -F

    iptables -X

    systemctl mask firewalld

    systemctl disable firewalld

    systemctl stop firewalld

    The database requires several ports to be open on the local network. Micro Focus does not recommend that you place a firewall between nodes (all nodes should be behind a firewall), but if you must use a firewall between nodes, ensure that all the database ports are available (see Firewall ports in Technical Requirements for ArcSight Platform). For more information, see Firewall Considerations.
  6. Set SELinux to permissive mode in /etc/selinux/config. 
    SELINUX=permissive

    For more information, see SELinux Configuration.

  7. Reboot the system for your changes to take effect.

 

Configuring BIOS for Maximum Performance

Depending on your hardware, you might be able to access options to configure power and performance. Configure the system for maximum performance in the BIOS while the system is powering on. For example, for HPE hardware, the following setting is available. 

System Configuration > BIOS/Platform Configuration (RBSU) > Power Management > HPE Power Profile > Maximum Performance

 

Enabling Passwordless Communication

This section describes how to configure passwordless communication from the node1 server to all of the node servers in the cluster.

You must repeat the authentication process for all nodes in the cluster.
  1. On the node1 server, run the ssh-keygen command:
    2. ssh-keygen -q -t rsa
  2. Copy the key from node1 to all of the nodes, including node1, using the node IP address:
    3. ssh-copy-id -i ~/.ssh/id_rsa.pub root@11.111.111.111

    The system displays the key fingerprint and requests to authenticate with the node server.

  3. Enter the required credentials for the node.
  4. The operation is successful when the system displays the following message:
    5. Number of key(s) added: 1
  5. To verify successful key installation, run the following command from node1 to the target node to verify that node1 can successfully log in:
    6. ssh root@11.111.111.111

 

Modifying the System Clock

A network time server must be available. chrony implements this protocol and is installed by default on some versions of RHEL and CentOS. chrony must be installed on every node.

Verify the chrony configuration by using the command:

# chronyc tracking

To install chrony, start the chrony daemon, then verify operation with these commands:

# yum install chrony
# systemctl start chronyd
# systemctl enable chronyd
# chronyc tracking

 

Determining FIPS Configuration

To enable or disable FIPS, follow the steps in Enabling FIPS Mode on the Database Server

 

Configuring and Installing the Database Server

Before installing the database, ensure that you estimate the storage needed for the incoming EPS (event per second) and event size, and also evaluate the retention policy accordingly.
  1. On the Database cluster node1 server, create a folder for the database installer.

    2. For example:

    mkdir /opt/arcsight-db-tools
    /opt/arcsight-db-tools should not be under /root or /opt/vertica.
  2. From the master node where you performed the Downloading Installation Packages steps, copy the following directory on the Database cluster node1 server:

    3. {unzipped-installer-dir}/installers/database/db-installer_x.x.x-x.tar.gz file to the /opt/arcsight-db-tools

  3. To extract the installer file and place it in the correct directory, run the following commands:
    4. cd /opt/arcsight-db-tools
tar xvfz db-installer_x.x.x.x.tar.gz
  4. Edit the config/db_user.properties file. The hosts property is required.

    5. Property

    Description

    hosts

    A comma separated list of the database servers in IPv4 format (for example, 1.1.1.1,1.1.1.2,1.1.1.3).

    If it is necessary to construct the cluster, avoid using local loopback (localhost, 127.0.0.1, etc.).
  5. Install the database.
    6. ./db_installer install
  6. When prompted, create the database administrator user.

    7. The database administrator user account is used during database deployment, configuration, upgrade, and debugging. For security reasons, the platform deployed capabilities will not ask you for the credentials for this user.

    For a list of options that you can specify when installing the database, see Understanding the Database Installer Options.
  7. Create the schema.
    8. ./db_installer create-schema
  8. When prompted, create the following users:

    • App admin user: A regular database user granted elevated permissions for performing operations on the database to manage the database, schema, and resource pools. The credentials for this user will need to be provided later in the CDF Management Portal when you are deploying capabilities.

    • Search user: A regular database user with permissions restricted to event search operations. The credentials for this user will need to be provided later in the CDF Management Portal when you are deploying capabilities.

  9. Monitor your database cluster status constantly. For more information, see Monitoring the Database.
    • Database nodes status: Ensures all nodes are up
    • Database nodes storage status: Ensures storage is sufficient