Import Metadata for Logger Events

Not available to customers in the ArcSight SaaS environment.

Select Configuration > Import Logger Data > Logger Metadata Import.

This topic applies only to Logger processes soon-to-be shut down.

Logger metadata refers to the information that is stored in the Logger postgresql database, which is needed to read the events from the Logger archive files for each storage group.

You import the metadata once for each Logger whose processes are soon to be shutdown. Complete the following activities:

Register a Logger

Applies only if you have not previously registered the Logger from which you will import data

Before importing the metadata, make sure to add the Logger details for the import process.

  1. In ArcSight Platform, select Configuration > Import Logger Data > Logger Metadata Import.

  2. Click the + icon.

  3. Add the Logger details such as:

    1. Host: Logger IP address or host name

      For example, 12.345.67.890 or logger6.extremelyfocused.com

    2. Host Username: OS username
    3. Host Password: OS password

  4. Click Save. Otherwise, click Cancel.

Note: You can remove Logger registration if no data has been imported. To delete the Logger registration, click the delete icon (trash can).

Import the Metadata

Note: It's recommended that you perform the following steps before the actual metadata import:

  • Stop all Logger event ingestion

  • Switch connectors to send events to the ArcSight Database

  • Archive all the existing events in Logger before importing the Logger metadata

While importing the metadata, the Logger server must be accessible at all times.

The metadata contains all the information related to accessing the events of a particular Logger. You can migrate the Logger metadata to the ArcSight Database directly from the Logger Metadata Import page.

Make sure to import the metadata before importing the Logger data as this is the first step to view and consume logger events.

  1. In ArcSight Platform, select Configuration > Import Logger Data > Logger Metadata Import.

  2. Check the box next to the Logger whose metadata will be migrated and click the import icon.

    A pop-up window will notify you that the Logger metadata import procedure is about to begin, making sure you have already mounted the appropriate archives on all database nodes.

    At this point, you must decide whether Logger processes resume after the import of metadata is done:

    • Yes: The Logger processes will resume after the import is finished. ArcSight Platform proceeds to import and store the metadata.

    • No: The Logger processes will remain shut down. ArcSight Platform proceeds to import and store the metadata.

      • After successfully importing the metadata and the Logger processes have been shut down, you have the option to remove or repurpose that particular Logger.

    • Cancel: The system will not continue with the process for importing the metadata. The Logger continues in its current state.

Update the Logger Registration

Required only if user credentials for the registered Logger have changed.

If the credentials have been changed after registering a Logger, make sure to update the username and password information before importing the Logger metadata.

The Logger processes status, host username, and password can be updated after the Logger registration, but only if the metadata import process hasn't started.

These values cannot be updated after you start an import.

  1. In ArcSight Platform, select Configuration > Import Logger Data > Logger Data Import.

  2. Check the box next to the Logger host and click the pencil icon.

  3. Update the values accordingly.

    Ensure that the username and password that you use match the OS credentials set in Logger.

  4. Click Save. Otherwise, click Cancel.