Open topic with navigation

Adding and Deleting Peer Relationships

The Peer Nodes page displays the current peer relationships. From here, you can add and delete peers.

Adding a Peer

Adding a peer creates a peer relationship between two Loggers, two ArcSight Managers, or a Logger and a Manager. Once added, you can delete a peer, but you cannot edit it. See Guidelines for Configuring Peers for more information.

Adding a peer on a Logger is a bi-directional process. That is, when Logger A adds peer access for Logger B, Logger B automatically adds peer access for Logger A. Similarly, if you delete the peer access for B on A, the peer access for A is automatically deleted on B.

Note: If the peer you are about to add has a version of Logger prior to 7.1.x, please see Adding Cipher Suites before trying to add the peer.

To add a peer:

  1. Open the Configuration > Advanced menu and click Peer Nodes.

  2. Click Add and enter the following parameters.

    Parameter

    Description

    Peer Hostname/IP

    Enter the target Manager or Logger’s hostname or IP address.

    Peer Port

    Use the port configured when installing or initially configuring the target system. See Guidelines for Configuring Peers.

    By default, this is Port 443 for the Logger Appliances.

    Peer Login Credentials

    Peer Authorization Credentials

    Select Peer Login Credentials for password-based authentication.

    OR

    Select Peer Authorization Credentials to use an Authorization ID and Code.

    • On systems using local or RADIUS authentication, you can use either authentication method, although peer Authorization ID and Code are recommended.

    • On systems using SSL Client Authentication (CAC), Authorization ID and Code is the only way to authenticate a peer. You cannot use a user name and password. (See SSL Client Authentication.)

    • FIPS-enabled systems are not limited to a specific authentication method.

    If you selected Peer Login Credentials…

    Peer User Name

    Enter a user name already configured on the target system.

    Peer Password

    Enter the password for the user specified in the Peer User Name field.

    If you selected Peer Authorization Credentials…

    Peer Authorization ID

    Enter the authorization ID generated on the target Manager or Logger. (See To generate the Authorization ID and Code to use when configuring a peer relationship: for more information.)

    Peer Authorization Code

    Enter the authorization code generated on the target Manager or Logger. (See To generate the Authorization ID and Code to use when configuring a peer relationship: for more information.)

    Other Fields These fields need to be updated in rare circumstances.

    Local Hostname/IP

    In most cases, the value in this field matches the IP address or host name you use to connect to this Logger from your browser, and you do not need to do anything.

    However, if the IP address does not match (for example, when the Logger is behind a VPN concentrator), change the value to match the IP address or host name with which you connect to this Logger.

    Local Port

    In most cases, the value in this field matches the port in your browser when you logged into this system (the initiating Manager or Logger), and you do not need to do anything.

    However, if the port here does not match the port in the IP address, (for example, when the Manager or Logger is behind a VPN concentrator), change the value to match the port in the IP address in your browser.
  3. Click Save to add the new Logger, or Cancel to quit.

Adding Cipher Suites

If the peer you're adding has an older Logger version (prior to 7.1.x), you might get a "Peer logger could not be pinged!" error while adding it. If this is the case, follow the instructions below to add cipher suites to both Loggers before trying to add it again:

  1. Go to the logger.properties file.

  2. Replace with the property below:

    fips.ssl.enabledciphersuites=TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_GCM_SHA256,TLS_RSA_WITH_AES_128_CBC_SHA

  3. Once the property has been added, stop and restart the Logger services by entering the following commands one after the other:

    For Logger Appliance For Software Logger
    /opt/local/monit/bin/monit stop all <install-path>/current/arcsight/logger/loggerd stop all
    /opt/local/monit/bin/monit summary <install-path>/current/arcsight/logger/loggerd status
    /opt/local/monit/bin/monit start all <install-path>/current/arcsight/logger/loggerd start all

  4. (Conditional) If having performed the above steps you still face any issues, you might need to add or replace the cipher suites on the httpd.conf file, as follows:

    SSLCipherSuite ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:AES128-GCM-SHA256:AES128-SHA256

 

Deleting a Peer

Deleting a peer removes the peer relationship between two Loggers or two ArcSight Managers, or a Manager and a Logger. You can perform this process from either peer.

To delete a peer:

  1. Open the Configuration > Advanced menu and click Peer Nodes.
  2. Locate the peer you want to delete the peer relationship to and click the Delete icon () on that row.
  3. Confirm the deletion by clicking OK, or click Cancel to retain the Peer.