Search for	Example	Results
A single word	`cat`	Topics that contain the word "cat". You will also find its grammatical variations, such as "cats".
A phrase. You can specify that the search results contain a specific phrase.	`"cat food"` (quotation marks)	Topics that contain the literal phrase "cat food" and all its grammatical variations. Without the quotation marks, the query is equivalent to specifying an OR operator, which finds topics with one of the individual words instead of the phrase.

Search for	Operator	Example
Two or more words in the same topic	`AND` `and` `+` (plus symbol) `&` (ampersand)	`cat AND dog` `"cat food"+milk` `"cat food"&"dog food"`
Either word in a topic	`OR` `or` `\|` (pipe)	`cat OR dog` `cat \| dog`
Topics that do not contain a specific word or phrase	`NOT` `not` `!` (exclamation point)	`NOT cat` `! dog`
Topics that contain one string and do not contain another	`^` (caret)	`cat ^ mouse`
A combination of search types	`( )` parentheses	`cat + (dog \| mouse)` `cat \| dog + (! mouse)`

Network Node Manager i Software10.30

Integrate > Integrate NNMi with ArcSight Logger

Integrate with ArcSight Logger

ArcSight Logger is a universal log management solution that unifies searching, reporting, alerting and analysis across any type of enterprise log data. It is unique in its ability to collect, analyze, and store massive amounts of data generated by modern networks.

The NNMi–ArcSight Logger integration adds network syslog information to the NNMi incident browser to help you investigate potential network problems. You can also launch the ArcSight Logger console from NNMi menu items.

This topic contains the following sections:

Components of the Integration
Prerequisite Tasks
Enable the Integration
Use the Integration
Disable the Integration

Components of the Integration

The NNMi-ArcSight Logger integration requires the following components:

NNMi 10.30
ArcSight Logger 6.0, 6.1, 6.2 , and 6.4
ArcSight NNMi SNMP Connector (all the versions supported by ArcSight Logger 6.0, 6.1, 6.2 , and 6.4)
ArcSight Logger Forwarding Connector for NNMi (all the versions supported by ArcSight Logger 6.0, 6.1, 6.2 , and 6.4)

Prerequisite Tasks

Install NNMi.
Install ArcSight Logger.
Install and configure the SmartConnector for NNMi SNMP on the NNMi management server. For more information, see the ArcSight documentation.
Install and configure the ArcSight Logger Forwarding Connector for NNMi on the NNMi management server. For more information, see the ArcSight documentation.
Import the ArcSight Logger certificate.

Perform this step only when NNMi is configured to use the HTTPS protocol and uses the PKCS#12 certificate repository.
1. Check the certificate repository type.
  
  To check the type of certificate repository:
  1. Log on to the NNMi console.
  2. Click Help > System Information, and then go to the Server tab.
  3. Check the value of the javax.net.ssl.keyStore property.
    
    If the property points to the nnm-key.p12 file, your environment has a PKCS#12 repository.
    
    If the property points to the nnm.keystore file, your environment has a JKS repository.
  Alternatively, do the following:
  1. On the NNMi management server, as root or administer, run the following command:
    - On Windows: %nnminstalldir%\bin\nnmprops -l
    - On Linux: /opt/OV/bin/nnmprops -l
  2. From the command output, note the value of the javax.net.ssl.trustStoreType property.
    
    The value of this property indicates the type of certificate repository.
2. On the ArcSight Logger server, export the ArcSight certificate to a file, and then transfer the file to a local directory on the NNMi management server.
3. Log on to the NNMi management server as root or administrator.
4. Import the certificate to NNMi's truststore by running the following command:
  
  For NNMi with a PKCS#12 repository:
  - On Windows: %nnminstalldir%\bin\nnmkeytool.ovpl -keystore -importcert %nnmdatadir%\shared\nnm\certificates\nnm-trust.p12 -storetype PKCS12 -storepass ovpass -file <Cert_Path>
  - On Linux: /opt/OV/bin/nnmkeytool.ovpl -keystore -importcert /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storetype PKCS12 -storepass ovpass -file <Cert_Path>
  For NNMi with a JKS repository:
  
  When you use a JKS repository, you must use the keytool utility of the JDK that is configured to work with NNMi. The keytool utility is available in the bin directory under the home directory of the JDK.
  
  For easy access to the keytool utility:
  1. Determine the home directory of the JDK . The value of the com.hp.ov.nms.jdk.dir property in the nms-local.properties file indicates the directory path.
    
    The nms-local.properties file is available in the following directory on the NNMi management server:
    - On Windows: %nnmdatadir%\conf\nnm\props
    - On Linux: /var/opt/OV/conf/nnm/props
  2. Create an environment variable that points to the bin directory under the JDK home directory.
    
    For example, if the com.hp.ov.nms.jdk.dir property in above step shows /opt/OV/nonOV/jdk/zulu/zulu8.21.0.1-jdk8.0.131-linux_x64, set a new environment variable—for example, NNMi_JDK_BIN— that points to the /opt/OV/nonOV/jdk/zulu/zulu8.21.0.1-jdk8.0.131-linux_x64/bin directory.
  After setting the NNMi_JDK_BIN variable, run the following command:
  - On Windows:%jdkdir%\\bin\keytool -importcert %nnmdatadir%\shared\nnm\certificates\nnm-trust.p12 -storetype PKCS12 -storepass ovpass -file<Cert_Path>
  - On Linux:/opt/OV/bin/nnmkeytool.ovpl -keystore -import /var/opt/OV/shared/nnm/certificates/nnm-trust.p12 -storetype PKCS12 -storepass ovpass -file<Cert_Path>
  In this instance, <Cert_Path> is the directory on the NNMi management server where you have
5. Restart NNMi:
  1. ovstop -c
  2. ovstart -c

Enable the Integration

Complete the following tasks to enable the NNMi- ArcSight Logger integration:

From the NNMi console, click Integration Module Configuration > ArcSight. The Configure ArcSight Integration page opens.

On the Configure ArcSight Integration page, do the following:

Select Enable ArcSight Integration.

Provide the NNMi details:

Field	Description
NNMi SSL	Select this option if NNMi is configured to use HTTPS communication.
NNMi Port	Type the name of an NNMi administrator.
NNMi Password	Type password of the above user.
Enable Logger-Cross Launch	Optional. Select this option if you want to launch the ArcSight Logger console from the NNMi console.
Enable ArcSight Trap	Optional. Select this option if you want to forward SNMP traps from ArcSight Logger to NNMi.
Enable Northbound Forwarding	Optional. Select this option if you want to forward SNMP traps from NNMi to ArcSight Logger.
Logger SSL	Select this option if ArcSight is configured to use HTTPS for communication.
Logger Host	Type the FQDN of the ArcSight Logger host.
Logger Admin Username	Type the user name of an ArcSight Logger administrator.
Logger Admin Password	Type the password of the above user
Use Administrator Credentials	Select this option if you want to give NNMi level 1 operator full administrator privileges in ArcSight Logger.
Logger User Username	Optional. If you do not want to give the NNMi operator the administrative access to ArcSight, type a non-administrative ArcSight Logger user name.
Logger User	Password of the above user.

Configure the ArcSight Logger Filter.

To access ArcSight Logger's configuration and add new filter content, follow these steps:
1. From the NNMi console, click Integration Module Configuration > ArcSight.
2. Click Logger Filters->(Generate). NNMi translates the Enabled Syslog messages shown in Configuration > Syslog Message Configurations into a format that you can use in a ArcSight Logger filter, and then shows these translations on the Enabled Filters page.
3. Select the filter contents located on the Enabled Filters page. Copy the content and save the content in a file. You will need to paste this content into a filter within ArcSight Logger in a later step.
4. Close the window.
5. Click Logger Filters->Configure. This launches a view into the ArcSight Logger Configuration page.
6. Click Filters, and then wait for the list of filters to load.
7. Complete one of the following actions to configure a filter that determines which Syslog messages can be forwarded to NNMi.
  
  If this is the first time you are creating a filter to determine which Syslog messages to forward to NNMi, do the following:
  1. Click Add.
  2. After ArcSight Logger shows the Add Filter form, add a name for the filter, select the Regex Query filter type, and then select Next.
  3. Paste the content copied in the above step into the Query field.
  4. Save your work.
  If you are modifying an existing filter that determines the Syslog messages to forward to NNMi, do the following:
  1. Edit the existing filter that ArcSight Logger uses to determine the Syslog messages to forward to NNMi.
  2. Remove the existing filter contents.
  3. Copy the contents from the above step, and then paste into the Query field.
  4. Save your work.
Configure NNMi to forward SNMP traps to ArcSight Logger.

Click Configure beside Syslog Forwarding. The NNMi-ArcSight Destination page opens.

On this page, follow these steps:
1. Select Enable.
2. In the Port box, type the port configured with the ArcSight Logger Forwarding Connector for NNMi. The default port (8162) is automatically selected.
3. In the Community String box, type the community string of the ArcSight Logger. The default community string (public) is automatically selected.
4. Make sections for Sending Options. Without changes to those values, NNMi forwards everything.
5. Click Submit.

Click Submit on the Configure ArcSight Integration page.
For all the changes to take effect, log out of the NNMi console, and then log on again.

To verify that the integration is successfully established, check that ArcSight Logger appears in the Actions menu when you open the node or interface view.

Use the Integration

After establishing the integration, you can view the Syslogs monitored by the ArcSight Logger in NNMi console. To view Syslogs in the NNMi console, click Incident Browsing, and then click Syslog Messages.

ArcSight Logger also forwards ArcSight events to NNMi as SNMP traps. To view ArcSight events in the NNMi console, click Incident Browsing, and then click SNMP Traps.

To open the ArcSight Logger console from the NNMi console, follow these steps:

To open from the incident browser:
1. In the NNMi console, click Incident Browsing > Open Key Incidents.
2. Right-click an incident, and then click ArcSight Logger > View Incident History.
  
  Alternatively, select an incident, and then click Actions > ArcSight Logger > View Incident History.
To open from the map view.
1. In the NNMi console, click Topology Map, and then select a network map.
2. Right-click a node or interface on the map, and then click ArcSight Logger > View Incident History.
  
  Alternatively, select a node or interface, and then click Actions > ArcSight Logger > View Incident History.
To open from the node or interface view:
1. In the NNMi console, click Inventory, and then click Nodes or Interface.
2. Right-click a node or interface in the view, and then click ArcSight Logger > View Incident History.
  
  Alternatively, select a node or interface, and then click Actions > ArcSight Logger > View Incident History.

Disable the Integration

To disable the integration, follow these steps:

From the NNMi console, click Integration Module Configuration > ArcSight.
Clear the Enable ArcSight Integration option.
Click Submit.

Send Help Center feedback