Recently, I found a free promotion code for ArcSight Logger L750MB (claimed at value USD 49). So I use the code and obtained a licensed copy of the said software.
The software supports only on linux platform. Officially supported linux platforms are CentOS, RedHat and Oracle. I also tried to install it on Ubuntu, the software installer said it is not supported. In order to test it out, I selected CentOS.
The installation of CentOS is not difficult. As I install it on a VMWare Workstation 7 platform, I install the base CentOS platform using Easy Install. After that, installing the Logger software is as easy as point and click. Finally I adjusted the iptables settings in order to allow incoming logs connections (default 514/TCP and 515/UDP) and administration (choosen at installation time, I used 443/TCP).
After all these, I configured my demo firewall's syslog point to the newly installed logger. It works!
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAo1QOh2QSaLH0aAZh6d_Ir-sMW6_LHHDG5qEF9H4gVT3ZZyK-pDh9kRhAUwPBIFGrUrgBvsGevZv2KylNaB9ogqRn3PEdT_74MOHdps9ompGwrspeQml7ojS3c0xyKHvWAo90LtuXyQ6F/s200/ArcSight+Logger+Virtual+Appliance+-+Login.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCgettb_toNOU6fLecKleUXY_Y9pHUHDLgC6mPuQHcwavFyCARt6T4w7LhH3ZrPclVBm1fqffMk2EO8O4JCEogWppqLN1gbkViDHCD723jh72TOh6JElWS6TC44D4TJdmUHDj6hwBX_rkq/s200/ArcSight+Logger+Virtual+Appliance+-+Default+Dashboard.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz84QGCxXgrTCpiMq8ZzF3rusqBGLyTiKs6dXgnGM4RHmmXb2IUbJmgf6zk73w1eiKhxU0dAYv76cV9Kl88JWknc5NMJCUeZ8tmW66GlHWDg4XOVKGkbdgWKzlAQqz00CGomCEJP_3aeqq/s200/ArcSight+Logger+Virtual+Appliance+-+Sample+Search+Results.png)
The software supports only on linux platform. Officially supported linux platforms are CentOS, RedHat and Oracle. I also tried to install it on Ubuntu, the software installer said it is not supported. In order to test it out, I selected CentOS.
The installation of CentOS is not difficult. As I install it on a VMWare Workstation 7 platform, I install the base CentOS platform using Easy Install. After that, installing the Logger software is as easy as point and click. Finally I adjusted the iptables settings in order to allow incoming logs connections (default 514/TCP and 515/UDP) and administration (choosen at installation time, I used 443/TCP).
After all these, I configured my demo firewall's syslog point to the newly installed logger. It works!
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgAo1QOh2QSaLH0aAZh6d_Ir-sMW6_LHHDG5qEF9H4gVT3ZZyK-pDh9kRhAUwPBIFGrUrgBvsGevZv2KylNaB9ogqRn3PEdT_74MOHdps9ompGwrspeQml7ojS3c0xyKHvWAo90LtuXyQ6F/s200/ArcSight+Logger+Virtual+Appliance+-+Login.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEiCgettb_toNOU6fLecKleUXY_Y9pHUHDLgC6mPuQHcwavFyCARt6T4w7LhH3ZrPclVBm1fqffMk2EO8O4JCEogWppqLN1gbkViDHCD723jh72TOh6JElWS6TC44D4TJdmUHDj6hwBX_rkq/s200/ArcSight+Logger+Virtual+Appliance+-+Default+Dashboard.png)
![](https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEgz84QGCxXgrTCpiMq8ZzF3rusqBGLyTiKs6dXgnGM4RHmmXb2IUbJmgf6zk73w1eiKhxU0dAYv76cV9Kl88JWknc5NMJCUeZ8tmW66GlHWDg4XOVKGkbdgWKzlAQqz00CGomCEJP_3aeqq/s200/ArcSight+Logger+Virtual+Appliance+-+Sample+Search+Results.png)
1 comment:
Dear William,
I'm testing this solution now. I'm install it in a Red Hat Enterprise 5. But I don't know how to collect syslog.
Can you give me an idea? What firewall you had used to tesing? Thanks
Post a Comment