Skip to main content

Arcsight Logger 5.3 CentOS 5.9 Virtualisation

Get the VirtualBox CentOS 5 as a 7z file from:

http://virtualboxes.org/images/centos/
  • Uncompress and save the Centos64.vbox and Centos64.vdi files.
  • Open the Oracle VM VirtualBox manager and select the vbox file to install
  • Make > 20GB disc or there will not be room for logger.
  • Login as root/reverse
Install Gnome Desktop as follows and start:
  • yum groupinstall "X Window System" "GNOME Desktop Environment" 
  • login root/reverse and startx
Check version of CentOS and other prelim:
  • cat /etc/redhat-release #CentOS release 5.9 (Final)
  • uname -a # somewhere x86_64 
  • create user logger
  • open port 443
  • check logger bin file execute box and double click.
  • run in terminal
If not enough space to install logger:
  • C:\Program Files\Oracle\VirtualBox\VBoxManage.exe modifyhd "D:\virtual machines\Centos\centos64.vdi" --resize 20000
  • shutdown centos VM
  • attach gparted-live-0.16.2-1b-i486.iso to CD drive
  • resize sda up to increased size 
  • start Centos VM and find free PE (Physical Extents) #lvm lvgdisplay
Free PE / Size 369 / 11.53 GB
  • Find the current LE (Logical Extents) with #lvm lvdisplay /dev/mapper/VolGroup00-LogVol00
Current LE 220
  • lvm lvresize -l 589 /dev/mapper/VolGroup00-LogVol00
  • resize2fs  /dev/mapper/VolGroup00-LogVol00
  • df -h # To check Centos file system has new allocated space.
Complete install of Arcsight Logger. Log into HTTPS server admin/password
Labels:

Comments

SecurityBlogger said…
Hi Geoff,
Thanks for the post. Is it possible for you to share a pre-configured VM with arcsight loaded in it. It saves lot of time & effort for many people. Pls suggest.

Thanks.
20 August 2015 at 21:59
Post a Comment

Popular posts from this blog

GNU Radio Waterfall and CW Filter

The following GNU radio application adds a waterfall spectrogram to the previous CW filter program. The plot show 4 CW signals in the audio band (lower sideband) at 7023 kHz. The 700Hz signal is filtered and output to the laptop headphones by the CW bandpass filter. The frequency display is shown after the script which is as follows: #!/usr/bin/env python from gnuradio import gr from gnuradio import audio from lpf_bpf_class import Bandpass from gnuradio.qtgui import qtgui from PyQt4 import QtGui import sys, sip     class cw_filter(gr.top_block):     def __init__(self):         gr.top_block.__init__(self)           sample_rate = 44100         out_rate = 8000         kaiser = Bandpass()         cw_flr = gr.fir_filter_fff(1, kaiser.bpftaps)         decimate = int(sample_rate/out_rate)         Bandpass.cutoff1 = 3000                pre_decim = Bandpass()         dec_flr = gr.fir_filter_fff(1, pre_decim.lpftaps)         dec = gr.keep_one_in_n(gr.sizeof_float, decima
Post a Comment
Read more

Digital Bandpass Filter FIR design - Python

The python code generates the Finite Impulse Response (FIR) filter coefficients for a lowpass filter (LPF) at 10 (Hz) cut off using firwin from scipy.  A highpass filter is then created by subtracting the lowpass filter output(s) from the output of an allpass filter. To do this the coefficients of the LPF are multiplied by -1 and 1 added to the centre tap (to create the allpass filter with subtraction). A second LPF is then created with a cutoff at 15 (Hz) and the bandpass filter formed by addition of the LPF and HPF coefficients. The program also generates a test sine wave of a given amplitude and power and to this noise from a Normal distribution is added.  The graph below shows the signal and nois, and the signal (green) after filtering. The input snr is approximately 3dB. The frequency response below shows the passband centered on 12.5 (Hz), the Nyquist frequency is 50 (Hz). from numpy import cos, sin, pi, absolute, arange from numpy.random import normal from scipy.
Post a Comment
Read more

Splunk Cheat Sheet (Linux)

1. set root's password:  sudo su passwd root Enter new UNIX password: < new_root_password > Retype new UNIX password: < new_root_password > passwd: password updated successfully # su - 2. Remove any existing Splunk directories & create user etc: # rm -rf /opt/splunkforwarder # userdel -r splunk # this will remove as above if user splunk's home directory # groupadd siem # useradd -g siem -s /bin/bash -d /home/siem -m siem # vi ~/.profile # chage -I -1 -m -0 -M -99999 -E -1 siem If above fails because of multiple passwd fails: # pam_tally --reset check with #chage -l siem # uname -a # check OS version # dpkg -i splunk-4.3.1...........intel.deb # chown -R siem:siem /opt/splunk # su - siem : $SPLUNK_HOME/bin/splunk start --accept-license : $SPLUNK_HOME/bin/splunk edit user admin -password newpassword -role admin -auth admin:changeme 3. vi ~/.profile (as follows) (OR .bash_profile) # ~/.profile: executed by the command interpreter for log
1 comment
Read more