Manualshelf

User`s guide

ManualsBrandsVMware ManualsOtherVCLOUD REQUEST MANAGER 1.0.0
11121314151617181920
Technical white paper
12
Cloud Service Automation 3.1
Monitoring of events that occur in the core applications that comprise HP CloudSystem Enterprise: CSA, OO, HPIO, UCMDB,
and SiteScope, is thoroughly documented in the Cloud Service Automation 3.1 documentation, HP Cloud Service Automation
3.10 Integration with ArcSight Logger document ID KM00231339 . Access to this document requires an HP Passport account.
This document contains detailed instructions on configuring the application event logging to an ArcSight logger. The
instructions describe how to configure application event logging in Common Event Format (CEF) for the following
applications:
Cloud Server Automation
Operations Orchestration RAS
Operations Orchestration
SiteScope
UCMDB
HPIO
The procedures described in the Integration with ArcSight Logger document involve:
Editing the log4j.properties file for each application to support CEF logging
Editing the log4j.properties file for each application to define the IP Address or host name of the HP ArcSight Logger
Copying the arcsight-cef-library-1.0.0.release.8.jar file to the lib directory of each application. This file is included in the
HP Cloud Service Automation 3.1 software distribution.
Below is an example of the modifications made to the log4j.properties file for Operations Orchestration.
log4j.appender.cef1=com.hp.esp.arcsight.cef.appender.Log4jAppender
log4j.appender.cef1.deviceVendor=HP
log4j.appender.cef1.deviceProduct=CSA
log4j.appender.cef1.deviceVersion=3.1
log4j.appender.cef1.transportType=SYSLOG
log4j.appender.cef1.hostName=192.x.x.x
log4j.appender.cef1.port=514
log4j.appender.cef1.layout=org.apache.log4j.PatternLayout
log4j.appender.cef1.layout.ConversionPattern=%d [%t] (%F:%L) %-5p - %m%n
log4j.appender.cef1.useCefHeader=true
log4j.appender.cef1.eventName=OO Event
Notice the line log4j.appender.cef1.eventName=OO Event, this will allow us to search the logger for all events with an event
name of OO Event. Each of the core products also contains the line log4j.appender.cef1.deviceProduct=CSA, this is another
way to search all events that are related to the core products, CSA, OO, HPIO, SiteScope, and UCMDB. This is discussed in
detail later in the section titled Working with events.
Once the applications have been configured for ArcSight integration, install the HP ArcSight Connector for each host
operating system to capture operating system log and event data. Follow the procedures described in the ArcSight
documentation: User’s Guide HP ArcSight SmartConnectors. Install the HP ArcSight Connector for Windows on each of the
operating systems that host the CloudSystem Enterprise core applications. In our example we have the following Windows
2008 R2 hosts:
OO.fog.cloud.internal Operation Orchestration and Cloud Service Automation
Ora.fog.cloud.internal Oracle Database Server for UCMDB
Fog.fog.cloud.internal Matrix Operating Environment Central Management Server
Sis.fog.cloud.internal SiteScope
UCM.fog.cloud.internal UCMDB server.
vCenter.fog.cloud.internal VMware vCenter