Adding Country Names to Logger.iROCK_1

Summary:

This one-page guide outlines a straightforward method to enhance event processing by integrating map files into HP ArcSight Logger via SmartConnector. The steps include obtaining GeoLite Country CSV data, modifying the Logger schema to include custom fields for source and destination country names, updating file structures with IP ranges mapped to country names, and ensuring proper system configurations. This setup enables enhanced analytical capabilities through interactive charting, Panels, and Dashboards by using country names derived from IP addresses.

Details:

This one-page guide provides a straightforward method to augment events by incorporating map files into an HP ArcSight Logger via SmartConnector. To achieve this enhancement, follow these steps: 1. **Obtain IP to Country Name Data:** Download the GeoLite Country CSV file from http://dev.maxmind.com/geoip/geolite and convert it for use in your system. This free data source is crucial for associating IP addresses with country names. 2. **Modify Logger Schema:** Add custom fields (sourceCountryName and destinationCountryName) to the Logger schema via its maintenance mode. Navigate to "Configuration" > "System Maintenance" > "Add Fields", where you can define these fields as TEXT with specific lengths. Save changes and restart the Logger using the GUI to confirm field additions under "Configuration" > "Custom Fields". 3. **Update File Structure:** Prepare a new CSV file format that aligns with your data requirements: first line contains headers, subsequent lines list IP ranges mapped to country names in this structure - range.event.sourceAddress,set.additionaldata.SCN. Rename the file as map.0.properties and place it within /current/user/agent/map/. For destination Country Names, create a similar map.1.properties file with adjusted headers. By following these steps, you can effectively utilize country names in interactive charting, Panels, and Dashboards within HP ArcSight Logger, enhancing the analytical capabilities of your system's event processing. The text provided outlines a configuration process for a device or system, likely related to networking or data communication, possibly involving geographical IP address ranges along with specific country codes and RFC standards. Here's a summary of key points from the text: 1. **IP Ranges and Country Codes**: The document refers to several blocks of IP addresses associated with different countries, such as Australia and China. These are listed in pairs indicating a range (e.g., 1.0.0.255-1.0.3.255) and the corresponding country code (e.g., "Australia" or "China"). 2. **File Management**: The files associated with these IP ranges can be renamed if needed, but they should retain their original names or be appropriately labeled as per the list provided in the document. 3. **Adding Lines to Files**: At the end of each file, three additional lines are added:

• 10.0.0.0-10.255.255.255, RFC1918

• 172.16.0.0-172.31.255.255, RFC1918

• 192.168.0.0-192.168.255.255, RFC1918

These lines define specific IP ranges reserved by RFC 1918 for private networks. 4. **Restarting the SmartConnector**: After placing or renaming these files, it is necessary to restart the SmartConnector to ensure that the changes take effect and are properly integrated into the system's configuration. 5. **Sample Search Query**: A sample query provided for testing purposes involves using a chart to count occurrences by source country name. This could be used in diagnostic or monitoring tools to analyze data based on originating countries. 6. **Reporting Features**: Reports generated might include information about the source and/or destination country names, which can provide insights into where data is being transmitted from and to. 7. **Memory Allocation for SmartConnector**: Depending on the performance of the SmartConnector during operation, it may be necessary to increase the allocated memory. This adjustment can be made in a configuration file (agent.wrapper.conf) by changing the initial Java Heap Size and maximum Java Heap Size parameters from 256 MB to 512 MB. 8. **Documentation Notes**: The document was created on May 1, 2013, and details were tested using Logger version 5.3 SP1 and SmartConnector Release 6.0.2. It is recommended to use the latest release for best practices in software usage and implementation. This summary provides a concise overview of actions and considerations necessary for configuring and managing an IP addressing system or network device, particularly with reference to geographical locations and specific RFC standards.