ArcSight Logger 5.3 SP1 - VM Release Notes

Summary:

The document provides information about vmlogger-ca-6838, version 5.3 SP1 of Logger, including its setup and configuration details for use with VMware: 1. **System Requirements**: - The VM's zip file size is 6.5 GB; users need to ensure they have sufficient free disk space before extraction. - Maximum storage capacity can grow up to 36 GB but does so gradually. - Requires a 64-bit processor with Intel Virtualization Technology enabled in the host BIOS settings. - Default configurations include 4 processors and 4 GB of RAM, which can be adjusted by users if needed. 2. **Networking**: - Uses VMware virtual networking with NAT: NAT gateway address is 172.16.100.2, and the host NAT adapter is set to 172.16.100.1. - VM has two network adapters: eth0 as NAT with IP 172.16.100.100, and eth1 in bridged mode with IP 192.168.0.150. 3. **Operating System**: - Runs on a hardened CentOS 4.6 OS. 4. **Accessing the Demo Version**: - Access the Logger application via HTTPS://172.16.100.100 from any device with proper NAT networking setup. 5. **Setup Instructions**: - Connect and configure Network Adapter 2 in VMware. - Ensure the VM is powered off before making changes to prevent file system corruption. - Familiarize yourself with default user credentials (admin/password) and included content packs. 6. **Additional Features**: - Includes specialized modules like SOX, PCI, TippingPoint Reporting, and IT GOV content packs. - Supports upgrades similarly to a production model. In summary, the document outlines how to set up and use vmlogger-ca-6838 (Logger 5.3 SP1) within a VMware environment, detailing system requirements, networking setup, OS specifications, accessing demo versions, and essential setup instructions for the appliance.

Details:

The vmlogger-ca-6838 software is version 5.3 SP1 of Logger, and it comes with release notes that outline several important aspects about its operation. To start off, the virtual machine's zip file size expands to 6.5 GB, so users need to ensure they have enough free disk space available before attempting to extract this file. Additionally, as the VM is operational over time, it can grow up to a maximum of 36 GB in storage; however, this growth is gradual and not rapid. The system's networking setup relies on VMware virtual networking with NAT (Network Address Translation), featuring a NAT gateway address of 172.16.100.2 and the host NAT adapter set to 172.16.100.1. The VM itself has two configured network adapters: eth0 is designated as the NAT adapter, assigned an IP address of 172.16.100.100, while eth1 operates in a bridged mode with an IP address of 192.168.0.150. These settings can be adjusted by users according to their specific needs without impacting the virtual appliance's functionality. The hostname for this VM is specified as vmlogger-ca, and it carries an IP address of 172.16.100.100. The operating system installed within this VM is hardened CentOS 4.6, which necessitates a 64-bit processor with Intel Virtualization Technology enabled in the host's BIOS settings. By default, there are 4 processors allocated to the virtual machine; however, users can modify this number if required. A memory allocation of 4 GB is applied by default but is customizable through the VM properties. To accommodate continuous usage over extended periods (longer than about 2 hours), it is recommended to allocate around 4-6 GB of RAM to the system. To utilize the demo version, users should start up the virtual machine as instructed. With proper NAT networking setup described above, they can access the Logger application through a browser by navigating to https://172.16.100.100 from the same device hosting the VM or another networked computer if eth1 is appropriately configured in the Logger's browser UI under System Admin | Network settings. In summary, vmlogger-ca-6838 (Logger 5.3 SP1) software offers a virtual machine setup with specific configurations for networking, storage, and operating system requirements, along with detailed instructions for accessing its demo version. To use a VMware-based Logger appliance, follow these steps: 1. Connect Network Adapter 2 within the VMware console under VM | Removable Devices. 2. Ensure the VM is powered off to prevent file system corruption by selecting VM | Power | Shut Down Guest or using the command halt in the Logger command line console while logged in as admin/password. 3. Familiarize yourself with the Logger's setup details: a. Check the version, including its build number and notes from the virtual machine config file displayed in the VMware server console; it is set up as an L3200 model. b. The default user is "admin" or "auditor," both with the password "password." c. The appliance includes all default content plus specialized modules like SOX, PCI, TippingPoint Reporting, and IT GOV content packs. d. Five onboard event sources automatically stream events into the Logger via UDP ports; they can be disabled if needed. e. It functions as an ArcSight Connector Appliance, featuring one connector container for managing external connectors. f. The virtual appliance supports upgrades similarly to a production model.