ArcSight FlexConnector for HP Helion OpenStack

Document created by tbarella on Apr 20, 2015Last modified by tbarella on Aug 5, 2015
Version 6Show Document
  • View in full screen mode

The attached file 'HP Helion OpenStack and ArcSight - Final.zip' contains the resources listed below.  Please watch the short 6 min. video of this integration (no audio) before proceeding.

  1. Logstash configuration file
  2. ArcSight FlexConnector for HOS
  3. ArcSight ESM Content Package for HOS

 

The instructions are in both the attached video (no audio) and the technical whitepaper:  http://www8.hp.com/h20195/V2/GetDocument.aspx?docname=4AA5-8025ENW&cc=us&lc=en

 

This is version 1.0 of the FlexConnector (the regex needs to be cleaned up a bit).  Updates for this parser will be posted here until HP ArcSight officially supports OpenStack.  Feel free to re-purpose the attached Logstash config file to forward events in real-time from Logstash to ArcSight, Syslog-NG, Splunk, rsyslog, etc., etc.  Enjoy!

 

IMPORTANT: This integration should work for any flavor of OpenStack (not just Helion) as long as OpenStack is configured to send JSON over Syslog.  Please view this link for additional companies on OpenStack, your customer may be one of them:  https://www.openstack.org/foundation/companies/

 

http://www.openstack.org

http://www8.hp.com/us/en/cloud/hphelion-openstack-overview.html

http://helionready.hpcloud.com/partner/hp-arcsight/2201

 

Helpful OpenStack audit logging resources:

http://docs.openstack.org/openstack-ops/content/logging_monitoring.html

http://docs.openstack.org/admin-guide-cloud/content/section_manage-logs.html

Outcomes