error: There was a problem: Failed to add destination. and no certificates are listed in Logger

  • KM02110810
  • 28-Jan-2016
  • 14-Sep-2016

Archived Content: This information is no longer maintained and is provided "as is" for your convenience.


KM03771823 Receiving the error when trying to add ESM Destination in ArcSight Logger. It is not possible to add any certificates and no certificates are listed. Also prior to the error a Logger Forwarding Connector might have shown as "down" and after it is deleted the error occurs.


No listed certificates in the Logger means the connector framework might be broken and is having issues with the file. This often happens with GSP bug cases where space runs out.

To resolve this, move original file as a backup and recreate it from scratch.

Follow these steps:

1. Stop Connector service from the webUI: System Admin --> Processes --> Connector --> Stop
 2. SSH to the appliance (call hotline for challenge/response code) 
 3. Backup the Connector configuration:
     cd /opt/arcsight/connector/current/user/agent
 4. Copy the default Connector Configuration:
     cp /opt/arcsight/connector/current/config/agent/ /opt/arcsight/connector/current/user/agent/
     chown arcsight:arcsight /opt/arcsight/connector/current/user/agent/
     chmod 644 /opt/arcsight/connector/current/user/agent/

 5. Validate output:
     cat | grep -v ˆ$ | grep -v \#
    Sample output of the 
 6. Startup  Connector via webUI: System Admin --> Process Status --> Connector --> Start
 7. Browse to Configuration --> Event Output --> Certificates and confirm they are all listed now
 8. Delete the Logger Connector from within the ESM Console under Connectors
 9. Add the certificate and confirm it shows in the list under Configuration --> Data --> Certificates
 10. Add the ESM destination.