error: There was a problem: Failed to add destination. and no certificates are listed in Logger

  • Document ID:KM02110810
  • Creation Date:28-Jan-2016
  • Modified Date:14-Sep-2016
    • Micro Focus Products:
      arcsight logger software 6.11

Archived Content: This information is no longer maintained and is provided "as is" for your convenience.

Summary

KM03771823 Receiving the error when trying to add ESM Destination in ArcSight Logger. It is not possible to add any certificates and no certificates are listed. Also prior to the error a Logger Forwarding Connector might have shown as "down" and after it is deleted the error occurs.

Question

CAUSE:
No listed certificates in the Logger means the connector framework might be broken and is having issues with the agent.properties file. This often happens with GSP bug cases where space runs out.

WORKAROUND/FIX:
To resolve this, move original agent.properties file as a backup and recreate it from scratch.

Follow these steps:

1. Stop Connector service from the webUI: System Admin --> Processes --> Connector --> Stop
  
 2. SSH to the appliance (call hotline for challenge/response code) 
  
 3. Backup the Connector configuration:
     cd /opt/arcsight/connector/current/user/agent
     mv agent.properties agent.properties.backup.new
  
 4. Copy the default Connector Configuration:
     cp /opt/arcsight/connector/current/config/agent/agent.properties.base /opt/arcsight/connector/current/user/agent/agent.properties
     chown arcsight:arcsight /opt/arcsight/connector/current/user/agent/agent.properties
     chmod 644 /opt/arcsight/connector/current/user/agent/agent.properties
  
 5. Validate output:
     cat agent.properties | grep -v ˆ$ | grep -v \#
     
    Sample output of the agent.properties: 
      logger.listener.enabled=true
      file.command.sleeptime=2000
      http.transport.queue.isblocking=false
      remove.files.when.removing=true
      remote.management.enabled=true
      remote.management.listener.port=9999
      remote.management.password.hashed=26B44697FDBDDCBD1C78A46C522EC63D
      snmp.fields=event.eventId,event.name,event.deviceEventClassId,event.deviceEventCategory,event.type,event.severity,event.baseEventCount,event.destinationUserName,event.deviceCustomNumber1Label,
      event.deviceCustomNumber1,event.deviceCustomNumber2Label,event.deviceCustomNumber2,event.deviceCustomNumber3Label,event.deviceCustomNumber3,event.deviceCustomString1Label,event.deviceCustomString1
      snmp.ignore.pdu.size.limit=true
      transport.loggersecure.threads=4
      transport.types=http,loggersecure,snmp
      agent.rawevent.logging.interval=-1
      remote.management.ssl.enabled=false
      connector.network.interface.name=eth0
  
 6. Startup  Connector via webUI: System Admin --> Process Status --> Connector --> Start
  
 7. Browse to Configuration --> Event Output --> Certificates and confirm they are all listed now
  
 8. Delete the Logger Connector from within the ESM Console under Connectors
  
 9. Add the certificate and confirm it shows in the list under Configuration --> Data --> Certificates
  
 10. Add the ESM destination.