1. Connector or Logger Appliance:
The Connector Appliance and Logger Web Interface has a reboot option. (System Admin > Reboot > Start Reboot Now)
However, if the Appliance will need to be shutdown for an extended time for maintenance or other reasons, you will need to access the Appliance command line interface and issue the halt command.
Described below are 2 methods to access the Appliance's command line interface to shut down the appliance gracefully:
1. Physical access to Appliance console:
a. Attach a Keyboard and Monitor to the appliance.
b. From the monitor you will see the ArcSight logo and login prompt.
c. Enter the credentials to access the appliance - this will be the same credentials you enter in the appliance's web interface login prompt.
d. At the command line, enter the command: halt
2. Appliance Access via DRAC:
Note: the steps below assume that you have already configured the appliance for DRAC access. If you have not yet configured DRAC, refer to Document ID KM1271064.
a. Open the browser and specify the DRAC IP address in the browser's URL bar
b. Confirm the SSL security warning.
c. At the login prompt, enter the user name and password that was assigned.
d. Select the Console tab and select Connect. The Console session to the appliance appears.
e. Enter the credentials you use to access the appliance Web UI
f. Enter the command: halt
Note: Once the "halt" command has been issued (using either method) you will need to have physical access to the hardware in order to restart the appliance.
2. Express Appliance: KM1272277
To properly shut down the ArcSight Express Appliance (or other ArcSight Appliances), connect to the appliance using SSH to access the command line interface.
To enable SSH login, refer to the steps in
Document ID KM1271655.To shutdown the appliance, issue the following command:
shutdown -h
To shutdown and restart the appliance, issue one of the following commands:
shutdown -r
OR
reboot
However, the order to shut down and turn off multiple Appliances in a complicated environment is depended on the configuration setting.
Scenario 1: Connector Appliance -> Logger -> Express
a. Shutting Down: When ESM is not available, Connectors can hold events in its cache file. Therefore, the order should be as follows:
Express > Logger > Connector Appliances
b. Starting Up: Start up the appliances in the reverse order which you shut them down. (ie. Connector Appliances, Logger, then Express.)
Scenario 2: Connector Appliance -> Express (Forwarding Connector) -> Logger
If there is ESM Forwarding Connector involved, the order is different than above:
a. Shutting Down: Forwarding Connector -> Express -> Logger and Connector Appliances
b. Starting Up: Logger and Connector Appliances-> Express -> Forwarding Connector
No comments:
Post a Comment