Saturday, July 11, 2015

SIEM Deployment - Configuring Failover Destinations on HP ArcSight SmartConnectors

SIEM solutions so far seem to be too much focusing on security offerings they propose and they are not offering solid redundancy and disaster solutions.

From architectural perspective, there should be a redundancy option at all layers of the solution architecture. SmartConnectors being the first layer of SIEM interaction with source systems provide a nice redundancy options with “Failover Destination” configuration setting available both for HP ArcSight Logger and HP ArcSight ESM.

For each log processing system, SmartConnector provides a primary destination and a failover destination. As soon as SmartConnector process discovers that logs are not successfully received by the primary destination, they are redirected to the failover destination. Preemption also exists meaning that from the moment primary destination becomes online logs are redirected back to the primary destination.

More detail about the configuration can be seen in the video below.

No comments:

Post a Comment