Scribd
Upload
251 views

Troubleshooting For Microsoft Azure Monitor Event Hub Connector

This document provides troubleshooting steps for the Microsoft Azure Monitor Event Hub Connector. It outlines steps to check the connector version, upgrade the connector if needed, crosscheck configuration parameters, check for errors in the cloud function logs related to connection issues, and verify that the Arcsight socket test event is being received by the destination connector. The key troubleshooting focuses on ensuring the latest connector version is used, parameters are correctly configured, certificates and network access are properly set up to allow a connection between the cloud function and destination connector.

Uploaded by

Jason Gomez
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
251 views

Troubleshooting For Microsoft Azure Monitor Event Hub Connector

This document provides troubleshooting steps for the Microsoft Azure Monitor Event Hub Connector. It outlines steps to check the connector version, upgrade the connector if needed, crosscheck configuration parameters, check for errors in the cloud function logs related to connection issues, and verify that the Arcsight socket test event is being received by the destination connector. The key troubleshooting focuses on ensuring the latest connector version is used, parameters are correctly configured, certificates and network access are properly set up to allow a connection between the cloud function and destination connector.

Uploaded by

Jason Gomez
Copyright
© © All Rights Reserved
Available Formats
Download as DOCX, PDF, TXT or read online on Scribd
You are on page 1/ 4

Troubleshooting for Microsoft Azure Monitor Event Hub

Connector

1. Always make sure that customer is using latest version of connector


If customer is happy help them to upgrade the connector
Steps to check Microsoft Azure Monitor Event Hub Connector version
GOTO function app (search your cloud or monitor function name, you can get from app.properties )
 Under Development Tools  App service editor  Click on GO (new window will be opened)
 Under WWWROOT check arcsight-cloud-function-x.x.x.jar or arcsight-monitor-function-x.x.x.jar
x.x.x is version of Microsoft Azure Monitor Event Hub Connector.

We should not worry about smart connector version but still we should encourage customer to use latest version of
smart connector

Steps to upgrade the connector


We should not tell customers to undeploy the connector, customer may lose their configuration.

Download the latest Microsoft Azure Monitor Event Hub Connector build, unzip the file and modify the
app.properties file’s recommended parameters as per already deployed connector’s app.properties file.

Run DeployFunction.ps1

Make sure you have proper permission before running the script. (Owner or contributor)

2. Crosscheck all the parameter at azure side after deployment


GOTO function app (search your cloud or monitor function name one by one, you can get the function’s name from
app.properties)
Under setting configuration right side windows under Application setting tab unhide and check all the parameter
if got updated correctly from the app.properties file.

If parameters are not in place please update and check same for monitor function and then restart the both the functions
(cloud and monitor function)
Make sure always on should be on
3. Sometime customer edit parameter directly from the Function app
configuration section
We have flexibility to update the parameter from the above given section 2 but after updating the parameter we
necessarily restart the both function app and smart connector as well. Sometime update from configuration does not
work as expected. First ask customer if they have updated any parameter from the configuration section and restarted
the function app and smart connector as well. If still connector is not working please suggest customer to modify the
parameter into the app.properties file (like hostname and port) and then run the deployfunction.ps1 script. Please note
that script should not though any error. It through error when the deployer does not have proper permission.

4. Check the cloud function logs


GOTO function app (search your cloud function name, we can get from app.properties) Under Development Tools
 App service editor  Click on GO (new window will be opened) Under WORKING FLES  CHECK
function.log

If logs have following errors:

com.arcsight.util.exceptions.azure.function.AzureFunc0000: Unexpected error occurred while Opening socket.

Above error may occur due to connection error. Connection errors may occur due to various reason

1. If Certificate is not proper (IMP)


Change the certificate (GO Arcsight smart connector HOME/current/user/agent, copy the
remote_management.p12 and paste under azure Storage accounts (search storage account name, we can get the
name from app.properties) under File service file share right window cloud-function certs (delete
existing certificate)

2. If firewall port is not opened


1. Make sure that firewall port is opened into the VM where smart connector is running
2. IF connector is running on azure VM check vnet configuration too.
GOTO VM Networking

3. If host:port is not reachable (IMP)


check if host:port is reachable GOTO cloud function (search your function name, we can get the name from
app.properties) Under development tools open console type command #tcpping hostname:port
If host is not reachable, please ask customer to troubleshoot their environment and make host:port reachable
5. Check Arcsight socket test event destination side
Arcsight socket test event reflect that connection proper between Microsoft Azure Monitor Event Hub Connector
and smart syslog NG Daemon connector. If no events are coming at destination side rather than arcsight socket test
event means event hub does not have event. As soon as action would be perform into azure environment, event would
generated and received by connector.

You might also like