6.1 Installing Database

This section provides information about installing and configuring database.

6.1.1 Prerequisites

To complete the prerequisites, see the following sections:

Configuring the Database Node

  1. Provision the database node with at least 3 GB of swap space.

    NOTE:Identity Intelligence supports using database on a host with a Linux Logical Volume Manager (LVM) formatted disk.

  2. Register a service with the operating system to start the database Kafka scheduler automatically when the operating system starts. You can register a service manually or by using the /opt/<Identity_Intelligence_Installer>/scripts/postinstall_create_kafka_scheduler_svc.sh script.

  3. Add the following parameters to /etc/sysctl.conf and reboot the server for the changes to take effect:



    net.core.somaxconn = 1024

    Increases the number of incoming connections

    net.core.wmem_max = 16777216

    Sets the send socket buffer maximum size in bytes

    net.core.rmem_max = 16777216

    Sets the receive socket buffer maximum size in bytes

    net.core.wmem_default = 262144

    Sets the receive socket buffer default size in bytes

    net.core.rmem_default = 262144

    Controls the default size of receive buffers used by sockets

    net.core.netdev_max_backlog = 100000

    Increases the length of the processor input queue

    net.ipv4.tcp_mem = 16777216 16777216 16777216

    net.ipv4.tcp_wmem = 8192 262144 8388608

    net.ipv4.tcp_rmem = 8192 262144 8388608

    net.ipv4.udp_mem = 16777216 16777216 16777216

    net.ipv4.udp_rmem_min = 16384

    net.ipv4.udp_wmem_min = 16384

    vm.swappiness = 1

    Defines the amount and frequency at which the kernel copies RAM contents to a swap space

    For more information, see Check for Swappiness.

  4. Add the following parameters to /etc/rc.local. You must reboot the server for the changes to take effect.



    echo 'echo <scheduler_value> > /sys/block/sda/queue/scheduler' >> /etc/rc.local

    Changes I/O scheduling to a supported scheduler

    For more information, see I/O Scheduling.

    chmod +x /etc/rc.local

  5. To increase the process limit, add the following parameters including * in the /etc/security/limits.d/20-nproc.conf:

    * soft nproc 10240

    * hard nproc 10240

    * soft nofile 65536

    * hard nofile 65536

    * soft core unlimited

    * hard core unlimited

  6. In /etc/default/grub, append line GRUB_CMDLINE_LINUX with intel_idle.max_cstate=0 processor.max_cstate=1.


    GRUB_CMDLINE_LINUX="vconsole.keymap=us crashkernel=autovconsole.font=latarcyrheb-sun16 rhgb quiet intel_idle.max_cstate=0 processor.max_cstate=1"

  7. Execute the command grub2-mkconfig -o /boot/grub2/grub.cfg to update the configuration changes.

  8. If you have firewall configured in the database node, ensure to open the database ports in the firewall.

  9. Disable the firewall:

    iptables -F

    iptables -t nat -F

    iptables -t mangle -F

    iptables -X

    systemctl mask firewalld

    systemctl disable firewalld

    systemctl stop firewalld

    You can enable the firewall after the installation. For more information, see Firewall Considerations.

  10. Set SELinux to permissive mode:

    vi /etc/selinux/config


    For more information, see SELinux Configuration.

  11. Configure the BIOS for maximum performance:

    System Configuration > BIOS/Platform Configuration (RBSU) > PowerManagement > HPE Power Profile > Maximum Performance

  12. Reboot the server and use the ulimit -a command to verify that the limits have increased.

Enabling Password-less SSH Access

Before you install the database, generate a key pair on node 1 and then copy the public key to all nodes in the cluster, including node 1. This enables password-less SSH access from the node 1 server to all of the other node servers in the cluster.

NOTE:You must repeat the authentication process for each node in the cluster.

  1. Log in to database cluster node 1 server.

  2. Run the command:

    ssh-keygen -q -t rsa

  3. Copy the key from node 1 to all of the nodes, including node 1, using the node IP address:

    ssh-copy-id -i ~/.ssh/id_rsa.pub root@

    The system displays the key fingerprint and requests to authenticate the node server.

  4. Specify the credentials for the node.

    The operation is successful when the system displays the following message:

    Number of key(s) added: 1

  5. To verify successful key installation, run the following command from node 1 to the target node to verify that node 1 can successfully log in:

    ssh root@

Setting Up the Database Properties

Before installing database, you must set the values for various database properties based on your deployment size.

To set database properties, perform the following:

  1. Log in to the database cluster node 1 server.

  2. Change to the directory where you want to install database:

    cd <database_installer_directory>

    For example:

    cd /opt

  3. Create a folder for database installer script:

    mkdir arcsight-database

  4. Copy the downloaded database installer file to arcsight-database:

    cp <download_directory>/identityintelligence-x.x.x.x/installers/db-installer_x.x.x.tar.gz /opt/arcsight-database

    For information about downloading the database installer file, see Downloading Identity Intelligence.

  5. Unzip the copied file using the command:

    tar xvfz db-installer_x.x.x.tar.gz

  6. (Conditional) If you plan to deploy database and Identity Intelligence on the same node, set the values for the following properties. For information about the values that must be set, see Hardware Requirements and Tuning Guidelines




    • tm_concurrency

    • tm_memory

    • active_partition


    • ingest_pool_memory_size

    • mf_entity_ingest_pool_memory_size

    • mf_entity_ingest_pool_planned_concurrency


    • plannedconcurrency

    • maxconcurrency

    • tm_memory_usage

  7. (Conditional) If you plan to deploy database on an independent node, retain the default database resource tuning values.

  8. In the config/db_user.properties file, set the values as explained in the following table:




    Specify the IP address of the database node.

    If you want to install database on multiple nodes, provide a comma-separated list of node IP addresses in IPv4 format (for example,,,

    For high availability, you must set up minimum 3 database nodes.However, if you have modified the value of K-safe, ensure that you set up the required number of nodes. For more information, see K-Safety.

    If you plan to expand the cluster by adding nodes after installation, avoid using loopback address (localhost,, etc.) and specify the IP address or hostname of the node.


    Used for the data retention policy.

6.1.2 Installing Database

To install database, complete the following steps.

  1. Log in to database cluster node 1 server.

  2. Change to the directory where you have the database installation package.

    cd <database_installer_directory>/arcsight-database

  3. Install database using the command:

    ./db_installer install

  4. When prompted, create the database administrator user, search user, and application admin user.

    You will need the database administrator credentials to access the database host. You will need the search user and application admin user credentials when you configure database in CDF.

  5. Execute the following firewall commands to complete the installation successfully:

    systemctl unmask firewalld
    systemctl start firewalld
    systemctl enable firewalld
  6. Create the schema:

    ./db_installer create-schema

  7. Set the database lock time out value as 600 by using the command:

    runuser -l <db_admin_username> -c "vsql -w \"<db_admin_password>\" -c \"ALTER DATABASE investigate set LockTimeout = 600\""

  8. (Conditional) If you plan to have both database and CDF on the same node, you must configure the database agent to use a different port.

    To change the database agent port:

    1. Change the database agent port using the command:

      sed -i 's/^agent_port = 5444/agent_port = <new_port>/g' "/opt/vertica/agent/config.py"


      sed -i 's/^agent_port = 5444/agent_port = 5438/g' "/opt/vertica/agent/config.py"

    2. Restart database agent.

      For example:

      /opt/vertica/sbin/vertica_agent restart