diff --git a/elk_metrics_6x/installLogstash.yml b/elk_metrics_6x/installLogstash.yml
index e1edfe90..2125716f 100644
--- a/elk_metrics_6x/installLogstash.yml
+++ b/elk_metrics_6x/installLogstash.yml
@@ -251,6 +251,59 @@
         src: "templates/logrotate.j2"
         dest: "/etc/logrotate.d/logstash"
 
+    - name: Run arcsight output block
+      block:
+        - name: Initialise arcsight local facts
+          ini_file:
+            dest: "/etc/ansible/facts.d/logstash.fact"
+            section: arcsight
+            option: "initialise"
+            value: true
+
+        - name: refresh local facts
+          setup:
+            filter: ansible_local
+            gather_subset: "!all"
+          tags:
+            - nova-config
+
+        - name: Setup arcsight smart connector
+          shell: >-
+            /usr/local/bin/logstash --modules arcsight {{ (ansible_local['arcsight'][item.host] is defined) | ternary('', '--setup') }}
+              -M "arcsight.var.input.smartconnector.bootstrap_servers={{ item.host }}:{{ item.port }}"
+              -M "arcsight.var.elasticsearch.hosts=localhost:{{ elastic_port }}"
+              -M "arcsight.var.kibana.host={{ hostvars[groups['kibana'][0]]['ansible_host'] }}:{{ kibana_port }}"
+          with_items: "{{ logstash_arcsight_smart_connectors }}"
+          run_once: true
+          register: smart_connector
+          until: smart_connector is success
+          retries: 5
+          delay: 5
+
+        - name: Setup arcsight event broker
+          shell: >-
+            /usr/local/bin/logstash --modules arcsight {{ (ansible_local['arcsight'][item.host] is defined) | ternary('', '--setup') }}
+              -M "arcsight.var.input.eventbroker.bootstrap_servers={{ item.host }}:{{ item.port }}"
+              -M "arcsight.var.elasticsearch.hosts=localhost:{{ elastic_port }}"
+              -M "arcsight.var.kibana.host={{ hostvars[groups['kibana'][0]]['ansible_host'] }}:{{ kibana_port }}"
+          with_items: "{{ logstash_arcsight_event_brokers }}"
+          run_once: true
+          register: event_broker
+          until: event_broker is success
+          retries: 5
+          delay: 5
+
+        - name: Set arcsight local facts
+          ini_file:
+            dest: "/etc/ansible/facts.d/logstash.fact"
+            section: arcsight
+            option: "{{ item.host }}"
+            value: "{{ item.port }}"
+          with_items: "{{ logstash_arcsight_smart_connectors | union(logstash_arcsight_event_brokers) }}"
+      when:
+        - logstash_arcsight_smart_connectors or
+          logstash_arcsight_event_brokers
+
   handlers:
     - name: Enable and restart logstash
       systemd:
diff --git a/elk_metrics_6x/vars/variables.yml b/elk_metrics_6x/vars/variables.yml
index 78e9afc0..1d4f13c9 100644
--- a/elk_metrics_6x/vars/variables.yml
+++ b/elk_metrics_6x/vars/variables.yml
@@ -107,6 +107,21 @@ logstash_deploy_filters: true
 # logstash_kafka_ssl_keystore_location: "/root/kafka/keystore.jks"
 # logstash_kafka_ssl_truststore_location: "/root/kafka/truststore.jks"
 
+## Setup servers that read events from the Smart Connector directly. This
+## supports multiple entries in list format using the "host" and "port" for the
+## smart connector.
+# logstash_arcsight_smart_connectors:
+#   - host: 127.0.0.1
+#     port: 5000
+logstash_arcsight_smart_connectors: []
+
+## Setup servers to read events from the Eevnt Broker Stream. This
+## multiple entries in list format using the "host" and "port" for the
+## for the event brokers.
+# logstash_arcsight_event_brokers:
+#   - host: 127.0.0.1
+#     port: 5000
+logstash_arcsight_event_brokers: []
 
 # APM vars
 apm_interface: 0.0.0.0