4.2 Managing and Monitoring Hosts

A host is created for each machine that you want to manage with Privileged Account Manager. You can register the agents and view the list of those as hosts in the Hosts console. Also, you can register the agents after adding the hosts in the Hosts console.

4.2.1 Adding a Host

  1. On the home page of the console, click Hosts.

  2. Select the domain for the new host.

  3. Click Add Hosts from the task pane.

  4. In the text box, specify the agent names for the hosts.

    You can type the names one at a time, using one name per line, or you can paste a list of names. When you add a host to the Framework Manager, the name does not need to relate to the existing DNS name that is used in locating the host on your network, however it may be helpful to keep the DNS name and Privileged Account manager host name the same for simplicity.

  5. Click Add.

    A list of agents names is displayed.

  6. Click Finish.

    The status of the host is unregistered until the agent is installed and registered on the host machine. For instructions on this process, see Installing and Registering a Framework Agent in the Privileged Account Manager Installation Guide.

4.2.2 Viewing Host Details

  1. On the home page of the console, click Hosts.

  2. In the navigation pane, select the domain containing the hosts whose details you want to view.

  3. Click the arrow next to the domain name to display the list of hosts.

  4. Click the required host to display the host details and status in the details pane.

    Field

    Description

    Agent name

    The agent name configured for this host.

    DNS name/ IP address

    The name of the host. This is either a resolvable DNS name or the IP address.

    Port

    The port the host is using for Privileged Account Manager communication.

    Platform

    The operating system on the host.

    Processor

    The type of processor on the host.

    OS Version

    The version of the kernel running on the host.

    Agent version

    The version of the agent software that the host is running.

    System time

    The current date and time that the host is configured for, displayed in UTC.

    Use this time to verify that the agent’s time is synchronized with the other hosts.

    Service uptime

    The number of days, hours, minutes, and seconds the agent has been running since the last start up.

    Active sessions

    The number of connections currently open between the agent and any other agent, including itself.

    Active tasks

    The number of internal tasks that the agent is running at any one time.

    Installation path

    The directory location of the installed agent software.

    Disk space

    The total amount of available disk space, the amount of free disk space, and the percentage of disk space in use.

    Memory (approx)

    The amount of memory (heap) currently being used by the agent to store its data.

    This is the virtual data segment size minus the thread stack and the statically initialized data (because this is a constant value) as returned by the sbrk system call.

    Registration

    The licensing state of the software, either licensed or unlicensed.

    Status

    The status of the host: online, offline, unregistered.

  5. In the navigation pane, select the host to display the Packages option on the right pane.

  6. Click Packages to view details of the packages installed on the selected host.

4.2.3 Modifying a Host

  1. On the home page of the console, click Hosts.

  2. In the navigation pane, select the host to modify.

  3. In the task pane, click Modify Host.

  4. Modify the general details:

    Agent Name: Specify a display name for this agent.

    Description: Add a description. This description is displayed next to the agent name in the navigation pane.

    DNS Name/ IP Address: Specify the DNS name or IP address of the host that is used in locating the host on your network.

    Port: Displays the port that was specified when the agent was registered.

    Audit Zone: Displays the audit zone of the host. The audit zone of the host will be same as the audit zone of the sub-domain or domain it belongs to. For more information about audit zones, see Managing Audit Zones.

  5. Configure the encryption settings. When these settings are modified for an individual host, the host settings overwrite the settings specified for the domain.

    Key Configuration: Select this option to enable configuration of the encryption key.

    Host Key Rollover (days): Specify how many days the host key can be used before generating a new key.

    DB Key Rollover (days): Specify how many days the database key can be used before generating a new key.

    Encrypt: Select the databases you want to encrypt.

    Encrypting the database can affect the performance. The following databases can be considered for enabling encryption:

    • auth.db - Contain usernames

    • registry.db - Contains the hostnames.

    • cmdctrl.db - Contains command control rules with usernames and hostnames.

    NOTE:The encryption of auditing data (/audit/cmdctrl.db) can be enabled from the Reporting console. See Audit Settings.

  6. Click Finish.

4.2.4 Registering Hosts

You can register the agents before performing any action on the host through the console. When you register the agent, the host is added in the host console. You can also register the agent after adding the host. Perform the following steps to register the agents after adding the host in the console.

  1. On the home page of the console, click Hosts.

  2. In the navigation pane click the root domain, Hosts.

  3. In the task pane, click List Unregistered Hosts.

    Unregistered hosts that are in the subnet are listed.

    NOTE:If you have registered an agent, then this agent is automatically updated as host in the Hosts console.

  4. Select the hosts to be registered and provide the following details:

    • PAM Admin Username: User name for the Framework Manager.

    • PAM Admin Password: Password for the Framework Manager.

    • Agent Admin Password: The root password of the Linux or the Unix hosts on Linux platform or the administrator password on Windows platform.

  5. Click Register to auto register the selected hosts.

    NOTE:By default all the registered hosts are registered to the root of the domain. To move the hosts, see Moving a Host.

4.2.5 Deleting a Host

  1. On the home page of the console, click Hosts.

  2. In the navigation pane, select the hosts to delete and click Delete Host.

    Or

    In the details pane, select the hosts to delete.

    To select all hosts in a domain, select Name.

  3. In the task pane, click Delete Host.

    The selected hosts are listed.

  4. Click Finish.

WARNING:Deleting the audit manager host might result in losing audit data that is received from the domain or audit zone.

4.2.6 Moving a Host

You can move hosts among the domains.

  1. On the home page of the console, click Hosts.

    The navigation pane displays the current hierarchy for your Framework.

  2. In the navigation pane, click the arrow next to the domain that contains the hosts you want to move.

  3. Select the hosts to move.

  4. Drag and drop the hosts to the new domain.

    If the list is large, perform the following:

    1. In the middle pane, click the domain that has the required host.

      All the hosts in the domain are listed in the right pane.

    2. In the middle pane, scroll till you can view the destination domain.

    3. Drag the host from the right pane and drop it to the destination domain in the middle pane.

NOTE:When you move a host from one domain to another, the audit zone of the host changes to the audit zone of the domain to which it has been moved.

4.2.7 Finding a Host

  1. On the home page of the console, click Hosts.

  2. On the navigation pane, click the root domain, Hosts.

  3. In the task pane, click Find Host.

  4. In the Agent Name field, specify the name of the host you are looking for.

    You can use the wildcard characters * and ?. This field is case sensitive.

  5. Click Find.

  6. To go to a host’s details, double-click the agent name.

4.2.8 Monitoring Hosts

Privileged Account Manager maintains a log file for each host. Each host can be configured to send alerts to the Framework Manager console when errors occur. It allows you to monitor the status of each host:

Viewing the Host Status

The Host Status option allows you to view the current status of all your hosts, or all the hosts in a domain, on one page.

  1. On the home page of the console, click Hosts.

  2. Select a domain.

  3. Click Host Status in the task pane.

    The status for each host is displayed, as shown in the following table, with a summary at the bottom of the screen.

    The host is online.

    There is a status problem with the host; for example, the host’s time offset exceeds the defined level (see Step 5). Click the arrow to the left of the green box to display status messages.

    The host is offline.

    The host is unregistered.

  4. Use the Online, Offline and Unregistered check boxes to select the hosts you want to view.

    If you have a long list of hosts, deselect the Auto scroll check box to stop the automatic scrolling.

  5. (Optional) Change the filter settings from the default values and select Restart to check the status again. The available filters are:

    Maximum Timeoffset (minutes): The difference in system time between the host and the Primary Registry Manager. If the time offset exceeds the value in this field, a warning indicator is displayed.

    Minimum Disk Space (MB): If the available disk space on the host machine goes below the value in this field, a warning indicator is displayed.

    Maximum Memory (MB): If the memory used by the host exceeds the value in this field, a warning indicator is displayed.

  6. To view a host’s details, double-click the host or click Close to return to the hierarchical view.

To use a command line option to view the status, see Agent Status.

Viewing the Host Log

  1. On the home page of the console, click Hosts.

  2. In the navigation pane, select the required host.

  3. In the task pane, click View Host Log.

  4. Specify the values for the following based on the required log information:

    Log Level: Set the level of information you want to see on the screen.

    • Error displays only Error messages.

    • Warning displays Warning and Error messages.

    • Information displays Information, Warning, and Error messages.

    Refresh (secs): Set the interval between screen refreshes. You can select intervals from 1 to 60 seconds

    Maximum Cached log Messages: Set the maximum number of log messages to display on the screen. You can view from 10 to 1000 messages.

  5. Click the Pause check box to pause the screen display.

  6. Click the Clear button to clear the screen display.

  7. Click Close to return to the Framework hierarchy view.

Modifying Log Settings

You can modify log settings for hosts, hosts in a domain, or an individual host by using the Domain Log Settings or Host Log Settings options.

  1. On the home page of the console, click Hosts.

  2. To modify the log settings for all hosts in a domain, select the domain. To modify the log settings for an individual host, select the host in the navigation pane.

  3. Click Domain Log Settings or Host Log Settings in the task pane, then modify the following settings:

    File Name: Specify the filename and location of the log file. All the details are by default logged in logs/unifid.log.

    Level: Set the level of information you need. The default level is Info.

    • Error for Error messages.

    • Warning for Warning and Error messages.

    • Info for Information, Warning, and Error messages.

    • Debug for Debug, Information, Warning, and Error messages.

    • Trace for Trace, Debug, Information, Warning, and Error messages.

      NOTE:The Debug and Trace settings generate a lot of data and are primarily for the use of NetIQ Support.

    Show all tasks: Click Show all tasks to include all tasks in the log. The Show all tasks option is primarily for the use of NetIQ Support.

    Roll Over: Select the rollover point from the drop-down list to specify when the log file is overwritten with new information. If the maximum size set for the log file is reached, the log file is overwritten regardless of this setting.

    Max Size (MB): Select the maximum size of the log file from the drop-down list. This specifies when the log is overwritten with new information.

    Roll Over Script: Enter a Perl script to be executed at the rollover point. For a sample script, see Example Rollover Script.

  4. Click Next to apply the changes.

    If the changes are applied successfully, a green box is displayed next to the agent name.

    If the changes are not applied successfully (for example, if the host is not online), a red box is displayed next to the agent name.

  5. Click Close.

Example Rollover Script

This is an example of a Perl script that can be called at the rollover point for the host log file. The script compresses the old unifid.log and then removes any log files that are more than 30 days old.

use File::Basename;
# Zip up rolled over logfile
system("/usr/bin/gzip $LOG_FILE");
my $log_root = dirname($LOG_FILE);
$ctx->log_info("Log file directory  - $log_root");
opendir(LOGDIR, $log_root);
$ctx->log_info("Zipping up $LOG_FILE");
# Find all the compressed log files
my @log_files = map { $_->[1] }
map { [ $_, "$log_root/$_" ] }
grep { /\.gz$/ }
readdir(LOGDIR);
closedir(LOGDIR);
# Delete all log files older than 30 days
my $time = time();
foreach my $log (@log_files) {
my ($mtime) = (stat($log))[9];
my $age = int((($time - $mtime) / 3600) / 24);
$ctx->log_info("Checking $log ($age days old)");
next unless $age > 30;
$ctx->log_info("Deleting $log ($age days old)");
unlink $log;
}