How do I maintain log files for VigilEnt Security Agent for Web Servers? (NETIQKB31834)

  • 7731834
  • 02-Feb-2007
  • 08-Sep-2008

Resolution

goal
How do I maintain log files for VigilEnt Security Agent for Web Servers?

fact
VigilEnt Security Agent for WebServers 2.0

fact
VigilEnt Security Agent for WebServers 2.1

fact
VigilEnt Security Agent for WebServers 2.1 Patch1

fact
VigilEnt Security Agent for WebServers 2.1 Patch2

fact
VigilEnt Security Agent for WebServers 3.0

fact
VigilEnt Security Agent for WebServers 3.1.1

fix

The Edit System Configuration window is used to edit the settings of the VigilEnt Security Agent for Web Servers log file. The navigation pane (left side of screen) can be used to jump directly to each section of the window. You can view VigilEnt Security Agent for Web Server log files using the Detect/Prevent Log Viewer, available at Start » Programs » VigilEnt Security Agent » IDS Log Viewer.

To Edit System Configuration:

  1. Click the Detect/Prevent tab in the main VigilEnt Security Agent for Web Servers window.
  2. Select Manage Web Servers on the subnavigation bar. The Web Server Manager window opens listing all web server configurations that have been added.
  3. Click the Edit System icon next to the configuration to be edited.
    • Note: If the configuration to be edited is listed as active in the Web Server Manager
      window, the System Configuration Editor can be accessed using the Edit System Configuration link on the subnavigation bar.
    • Note: Links to all settings for the selected configuration are listed in the navigation
      pane on the left side of the screen.
  4. Use the option in the Hot Update section to determine whether the system administrator can update the VigilEnt Security Agent for Web Servers configuration without restarting the web server.
    • Enabled: Select True to allow the system administrator to update the configuration
      without restarting the web server.
    • Note:If this setting is disabled, the web server must be restarted to accept changes.
  5. VigilEnt Security Agent for Web Servers sends messages to a log file. Use the options in the VigilEnt Security Agent for Web Servers Log File section to determine the setup of the log file.
    • Prefix: The default entry saves the log files in the directories created at installation time. This entry can be changed to place the log files in a different location.
    • Roll Method: Entries in Roll Method and Roll Frequency are used to determine how often new log files are started. In Roll Method, select the base time interval to be used to determine when new logs are started.
    • Roll Frequency: This entry is used with the entry in Roll Method. For example, set Roll Method to ROLL_BY_HOUR and Roll Frequency to 12 to cause new logs to be started twice each day.
    • Encrypt: Encryption can be used in instances in which the log files must be kept secure. Encrypt and Encrypt Key are used together to encrypt log files. Select True to enable encryption.
    • Encrypt Key: Type a key used to encrypt the log file. The key must be between 8 and 32 characters in length. For security reasons, when revisiting this window, the number of characters displayed may not equal the actual number of characters in the key.
    • Encrypt Key (Repeat to Confirm): Retype the encryption key.
    • Synchronize Write Access: Select True only if multiple processes write to the same log file, resulting in jumbled log entries. In all other situations, False is the suggested setting.
    • Line Delimiter: The line delimiter character is used to determine when a log
      entry ends. A line delimiter character should be a non-printing character; for
      example, \n or \x0D.
  6. Use the options in the Logging Level section to determine the amount of system information sent to the log file. Select a logging Level based on the following:
    • FATAL?Reports only messages associated with errors that stopped the agent.
    • ERRORRONG>?Reports unrecoverable errors that are not severe enough to stop the agent.
    • WARN?Reports recoverable errors or undesirable conditions that do not  adversely affect the Detect/Prevent software.
    • INFO?The most common setting, that sends start, stop, and reconfiguration messages in addition to warning and error message to the log.
    • DEBUG?Generates very large amounts of trace and debug information. This
      should not be used in production environments.
  7. Click Save. Your changes are saved and the Web Server Manager window opens.

Note: The Reset button can be used to reverse all parameter changes made during
this editing session.

.


Additional Information

Formerly known as NETIQKB31834