How do I change the port that the central computer listens for Unix agents? (NETIQKB45007)

  • 7745007
  • 02-Feb-2007
  • 06-Apr-2012

Situation

How to change the Security Manager Central Computer to listen for Unix agents on a port other than the default port 1636, then subsequently how to get the Unix agent to send the detect real time alerts to this same port.

Resolution

  • To change the port SM consolidator machine listens on for Unix agent events:

  1. In Notepad, open the file mk.options located by default in one of the following directories:
    • For Security Manager 5.0: \Program Files\MCS OnePoint\OnePoint
    • For Security Manager 5.1.x: \Program Files\NetIQ Security Manager\OnePoint
    • For Security Manager 6.x: \Program Files\NetIQ Security Manager\OnePoint\mk.options

Edit the lines:
server/listener/002/port=<new port number>
server/listener/003/port=<new port number>

  1. Save the file
  2. On the Unix agent, verify that the new port number matches the port specified in the IDMEF_DESTINATIONS line located in /etc/vsaunix.cfg.
  3. Restart the service:
    • For Security Manager 5.0: OnePoint service
    • For Security Manager 5.1.x: NetIQ Security Manager service
    • For Security Manager 6.x : NetIQ Security Manager service
  4. If you made changes to the Unix agent file, restart the detectd process on the Unix agent.

    AIX:            /etc/rc.detectd  {action}

    Solaris:        /etc/init.d/detectd  {action}

    HPUX:           /sbin/init.d/detectd  {action}

    Linux:          /etc/rc.d/init.d/detectd  {action}

    OSF1 (Tru64):   /sbin/init.d/detectd  {action}

    IRIX:           /etc/init.d/detectd  {action}

    FreeBSD:        /usr/local/etc/rc.d/detectd  {action}

    SuSE   :        /etc/init.d/detectd  {action}

            {action} = restart

Additional Information

Formerly known as NETIQKB45007

Feedback service temporarily unavailable. For content questions or problems, please contact Support.