Situation
How to change the Security Manager Central Computer to listen for Unix agents on a port other than the default port 1636, then subsequently how to get the Unix agent to send the detect real time alerts to this same port.
Resolution
- To change the port SM consolidator machine listens on for Unix agent events:
- In Notepad, open the file mk.options located by default in one of the following directories:
- For Security Manager 5.0:
\Program Files\MCS OnePoint\OnePoint
- For Security Manager 5.1.x:
\Program Files\NetIQ Security Manager\OnePoin
t
For Security Manager 6.x:
\Program Files\NetIQ Security Manager\OnePoin
t\mk.options
- For Security Manager 5.0:
Edit the lines:server/listener/002/port=<new port number>
server/listener/003/port=<new port number>
- Save the file
- On the Unix agent, verify that the new port number matches the port specified in the
IDMEF_DESTINATIONS
line located in/etc/vsaunix.cfg
. - Restart the service:
- For Security Manager 5.0: OnePoint service
- For Security Manager 5.1.x: NetIQ Security Manager service
- For Security Manager 6.x : NetIQ Security Manager service
- If you made changes to the Unix agent file, restart the detectd process on the Unix agent.
AIX: /etc/rc.detectd {action}
Solaris: /etc/init.d/detectd {action}
HPUX: /sbin/init.d/detectd {action}
Linux: /etc/rc.d/init.d/detectd {action}
OSF1 (Tru64): /sbin/init.d/detectd {action}
IRIX: /etc/init.d/detectd {action}
FreeBSD: /usr/local/etc/rc.d/detectd {action}
SuSE : /etc/init.d/detectd {action}
{action} = restartAdditional Information
Formerly known as NETIQKB45007