Resolution
How do I configure a running Unix agent to find the Security Manager consolidator?
goal
How do I modify the IDMEF_DESTINATIONS parameter?
goal
How do I specify a Security Manager central computer IP address and port number on a Unix agent?
fact
VigilEnt Security Agent for Unix 5.0
fact
Unix Manager 5.0
fix
Use either ofthe following methods to enable a running Unix agent to find the Security Manager consolidator:
- Automatic configuration, using Unix Manager.
- Manual configuration, performed by editing the
/etc/vsaunix.cfgfile directly on the agent.
Note: NetIQ Corporation recommends that you use the Unix Manager to make this change.
In both of the following procedures, IPADDRESS is the IP addres of the Security Manager central computer acting as the consolidator.
To use Unix Manager to create or update the IDMEF_DESTINATIONS parameter:
Start the Unix Manager console.
Expand Manage Agents -> Hosts -> Configure Agents.
Select the required computer.
In the Central Computer IP Address and Port text box, type the following:
Click OK.
Note: Scanned hosts appear in the Configure Agents list.
IDMEF_DESTINATION=IPADDRESS:1626Note: If necessary, you can specify a port other than the default,1626.
To manually create or update the IDMEF_DESTINATIONS parameter:
On the agent computer, log in as root.
Change directories to
/etc.Using vi or another text editor, open the vsaunix.cfg file.
Anywhere above the export line in this file, add a line that contains the IP address and port number for the Security Manager consolidator computer:
Save and close the file.
IDMEF_DESTINATION=IPADDRESS:1626Note: If necessary, you can specify a port other than the default,1626.
note
If you still experience problems after performing one of the configuration procedures, you may want to learn more about agent troubleshooting. For more information, see NetIQ Knowledge Base article NETIQKB47264, How to troubleshoot Unix agent ( VSAU ) alerts not getting to the SM Consolidator.