How do I specify the Security Manager central computer to which the Unix agent sends alerts? (NETIQKB50586)

  • 7750586
  • 02-Feb-2007
  • 15-May-2007

Resolution

goal
How do I specify the Security Manager central computer to which the Unix agent sends alerts?

goal
How do I configure the Unix agent to send alerts to multiple central computers?

goal
How do I configure the Unix agent to send alerts to multiple configuration groups?

goal
How do I configure the Unix agent to send alerts to multiple Intrusion Managers?

goal
How do I specify backup central computers for the Unix agent to send alerts in failover situations?

goal
How do I change the central computer to which the Unix agent sends real-time alerts?

goal
How do I change the Unix agent to send alerts to a different central computer?

fact
NetIQ Security Agent for Unix 5.5

fact
VigilEnt Security Agent for Unix 5.0

fact
Security Manager 5.X

fix

If you have the NetIQ Security Agent for Unix version 5.5 and Intrusion Manager, complete the following steps:

  1. Start Unix Manager. For more information about starting Unix Manager, see the Unix Agent Installation and Configuration Guide, which is located in the Unix agent installation kit.
  2. Click Manage Agents
  3. On the Hosts menu, click  Scan All Hosts.
  4. On the Hosts menu, click Configure Agent.
  5. Select the agent you want to update, and then click Parameters.
  6. If you want to change the central computer, type the central computer IP addresses and port number.  Consider the following example: 10.10.12.13:1636
  7. If you want to configure the Unix agent to send alerts to multiple configuration groups, separate the central computer IP address and port number for each configuration group with a comma (,). For example, type: 10.10.16.23:1636,10.10.16.24:1636
  8. If you want to configure backup central computers for failover, separate the IP address and port number for each Security Manager central computer with a bar (|). Failover occurs in the order you specify, from left to right, with the first central computer acting as the primary central computer. For example, type 10.10.12.13:1636|10.10.13.15:1636 .


fix

If you have the VigilEnt Security Agent for Unix version 5.0 and Intrusion Manager, complete the following steps:

  1. If you want to change the central computer, complete the following steps:

  2. a. Start Unix Manager. For more information about starting Unix Manager, see the Unix Agent Installation and Configuration Guide, which is located in the Unix agent installation kit.
    b. Click Manage Agents
    c. On the Hosts menu, click  Scan All Hosts.
    d. On the Hosts menu, click Configure Agent.
    e. Select the agent you want to update, and then click Parameters.
    f. Type the central computer IP addresses and port number. Consider the following example: 10.10.12.13:1636
  3. If you want to specify multiple configuration groups or backup central computers, complete the following steps:

  4. a. Log onto the Unix agent computer.
    b. If your logon account is not a root user, su to root.
    c. Change to the /etc directory.
    d. Edit vsaunix.cfg file and change the IDMEF_DESTINATIONS line to contain the central computers IP addresses and port numbers.
    e. If you want to configure the Unix agent to send alerts to multiple configuration groups, separate the central computer IP address and port number for each configuration group with a comma (,). For example, type: IDMEF_DESTINATIONS="100.100.100.100:1636, 200.200.200.200:1636"
    f. If you want to configure backup central computers for failover, separate the IP address and port number for each Security Manager central computer with a bar (|). Failover occurs in the order you specify, from left to right, with the first central computer acting as the primary central computer. For example, type: IDMEF_DESTINATIONS="100.100.100.100:1636 | 200.200.200.200:1636"
           Note: Use of the double quote character is required to properly identify the addresses to the agent.
    g. Save and exit the file.
    h. Restart the Unix agent.


Additional Information

Formerly known as NETIQKB50586

Feedback service temporarily unavailable. For content questions or problems, please contact Support.