BeyondInsight Event Logging

The BeyondTrust BeyondInsight product enables you to capture and report on privilege and vulnerability data across the entire IT stack (server, desktop, cloud, mobile, and virtualized environments).

Starting with version 7.5, Privilege Management for Unix and Linux can send information about certain events to BeyondInsight for logging and reporting purposes.

The settings in this section enable and configure the sending of event information to BeyondInsight.

For more information, please see BeyondInsight Event and I/O Logging Common Settings.

rcshost

  • Version 7.1 and earlier: rcshost setting not available.
  • Version 7.5 and later: rcshost setting available.

The hostname of the Windows machine where BeyondInsight is installed. This keyword does not support the Privilege Management for Unix and Linux extended settings such as interface.

rcshost W7-RETINACS-01

No default value

  • Policy server hosts
  • Log hosts

rcswebsvcport

  • Version 7.1 and earlier: rcswebsvcport setting not available.
  • Version 7.5 and later: rcswebsvcport setting available.

The port number used to communicate with BeyondInsight Web Services on rcshost.

rcswebsvcport 443
rcswebsvcport 443
  • Policy server hosts
  • Log hosts

rcsworkgroup

  • Version 7.5 and earlier: rcsworkgroup setting not available.
  • Version 8.0 and later: rcsworkgroup setting available.

A label which helps BeyondInsight identify and sort data sent from Privilege Management for Unix and Linux.

rcsworkgroup PMULMasterBeyondTrustWorkgroup
rcsworkgroup "BeyondTrust Workgroup"

Policy server hosts

sslrcscertfile

  • Version 7.1 and earlier: sslrcscertfile setting not available.
  • Version 7.5 and later: sslrcscertfile setting available.

BeyondInsight Client Certificate File in PEM format. Used to authenticate Privilege Management to BeyondInsight when sending event log records.

sslrcscertfile /etc/retinacs-01_eEyeEmsClient.pem

No default value

  • Policy server hosts
  • Log hosts

sslrcscafile

  • Version 7.1 and earlier: sslrcscafile setting not available.
  • Version 7.5 and later: sslrcscafile setting available.

BeyondInsight server-bound Certificate Authority File in PEM format. Used to authenticate the BeyondInsight when sending event log records.

sslrcscafile /etc/retinacs-01_eEyeEmsCA.pem

No default value

  • Policy server hosts
  • Log hosts