BeyondInsight Event Logging

The BeyondTrustBeyondInsight product enables you to capture and report on privilege and vulnerability data across the entire IT stack (server, desktop, cloud, mobile, and virtualized environments).

Starting with version 7.5, Endpoint Privilege Management for Unix and Linux can send information about certain events to BeyondInsight for logging and reporting purposes.

The settings in this section enable and configure the sending of event information to BeyondInsight.

For more information, see BeyondInsight Event and I/O Logging Common Settings.

rcshost

  • Version 7.1 and earlier: rcshost setting not available.
  • Version 7.5 and later: rcshost setting available.

The hostname of the Windows machine where BeyondInsight is installed. This keyword does not support the Endpoint Privilege Management for Unix and Linux extended settings such as interface.

rcshost W7-RETINACS-01

Default

No default value

Used On

  • Policy server hosts
  • Log hosts

rcswebsvcport

  • Version 7.1 and earlier: rcswebsvcport setting not available.
  • Version 7.5 and later: rcswebsvcport setting available.

The port number used to communicate with BeyondInsight Web Services on rcshost.

rcswebsvcport 443

Default

rcswebsvcport 443

Used On

  • Policy server hosts
  • Log hosts

rcsworkgroup

  • Version 7.5 and earlier: rcsworkgroup setting not available.
  • Version 8.0 and later: rcsworkgroup setting available.

A label which helps BeyondInsight identify and sort data sent from Endpoint Privilege Management for Unix and Linux.

rcsworkgroup PMULMasterBeyondTrustWorkgroup

Default

rcsworkgroup "BeyondTrust Workgroup"

Used On

Policy server hosts

sslrcscertfile

  • Version 7.1 and earlier: sslrcscertfile setting not available.
  • Version 7.5 and later: sslrcscertfile setting available.

BeyondInsight Client Certificate File in PEM format. Used to authenticate Endpoint Privilege Management to BeyondInsight when sending event log records.

sslrcscertfile /etc/retinacs-01_eEyeEmsClient.pem

Default

No default value

Used On

  • Policy server hosts
  • Log hosts

sslrcscafile

  • Version 7.1 and earlier: sslrcscafile setting not available.
  • Version 7.5 and later: sslrcscafile setting available.

BeyondInsight server-bound Certificate Authority File in PEM format. Used to authenticate the BeyondInsight when sending event log records.

sslrcscafile /etc/retinacs-01_eEyeEmsCA.pem

Default

No default value

Used On

  • Policy server hosts
  • Log hosts