Log Synchronization

Beginning with v5.0, Endpoint Privilege Management for Unix and Linux can consolidate and merge the logs from the log server and the secondary server following a log server failover and log server recovery. The log synchronization feature is controlled by the logresynctimermin, pbsyncdlog, pbsynclog, and syncport settings. The client also uses log servers and event logs.

logresynctimermin

  • Version 4.0 and earlier: logresynctimermin setting not available.
  • Version 5.0 and later: logresynctimermin setting available.

When pbsync is started in daemon mode, this variable defines how often the client attempts to resynchronize the files. The time is defined in minutes and can be 5 minutes or greater.

logresynctimermin 15

Default

logresynctimermin 16

Used on

  • Log hosts
  • Synchronization clients

pbsyncdlog

  • Version 4.0 and earlier: pbsyncdlog setting not available.
  • Version 5.0 and later: pbsyncdlog setting available.

There will be a unique file to keep track of server transactions. This variable refers to the path and file name for this feature’s log, typically:

/path_to_logs/pbsyncd.log
pbsyncdlog /var/log/pbsyncd.log

Default

During the install, depending on the operating system standards, this can be any of the following:

pbsyncdlog /var/log/pbsyncd.log
pbsyncdlog /usr/log/pbsyncd.log
pbsyncdlog /var/adm/pbsyncd.log
pbsyncdlog /usr/adm/pbsyncd.log

Used on

  • Log hosts
  • Synchronization clients

pbsynclog

  • Version 4.0 and earlier: pbsynclog setting not available.
  • Version 5.0 and later: pbsynclog setting available.

There is a unique file to keep track of client transactions. pbsynclog refers to the path and file name for this feature’s log, typically:

/path_to_logs/pbsync.log
pbsynclog /var/log/pbsync.log

Default

During the install, depending on the operating system standards, this can be any of the following:

pbsynclog /var/log/pbsync.log
pbsynclog /usr/log/pbsync.log
pbsynclog /var/adm/pbsync.log
pbsynclog /usr/adm/pbsync.log

Used on

  • Log hosts
  • Synchronization clients

syncport

  • Version 4.0 and earlier: syncport setting not available.
  • Version 5.0 and later: syncport setting available.

syncport defines the TCP port number that is used for log synchronization. The port numbers for Endpoint Privilege Management daemons must use the non-reserved system ports. The allowed port numbers are 1024 to 65535 (inclusive).

syncport 24350

Default

syncport 24350

Used on

  • Log hosts
  • Synchronization clients

syncprotocoltimeout

  • Version 5.2 and earlier: syncprotocoltimeout setting not available.
  • Version 6.0 and later: syncprotocoltimeout setting available.

After a connection is established between a log synchronization client (pbsync) and server (pbsyncd), the programs perform protocol checks to verify a proper connection. Some types of protocol failures could take a long time to determine (for example., wrong service running on the policy server port, or mismatched encryption types/keys).

The syncprotocoltimeout setting determines the maximum time to wait for protocol completion. If a protocol step does not complete within the specified number of milliseconds, then pbsync stops with an error. A value of -1 indicates no protocol timeout.

syncprotocoltimeout 2000

Default

syncprotocoltimeout -1

Used on

  • Log hosts
  • Log synchronization hosts