Connections to Log Servers

Hosts that access Privilege Management log servers need to know how to connect to log servers and how long to wait for failovers. The connections are defined by the logservers and logport settings. These settings must be defined on the policy server host. Run hosts usually obtain this information from the policy server host’s policy file and do not need these settings. Log servers need to know only the port.

Connection timing is controlled by the logserverdelay and logserverprotocoltimeout settings.

logservers

  • Version 4.0.0 and later: logservers setting available.

The logservers setting provides a list of outgoing connection information for Privilege Management for Unix and Linux programs that use log servers.

The list can contain:

  • Host names
  • A single asterisk (*)denoting a Registry Name Service lookup
  • Netgroups in the form:
  • +@name
  • Hosts to exclude in the form:
  • -name
  • Netgroups to exclude in the form:
  • -@name
  • Absolute path names of a local pblogd. If spaces are required, the string must be quoted.
  • DNS SRV lookups, in the form:
  • _<pbul service name>._tcp.<domain name>.[:port=<port>[:interface=<IP or hostname>]]
  • External Programs, in the form:
  • `/path/to/external/program`

The following are tried in sequence to determine the port value:

  1. The non-zero port value from a DNS SRV lookup
  2. The value specified within the logservers setting
  3. The value of the logport setting
  4. The pblogd entry in services 5.
  5. Port 24347
logservers mylogserver.mydomain
logservers sparky spot
logservers loghost1 loghost2
logservers +@logservers -@badlogservers -badlogserver
logservers sparky spot "/usr/sbin/pblogd"
logservers _auto
logservers _pbmasters
logservers _pbmasters._tcp.mydomain.
logservers _pbmasters._tcp. mydomain.:port=12345
logservers `/bin/get_first_submitmaster`

No default value

  • Policy server hosts
  • Submit hosts by pbksh and pbsh when a Policy Server is not available

logport

  • Version 4.0.0 and later: logport setting available.

The port numbers for Privilege Management daemons must use the non-reserved system ports. The allowed port numbers are 1024 to 65535 (inclusive).

The value of this setting follows the guidelines in Port Specifications.

logport 12345
logport pblogd
logport 24347
  • Log hosts
  • Policy server hosts
  • Run host
  • Submit hosts by pbksh and pbsh when a policy server host is not available