Log Archiving
Beginning with v9.0, Endpoint Privilege Management for Unix and Linux provides a logfile tracking and archiving mechanism for I/O logs and eventlogs.
enablelogtrackingdb
- Version 8.5 and earlier: enablelogtrackingdb setting not available.
- Version 9.0 and later: enablelogtrackingdb setting available.
For use on log hosts and policy server hosts. If set, the Endpoint Privilege Management for Unix and Linux component creating the event log or I/O log sends the location information to the centralized tracking database to be recorded. This setting requires a configured REST service on the designated Log Archiver Database Server, and needs logarchivedbhost and pbrestport settings in order to update the database. To disable the feature, set this to no, and the log writer will not send the logfile location to the log tracking database. It is enabled by default.
enablelogtrackingdb yes
enablelogtrackingdb no
Default
enablelogtrackingdb no
Used on
- Log hosts
- Policy server hosts if a log host is not used
logarchivehost
- Version 8.5 and earlier: logarchivehost setting not available.
- Version 9.0 and later: logarchivehost setting available.
For use on log servers where the logfile originates. It is the name of the default destination host that receives the archived log files. It must have a valid Endpoint Privilege Management installation with the REST service configured.
logarchivehost host
host is the hostname or IP address of the archive host.
Default
No default value
Used on
- Log hosts
- Policy server hosts if a log host is not used
logarchivedbhost
- Version 8.5 and earlier: logarchivedbhost setting not available.
- Version 9.0 and later: logarchivedbhost setting available.
For use on log servers where the logfile originates. It is the name or the IP address of the host where the log tracking database is created and maintained.
The host specified must have a valid Endpoint Privilege Management installation with the REST service configured.
logarchivedbhost logarchdbhost1 logarchivedbhost 192.10.42.235
Default
No default value
Used on
- Log hosts
- Policy server hosts if a log host is not used
logarchivedir
- Version 8.5 and earlier: logarchivedir setting not available.
- Version 9.0 and later: logarchivedir setting available.
It defines the main destination path for the log files on the Log Archive Storage Server host. Under this main directory, the logfiles are organized appropriately in their subdirectories:
- event logs: <logarchivedir>/eventlog/<origlogservername>
- I/O logs: <logarchivedir>/iolog/<submithost>/submituser/<date>
If the directory does not yet exist, it is created and made secure (readable and writable by root only).
logarchivedir /pbul/pbarchive
Default
During the install, depending on the operating system standards, this can be any of the following:
logarchivedir /var/log/pblogarchive
logarchivedir /usr/log/pblogarchive
logarchivedir /var/adm/pblogarchive
logarchivedir /usr/adm/pblogarchive
Used on
Log hosts designated as Log Archive Storage Server
logarchivedb
- Version 8.5 and earlier: logarchivedb setting not available.
- Version 9.0 and later: logarchivedb setting available.
The absolute path of the SQLite log tracking database file on the Log Archiver Database Server. If the file does not yet exist, it is created when the first row is inserted.
logarchivedb /var/log/pblogtrack.db
Default
logarchivedb /opt/<prefix>dbs<suffix>/dbs/pblogarchive.db
Used on
Log hosts designated as Log Archiver Database Server
logarchivedb_delay
- Version 9.4.0 and earlier: logarchivedb_delay setting not available.
- Version 9.4.1 and later: logarchivedb_delay setting available.
Maximum accumulated time in milliseconds that the log host busy handler sleeps during the retry cycle when it encounters a locked log tracking database. If not specified, the default value is 100,000 milliseconds. The valid range is 0 - 1,200,000 milliseconds. A 0 value means no retries are attempted and a database locked error is logged immediately. Increase the value if there is a high demand on updating the log tracking database and there are too many database locked errors reported. A higher value, however, may affect the performance of the log host.
SQLite may not invoke the busy handler if it determines the possibility of a deadlock.
logarchivedb_delay 200000
Default
logarchivedb_delay 10000
Used on
Log hosts designated as Log Archiver Database Server