Log Archiving

Beginning with v9.0, Endpoint Privilege Management for Unix and Linux provides a logfile tracking and archiving mechanism for I/O logs and eventlogs.

enablelogtrackingdb

  • Version 8.5 and earlier: enablelogtrackingdb setting not available.
  • Version 9.0 and later: enablelogtrackingdb setting available.

For use on log hosts and policy server hosts. If set, the Endpoint Privilege Management for Unix and Linux component creating the event log or I/O log sends the location information to the centralized tracking database to be recorded. This setting requires a configured REST service on the designated Log Archiver Database Server, and needs logarchivedbhost and pbrestport settings in order to update the database. To disable the feature, set this to no, and the log writer will not send the logfile location to the log tracking database. It is enabled by default.

Enable Tracking of Logfile Location:
enablelogtrackingdb yes
Disable Tracking of Logfile Location:
enablelogtrackingdb no

Default

enablelogtrackingdb no

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivehost

  • Version 8.5 and earlier: logarchivehost setting not available.
  • Version 9.0 and later: logarchivehost setting available.

For use on log servers where the logfile originates. It is the name of the default destination host that receives the archived log files. It must have a valid Endpoint Privilege Management installation with the REST service configured.

logarchivehost host

host is the hostname or IP address of the archive host.

Default

No default value

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivedbhost

  • Version 8.5 and earlier: logarchivedbhost setting not available.
  • Version 9.0 and later: logarchivedbhost setting available.

For use on log servers where the logfile originates. It is the name or the IP address of the host where the log tracking database is created and maintained.

The host specified must have a valid Endpoint Privilege Management installation with the REST service configured.

logarchivedbhost logarchdbhost1
logarchivedbhost 192.10.42.235

Default

No default value

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivedir

  • Version 8.5 and earlier: logarchivedir setting not available.
  • Version 9.0 and later: logarchivedir setting available.

It defines the main destination path for the log files on the Log Archive Storage Server host. Under this main directory, the logfiles are organized appropriately in their subdirectories:

  • event logs: <logarchivedir>/eventlog/<origlogservername>
  • I/O logs: <logarchivedir>/iolog/<submithost>/submituser/<date>

If the directory does not yet exist, it is created and made secure (readable and writable by root only).

logarchivedir /pbul/pbarchive

Default

During the install, depending on the operating system standards, this can be any of the following:

logarchivedir /var/log/pblogarchive
logarchivedir /usr/log/pblogarchive
logarchivedir /var/adm/pblogarchive
logarchivedir /usr/adm/pblogarchive

Used on

Log hosts designated as Log Archive Storage Server

logarchivedb

  • Version 8.5 and earlier: logarchivedb setting not available.
  • Version 9.0 and later: logarchivedb setting available.

The absolute path of the SQLite log tracking database file on the Log Archiver Database Server. If the file does not yet exist, it is created when the first row is inserted.

logarchivedb /var/log/pblogtrack.db

Default

logarchivedb /opt/<prefix>dbs<suffix>/dbs/pblogarchive.db

Used on

Log hosts designated as Log Archiver Database Server

logarchivedb_delay

  • Version 9.4.0 and earlier: logarchivedb_delay setting not available.
  • Version 9.4.1 and later: logarchivedb_delay setting available.

Maximum accumulated time in milliseconds that the log host busy handler sleeps during the retry cycle when it encounters a locked log tracking database. If not specified, the default value is 100,000 milliseconds. The valid range is 0 - 1,200,000 milliseconds. A 0 value means no retries are attempted and a database locked error is logged immediately. Increase the value if there is a high demand on updating the log tracking database and there are too many database locked errors reported. A higher value, however, may affect the performance of the log host.

SQLite may not invoke the busy handler if it determines the possibility of a deadlock.

logarchivedb_delay     200000

Default

logarchivedb_delay     10000

Used on

Log hosts designated as Log Archiver Database Server