REST Services

pbresturi

  • Version 8.5.0 and earlier: pbresturi setting not available.
  • Version 9.0.0 and later: pbresturi setting available.

The pbresturi setting is to allow the configuration of non-default REST Uniform Resource Locator paths for the pblighttpd service. This setting is primarily for diagnosis. We do not recommend that it be changed in a normal installation.

pbresturi URLSTRING

Default

No default value

Used On

All hosts

pbrestlog

  • Version 8.0 and earlier: pbrestlog setting not available.
  • Version 8.1.0 and later: pbrestlog setting available.

The pbrestlog setting defines the path to the REST services log.

Depending on the operating system standards, this can be any of the following:
  • /var/log/pbrest.log
  • /var/adm/pbrest.log
  • /usr/adm/pbrest.log

Default

pbrestlog /var/log/pbrest.log

Used On

All hosts

pbrestdir

  • Version 8.5.0 and earlier: pbrestdir setting not available.
  • Version 9.0.0 and later: pbrestdir setting available.

The pbrestdir setting specifies the directory for the installation of the REST services (including pblighttpd).

pbrestdir /mypath/rest

Default

pbrestdir /usr/lib/beyondtrust/pb/<prefix>rest<suffix>

Used On

All hosts

pbrestkeyfile

  • Version 8.0 and earlier: pbrestkeyfile setting not available.
  • Version 8.1.0 and later: pbrestkeyfile setting available.

REST services are authenticated using Application ID's and Application Keys. These preshared keys are kept in a database. The pbrestkeyfile details the location of this database, and, similarly to all other databases can either be an absolute path, or a path relative to the databasedir setting.

pbrestkeyfile /mypath/pbrestkeyfile.db

Default

pbrestkeyfile /opt/<prefix>pbul<suffix>/dbs/pbrstkeys.db

Used On

All hosts

pbresttimeout

  • Version 8.0 and earlier: pbresttimeout setting not available.
  • Version 8.1.0 and later: pbresttimeout setting available.

Many internal services in EPM-UL are provided by the REST services. The pbresttimeout provides a setting to set the maximum amount of time a service will wait until it times out. This timeout is for the overall connection attempt timeout.

For example, if there are 2 log servers with 2 physical addresses for each of them, pbresttimeout is the timeout that EPM-UL waits to make a successful connection to all 4 physical addresses. That is, each connection waits for 1/4th of pbresttimeout.

You can either set a single integer value specifying number of seconds or more detailed format to specify timeouts for specific service. In a detailed format, if connection is not for a specific service or timeout is not specified for a specific connection, default setting is used.

Minimum allowed value is 5 seconds. Maximum allowed value is 86400 seconds (24 hours).

To set a single timeout for all REST services:
pbresttimeout    120
To set timeout with a detailed format for each service:
pbresttimeout default=30 registry=60 pbpolicy=30 logsvr=30 solr=30 logarchive=30 advkeystrokeactionpolicy=30 fim=30

Default

Default value is 30 seconds.

Used On

All hosts

pbrestport

  • Version 8.5.0 and earlier: pbrestport setting not available.
  • Version 9.0.0 and later: pbrestport setting available.

The pbrestport setting details the TCP/IP port that REST services use to communicate to remote hosts. This should be consistent across the enterprise installation.

pbrestport 3000

Default

pbrestport 24351

Used On

All hosts

pbresttimeskew

REST services use cryptographic methods to communicate, which are relatively time sensitive to provide extra security. We recommend that hosts have their time set precisely or use a suitable protocol implementation such as NTP. If this is not possible, the pbresttimeskew details the maximum time difference in seconds between two hosts.

pbresttimeskew 120

Default

pbresttimeskew 60

Used On

All hosts