Sometimes during a logged sudo session the connection will be lost and the logging will stop. This typically happens during long running sessions. The following error is reported: pmplugin6.0.0 (xx):Keystroke logging connection failed to master:localhost
1) The policy evaluation and keystroke logging can either be "online" (via a live connection between the sudo plugin client and the policy server) or "offline" (everything happens locally on the plugin host, and event and keystroke log files are transferred to the policy server after the session has finished). Once the session is started, it cannot change between "online" and "offline", so if communications fail between the plugin host and the policy server, current online sessions may be affected.
3) Last, if more than one version of the pmlogsrvd process is running than logging can fail due to database locking conflicts (defect 6528)
1) By adding the option "offlinetimeout 0" to the /etc/opt/quest/qpm4u/pm.settings file on your clients, this will force the clients to always use offline evaluation and logging and so long running sessions will not be affected by network interruptions.
2) Check the network for any idle TCP connection timeouts and have them increased to a length that is less likely to cause disruption.
3) The pmlogsrvd init script was corrected in the most recent QPM release to prevent multiple instances from being started.
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Nutzungsbedingungen Datenschutz