Chat now with support
Chat with Support

One Identity Safeguard for Privileged Sessions 6.9.4 - Administration Guide

Preface Introduction The concepts of One Identity Safeguard for Privileged Sessions (SPS)
The philosophy of One Identity Safeguard for Privileged Sessions (SPS) Policies Credential Stores Plugin framework Indexing Supported protocols and client applications Modes of operation Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) Archive and backup concepts Maximizing the scope of auditing IPv6 in One Identity Safeguard for Privileged Sessions (SPS) SSH host keys Authenticating clients using public-key authentication in SSH The gateway authentication process Four-eyes authorization Network interfaces High Availability support in One Identity Safeguard for Privileged Sessions (SPS) Versions and releases of One Identity Safeguard for Privileged Sessions (SPS) Accessing and configuring One Identity Safeguard for Privileged Sessions (SPS)
The Welcome Wizard and the first login Basic settings
Supported web browsers and operating systems The structure of the web interface Network settings Configuring date and time System logging, SNMP and e-mail alerts Configuring system monitoring on SPS Data and configuration backups Archiving and cleanup Using plugins Forwarding data to third-party systems Starling integration
User management and access control Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown Managing Safeguard for Privileged Sessions (SPS) clusters Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Upgrading One Identity Safeguard for Privileged Sessions (SPS) Managing the One Identity Safeguard for Privileged Sessions (SPS) license Accessing the One Identity Safeguard for Privileged Sessions (SPS) console Sealed mode Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS) Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
General connection settings HTTP-specific settings ICA-specific settings MSSQL-specific settings RDP-specific settings SSH-specific settings Telnet-specific settings VMware Horizon View connections VNC-specific settings Indexing audit trails Using the Search interface Advanced authentication and authorization techniques Reports The One Identity Safeguard for Privileged Sessions (SPS) RPC API The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios Troubleshooting One Identity Safeguard for Privileged Sessions (SPS) Using SPS with SPP Configuring external devices Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS) Jumplists for in-product help Configuring SPS to use an LDAP backend Glossary

Managing the indexers

The indexers that run on an external host send log messages into the standard syslog of the external host. These log messages are not visible on One Identity Safeguard for Privileged Sessions (SPS).

The indexers use the standard init.d framework of the host. You can restart the indexer processes using the /etc/init.d/indexerworker restart command, and the entire indexer service using the /etc/init.d/external-indexer restart command. Note that restarting the indexer service automatically restarts the worker processes as well.

The hosts that are running indexers should be visible in the list of indexers on the Indexer > Worker status page of the SPS web interface.

Upgrading the external indexer

This section describes how to upgrade the indexer application on your external indexer hosts.

 Caution:

After SPS 6.5, CentOS 6 operating systems will not be supported for external indexers. This means that after upgrading to SPS 6.5, or the LTS maintanance release in that cadence, you will not be able to use your external indexers that are running on CentOS 6. Make sure that you prepare your affected systems for this change and upgrade to CentOS 7 or later.

NOTE: The version of the external indexer must be equal to or greater than the version of One Identity Safeguard for Privileged Sessions (SPS). To make sure you meet this criterion, One Identity recommends that you always upgrade your external indexer when you upgrade SPS. You can check that SPS has established a connection to the external indexer on the Indexer > Worker status page of the SPS web interface.

Prerequisites

Before you start, create a backup copy of the /etc/indexer/indexerworker.cfg and /etc/indexer/indexer-certs.cfg indexer configuration files.

To upgrade the indexer application on your external indexer hosts

  1. Download the latest indexer .rpm package from the Basic Settings > Local Services > Indexer service page of the SPS web interface.

    NOTE: Due to legal reasons, installation packages of the external indexer application will be available only from the SPS web interface. After SPS versions 6.4 and 6.0.3 are released, the installation packages will be removed from our website.

  2. Copy the downloaded .rpm package to your external indexer hosts.

  3. Stop the indexer by using the following command.

    • On Red Hat or CentOS 6.5:

      service external-indexer stop

    • On Red Hat or CentOS 7:

      systemctl stop external-indexer.service

  4. Execute the following command: yum upgrade -y indexer.rpm

  5. Resolve any warnings displayed during the upgrade process.

  6. Restart the indexer by using the following command.

    • On Red Hat or CentOS 6.5:

      service external-indexer start

    • On Red Hat or CentOS 7:

      systemctl start external-indexer.service

  7. Repeat this procedure on every indexer host.

Troubleshooting external indexers

The indexers that run on an external host send log messages into the standard syslog of the external host. These log messages are not visible on One Identity Safeguard for Privileged Sessions (SPS). If a problem occurs, check the logs of SPS and the external indexer to find out which component on which host causes the problem. If the problem is on the external indexer host, verify that the required decryption keys are available on the host, then restart the indexer service using the following command.

  • On Red Hat or CentOS 6.5:

    service external-indexer restart

  • On Red Hat or CentOS 7:

    systemctl restart external-indexer.service

If the problem persists, contact our Support Team. You can increase the log level of the indexer processes from the configuration file.

Monitoring the status of the indexer services

The status of audit-trail processing is displayed on the Indexer page of the Main Menu.

Elements of the Indexer page

The following list describes the elements of the Indexer page and their functions.

  • Worker status: displays various data about the worker groups.

    • Indexer IP address: displays the IP address of the indexer (either the indexer running on One Identity Safeguard for Privileged Sessions (SPS) or an external indexer). It may display the following:

      • 127.0.0.1: indicated the indexer running on SPS.
      • An IP address other than127.0.0.1: indicates an external indexer.

    • Capabilities: the type of job(s) this worker will perform.

    • Capacity: the available and total Capacity (Maximum parallel audit trails to process) of the indexer, and also the number of active processes that are Indexing an audit trail, or Generating video or Generating screenshot.

  • Processing: audit trails that are currently being processed per connection policy.

  • Waiting for processing: audit trails waiting to be processed.

    When you see audit trails in the Indexing column, that could mean any of the following:

    • The maximal queue size is 1000. If there are many trails waiting to be indexed, SPS will keep lots of trails in the queue.

    • The worker with the appropriate key for decryption is not available at the moment, and other workers do not have the required key.

    • There are no workers available that have the required capability.

  • Optical Character Recognition (OCR) engine status: It allows you to check and report if there were indexed audit trails where the OCR engine failed. Perform a search on the Search interface using the provided link and if the search returns any results, contact our Support Team to submit a report.

Figure 245: Indexer > Indexer status — Monitoring the status of the indexers

To automatically refresh the Indexer Status page every 5 seconds, select Auto refresh. To refresh the page immediately, click Refresh now.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating