Run the pmintrust.sh script as the root user.
|
NOTE: You might need to edit pmintrust.sh to ensure it can find all relevant event log files. |
The script outputs event log data in a format that the InTrust Agent can handle. When the script runs, it creates a separate file for InTrust called /tmp/pm_evlog.intrust containing a plain text version of the events stored in the event log files.
To configure the policy server for the InTrust Plugin
# gzip –dc pmintrust.tgz | tar xvf - –C /tmp pmintrust/ pmintrust/pmpolicy.crontab pmintrust/root.crontab pmintrust/pmintrust.profile pmintrust/pmintrust.sh
# cp /tmp/pmintrust/pmintrust.sh /opt/quest/sbin
eventlog="/var/log/eventlogs/"+year+"/"+month+"/"+day+"/"+user+"_events.db";
Change the EVDIRS and EVGLOB variables in the pmintrust.sh script to:
EVDIRS=`find /var/log/eventlogs –type d` EVGLOB="*_events.db"
One Identity recommends that you add a crontab entry as the pmpolicy service user, and configure the cronjob to run pmrun with root user privileges.
|
NOTE: The crontab entry is a file called pmpolicy.crontab in the pmintrust.tgz archive. |
The following crontab entry runs pmrun pmintrust.sh at 10:50 pm everyday:
50 22 * * * /opt/quest/bin/pmrun /opt/quest/sbin/pmintrust.sh
To add the crontab, login (or su) to the pmpolicy service account and run the following command:
$ crontab /tmp/pmintrust/pmpolicy.crontab
Alternatively, you can configure the script to run directly as the root user by creating a root cron job, and skip part b) of this step.
|
NOTE: There is a root.cronjob file in the pmintrust.tgz archive. |
To checkout, add, and commit the changes to the policy, run the following pmpolicy command:
# /opt/quest/sbin/pmpolicy checkout –d /tmp # cp /tmp/pmintrust/pmintrust.profile /tmp/policy_pmpolicy/profiles/ # chown pmpolicy:pmpolicy /tmp/policy_pmpolicy/profiles/pmintrust.profile # /opt/quest/sbin/pmpolicy add –p profiles/pmintrust.profile –d /tmp # /opt/quest/sbin/pmpolicy commit –d /tmp –l ″add pmintrust profile″
# pmrun id
To install the InTrust Knowledge Pack
<INTRUST_HOME>\Server\ADC\SupportTools\
# InTrustPDOImport.exe -import D:\temp\PM_DataSource.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringJob.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringJob_igtc.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringPolicy.xml # InTrustPDOImport.exe -import D:\temp\PM_GatheringTask.xml # InTrustPDOImport.exe -import D:\temp\PM_Site.xml
Object type | Objects |
---|---|
Gathering policy | ‘Privilege Manager: Event Log Monitoring’ |
Job | ‘Gather Privilege Manager Events’ |
Task | ‘Privilege Manager daily collection of events’ |
Site | ‘Privilege Manager hosts’ |
Report |
‘Privilege Manager All Events’ ‘Privilege Manager All Events By Result’ ‘Privilege Manager Elevated Privilege Events’ ‘Privilege Manager Policy Server By Result’ ‘Privilege Manager Policy Server Events’ ‘Privilege Manager Rejected Events’ ‘Privilege Manager Out Of Band Events’ |
Data Source | ‘Privilege Manager Event Log’ |
To install the InTrust Reporting Pack
# d:\temp\QPM4U.1.0.0.006.msi
|
NOTE: To use the MSI installer for the InTrust Reporting Pack, your InTrust Server must use the WindowsSQL Server 2005 as its back-end database. |
http://<Intrust Server>/Reports
© 2021 One Identity LLC. ALL RIGHTS RESERVED. Feedback Terms of Use Privacy