Sign In Request

Continue

Support Forms Under Maintenance

Submitting forms on the support site are temporary unavailable for schedule maintenance. If you need immediate assistance please contact technical support. We apologize for the inconvenience.

Continue
Chat now with support
Chat with Support
  • Get Live Help

  • Complete Registration

    Sign In

    Request Pricing

    Contact Sales

Please select your product:

You have selected a product bundle. Can you please select the individual product for us to better serve your request.*

There is not a technical support engineer currently available to respond to your chat. For prompt service please submit a case using our case form.

To serve you better, please complete the Purpose of your Chat:
2000 characters remaining

Recommended Solutions for Your Problem

The following articles may solve your issue based on your description.

No Results Found
Close Start Chat
image.logo.print
OneIdentity Logo
  • Products
    • View all Products
    • Free Trials
  • Solutions
    • All Solutions
    • All Integrations
  • Resources
    • Blogs
      • Blogs A to Z
      • AD-Centered IAM
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
      • syslog-ng Community
    • Customer Stories
    • Documents
    • Events
    • Webcasts
    • Technical Documentation
    • Videos
    • White Papers
  • Trials
  • Services
    • Professional Services
    • One Identity University
    • Support Services
  • Support
    • Support Home
    • By Product
      • All Products
      • Active Roles
      • Defender
      • Identity Manager
      • Identity Manager On Demand - Starling Edition
      • One Identity Safeguard for Privileged Sessions (Balabit)
      • One Identity Safeguard for Privileged Passwords
      • Password Manager On Demand
      • Password Manager
      • Safeguard Privilege Manager for Windows
      • Safeguard Authentication Services
      • Safeguard for Privileged Passwords On Demand
      • Starling Connect
      • Safeguard for Privileged Sessions On Demand
      • Safeguard Remote Access
      • syslog-ng Premium Edition
      • syslog-ng Store Box
      • TPAM
      • OneLogin
    • Contact Support
      • Contact Us
      • Customer Service
      • Licensing Assistance
      • Renewals Assistance
      • Technical Support
    • Download Software
    • Knowledge Base
    • My Account
      • My Products
      • My Service Requests
      • My Licenses
      • My Groups
      • My Profile
    • Policies & Procedures
    • Professional Services
    • Technical Documentation
    • One Identity University
    • User Forums
    • Video Tutorials
  • Partners
    • Partner Ecosystem
    • Become a Partner
    • Partner Portal
    • Find a Partner
  • Communities
    • Home
    • Blogs
      • Blogs A to Z
      • AD-Centered IAM
      • Cloud
      • Identity Governance & Administration
      • Privileged Access Management
    • Forums
      • All Product Forums
      • Active Roles
      • Identity Manager
      • Password Manager
      • Safeguard
      • Unix Access Management
    • Social
      • Facebook
      • Google+
      • LinkedIn
      • Twitter@OneIdentity
      • Youtube
Sign In
  • Print
  • My Downloads ()
  • Support
  • Technical Documentation
  • One Identity Safeguard for Privileged Sessions 7.4
  • One Identity Safeguard for Privileged Sessions 7.4 - Administration Guide

One Identity Safeguard for Privileged Sessions 7.4 - Administration Guide

Table of Contents  
Preface Introduction
The major benefits of One Identity Safeguard for Privileged Sessions (SPS) Application areas
The concepts of One Identity Safeguard for Privileged Sessions (SPS)
The philosophy of One Identity Safeguard for Privileged Sessions (SPS) Policies Credential Stores Plugin framework Indexing Supported protocols and client applications
HTTP ICA MSSQL Remote Desktop Gateway Server Protocol (RDGSP) Remote Desktop Protocol (RDP) Secure Shell Protocol (SSH) Telnet VMware Horizon View Virtual Network Computing (VNC)
Modes of operation
Transparent mode Single-interface transparent mode Non-transparent mode Inband destination selection
Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS)
Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) using SSH Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) using RDP Connecting to a server through One Identity Safeguard for Privileged Sessions (SPS) using an RD Gateway
Archive and backup concepts
Configuration export System backup Connection backup Connection archive Support bundle Debug logs Connection logs Core dump files
Maximizing the scope of auditing IPv6 in One Identity Safeguard for Privileged Sessions (SPS) SSH host keys Authenticating clients using public-key authentication in SSH The gateway authentication process Four-eyes authorization Network interfaces High Availability support in One Identity Safeguard for Privileged Sessions (SPS)
Firmware and High Availability
Versions and releases of One Identity Safeguard for Privileged Sessions (SPS) Accessing and configuring One Identity Safeguard for Privileged Sessions (SPS)
Cloud deployment considerations
AWS deployment Azure deployment
Limitations Prerequisites High Availability and redundancy in Microsoft Azure
Redundancy High Availability
The Welcome Wizard and the first login
The initial connection to One Identity Safeguard for Privileged Sessions (SPS)
Creating an alias IP address (Microsoft Windows) Creating an alias IP address (Linux) Modifying the IP address of One Identity Safeguard for Privileged Sessions (SPS)
Configuring One Identity Safeguard for Privileged Sessions (SPS) with the Welcome Wizard Logging in to One Identity Safeguard for Privileged Sessions (SPS) and configuring the first connection
Basic settings
Supported web browsers The structure of the web interface
Elements of the main workspace Navigating on the SPS UI Multiple users and locking Preferences Change password Audit keystore
Adding the first private key to your audit keystore Adding further private keys to your audit keystore Unlocking your audit keystore Deleting a private key from your audit keystore
Network settings
Routing table IP forwarding Naming HTTPS proxy Configuring user and administrator login addresses Managing logical interfaces Routing uncontrolled traffic between logical interfaces Configuring the routing table
Configuring date and time System logging, SNMP and e-mail alerts
Configuring system logging Configuring e-mail alerts Configuring SNMP alerts Querying SPS status information using agents Customize system logging in One Identity Safeguard for Privileged Sessions (SPS)
Configuring system monitoring on SPS
Configuring monitoring Health monitoring Preventing disk space fill-up System related traps Traffic related traps
Data and configuration backups
Creating a backup policy using Rsync over SSH Creating a backup policy using SMB/CIFS Creating a backup policy using NFS Creating configuration backups Creating data backups Encrypting configuration backups with GPG
Archiving
Creating an archive policy using SMB/CIFS Creating an archive policy using NFS Archiving the collected data
Cleaning up audit data
Configuring cleanup policies Running cleanup policies immediately
Using plugins
Uploading plugins Verifying the integrity of a plugin
Forwarding data to third-party systems
Universal SIEM Forwarder
Message types forwarded to SIEMs Message format forwarded to SIEMs
CEF JSON JSON-CIM CEF messages JSON messages JSON_CIM messages
Starling integration
Joining SPS to One Identity Starling Unjoining SPS from One Identity Starling
User management and access control
Login settings
Protecting against brute-force attacks Authentication banner Web interface timeout
Managing One Identity Safeguard for Privileged Sessions (SPS) users locally
Creating local users in One Identity Safeguard for Privileged Sessions (SPS) Deleting local users from One Identity Safeguard for Privileged Sessions (SPS)
Setting password policies for local users Managing local user groups Managing One Identity Safeguard for Privileged Sessions (SPS) users from an LDAP database
Adding a new Active Directory server Adding a new POSIX LDAP server Overview
Common to all backends Active Directory LDAP backend POSIX LDAP backend
Authenticating users to a RADIUS server Authenticating users with X.509 certificates Authenticating users with SAML2
SAML2 login overview SAML2 support in SPS
Identity Provider metadata Service Provider metadata User identifiers Group membership
How to configure SAML2 login
Overview Configure SPS as a SAML2 SP Configure your IdP to trust SPS Authenticating users with SAML2 login method
Managing user rights and usergroups
Assigning privileges to user groups for the One Identity Safeguard for Privileged Sessions (SPS) web interface Modifying group privileges Finding specific usergroups Using usergroups Built-in usergroups of One Identity Safeguard for Privileged Sessions (SPS)
Creating rules for restricting access to search audit data Displaying the privileges of users and user groups Listing and searching configuration changes
Using the internal search interface
Filtering Exporting the results Customizing columns of the internal search interface
Managing One Identity Safeguard for Privileged Sessions (SPS)
Controlling One Identity Safeguard for Privileged Sessions (SPS): reboot, shutdown
Disabling controlled traffic Disabling controlled traffic permanently
Managing One Identity Safeguard for Privileged Sessions (SPS) clusters
Cluster roles Enabling cluster management Creating a cluster Joining to a cluster Assigning roles to nodes in your cluster Configuration synchronization across nodes in a cluster
Configuration synchronization and SSH keys Using a configuration synchronization plugin
Monitoring the status of nodes in your cluster Updating the IP address of a node in a cluster Managing a cluster with configuration synchronization without central search Managing a cluster with central search configuration and configuration synchronization
Managing a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster
HA cluster configuration and management options Adjusting the synchronization speed Redundant heartbeat interfaces Next-hop router monitoring
Upgrading One Identity Safeguard for Privileged Sessions (SPS)
Upgrade checklist Upgrading One Identity Safeguard for Privileged Sessions (SPS) (single node) Upgrading a High Availability One Identity Safeguard for Privileged Sessions (SPS) cluster Troubleshooting Exporting the configuration of One Identity Safeguard for Privileged Sessions (SPS) Importing the configuration of One Identity Safeguard for Privileged Sessions (SPS)
Managing the One Identity Safeguard for Privileged Sessions (SPS) license
Updating the SPS license
Accessing the One Identity Safeguard for Privileged Sessions (SPS) console
Using the console menu of One Identity Safeguard for Privileged Sessions (SPS) Enabling SSH access to the One Identity Safeguard for Privileged Sessions (SPS) host Changing the root password of One Identity Safeguard for Privileged Sessions (SPS) Firmware update using SSH Exporting and importing the configuration of One Identity Safeguard for Privileged Sessions (SPS) using the console Data migration from an SPS instance to another SPS instance
Sealed mode
Disabling sealed mode
Out-of-band management of One Identity Safeguard for Privileged Sessions (SPS)
Configuring the IPMI from the console Configuring the IPMI from the BIOS
Managing the certificates used on One Identity Safeguard for Privileged Sessions (SPS)
Generating certificates for One Identity Safeguard for Privileged Sessions (SPS) Uploading external certificates to One Identity Safeguard for Privileged Sessions (SPS) Generating TSA certificate with Windows Certificate Authority on Windows Server 2008 Generating TSA certificate with Windows Certificate Authority on Windows Server 2012
General connection settings
Configuring connections Modifying the destination address Configuring inband destination selection Modifying the source address Creating and editing channel policies Real-time content monitoring with Content Policies
Creating a new content policy
Configuring time policies Creating and editing user lists Authenticating users to an LDAP server Audit policies
Encrypting audit trails Timestamping audit trails with built-in timestamping service Timestamping audit trails with external timestamping service Digitally signing audit trails
Verifying certificates with Certificate Authorities Verifying certificates with Certificate Authorities using trust stores Signing certificates on-the-fly
Creating an external Signing CA
Creating a Local User Database Sharing SPS functions with SPP
HTTP-specific settings
Supported HTTP channel types Limitations in handling HTTP connections Authentication in HTTP and HTTPS Creating a new HTTP authentication policy Setting up HTTP connections
Setting up a transparent HTTP connection Enabling One Identity Safeguard for Privileged Sessions (SPS) to act as an HTTP proxy Enabling TLS encryption in HTTP Configuring half-sided SSL encryption in HTTP
Session-handling in HTTP Creating and editing protocol-level HTTP settings Customizing HTTP error templates
ICA-specific settings
Setting up ICA connections Supported ICA channel types Creating and editing protocol-level ICA settings One Identity Safeguard for Privileged Sessions (SPS) deployment scenarios in a Citrix environment Troubleshooting Citrix-related problems
MSSQL-specific settings
Setting up MSSQL connections
Limitations in handling MSSQL connections
Supported MSSQL channel types Authentication in MSSQL
Creating a new MSSQL authentication policy
Creating and editing protocol-level MSSQL settings Enabling TLS-encryption for MSSQL connections
RDP-specific settings
Supported RDP channel types Creating and editing protocol-level RDP settings Network Level Authentication (NLA) with One Identity Safeguard for Privileged Sessions (SPS)
Network Level Authentication (NLA) with domain membership Using One Identity Safeguard for Privileged Sessions (SPS) across multiple domains
Verifying the certificate of the RDP server in encrypted connections Enabling TLS-encryption for RDP connections Using One Identity Safeguard for Privileged Sessions (SPS) as a Remote Desktop Gateway Configuring Remote Desktop clients for gateway authentication Inband destination selection in RDP connections Usernames in RDP connections Saving login credentials for RDP on Windows Configuring RemoteApps Configuring the RemoteApp Launcher Configuring SPS to enable exporting files from audit trails after RDP file transfer through clipboard or disk redirection Configuring SPS to enable exporting sound from audit trails Sharing RDP connection policies with SPP Sharing RDP connection policies with SPS Using credential injection in SPP-initiated RDP sessions
SSH-specific settings
Setting the SSH host keys of the connection
Setting the SSH host keys accepted on the server side Setting the SSH host keys offered to the clients
Supported SSH channel types Sharing SSH connection policies with SPP Sharing SSH connection policies with SPS Authentication Policies
Creating a new authentication policy Client-side authentication settings
Local client-side authentication
Relayed authentication methods Configuring your Kerberos environment Kerberos authentication settings
Server host keys
Automatically adding the host keys of a server to One Identity Safeguard for Privileged Sessions (SPS) Manually adding the host key of a server
Creating and editing protocol-level SSH settings Supported encryption algorithms
Using Sudo with SPS
Setting up Sudo connections in SPS Configuring Sudo
Telnet-specific settings
Enabling TLS-encryption for Telnet connections Creating a new Telnet authentication policy Extracting username from Telnet connections Creating and editing protocol-level Telnet settings Inband destination selection in Telnet connections
VMware Horizon View connections
One Identity Safeguard for Privileged Sessions (SPS) deployment scenarios in a VMware environment
VNC-specific settings
Enabling TLS-encryption for VNC connections Creating and editing protocol-level VNC settings
Indexing audit trails
Reindex lucene indeces Configuring the internal indexer Configuring external indexers
Prerequisites and limitations Hardware requirements for the external indexer host Configuring One Identity Safeguard for Privileged Sessions (SPS) to use external indexers Installing the external indexer Configuring the external indexer Configuring a service pool Uploading decryption keys to the external indexer Configuring a hardware security module (HSM) or smart card to integrate with external indexer
Setting up and testing the environment Encrypting a PKCS#11 PIN Starting and restarting the external-indexer service when using a custom password for PKCS#11 PIN encryption Configuring SoftHSM Configuring AWS CloudHSM Configuring a smart card
Customizing the indexing of HTTP traffic Starting the external indexer Disabling indexing on One Identity Safeguard for Privileged Sessions (SPS) Managing the indexers Upgrading the external indexer Troubleshooting external indexers
Monitoring the status of the indexer services HTTP indexer configuration format
HTTP indexer configuration options
Using the Search interface
Card view
Adding custom fields to the card view
Table view Flow view Search Permissions Specifying time ranges Using search queries
List of available search queries
Searching in the contents of audit trails Audit trail downloads information on the Search interface Displaying statistics on search results Analyzing data using One Identity Safeguard for Privileged Analytics The search and filter process Viewing session details
Viewing session details for data recorded by SPS Viewing session details for data recorded by SPP Visualizing Frequent Item Sets on the FIS flow view
Replaying audit trails in your browser Using the browser to play video files Streamable session recording playback with Safeguard Desktop Player started from the SPS UI Viewing encrypted screenshots Replaying encrypted audit trails in your browser Following active sessions Creating report subchapters
Creating search-based report subchapters from search results Creating search-based report subchapters from scratch
Search interface changes between version 5.0 and 6.0 Searching session data on a central node in a cluster
Advanced authentication and authorization techniques
Configuring usermapping policies Configuring gateway authentication
Configuring out-of-band gateway authentication Performing out-of-band gateway authentication on One Identity Safeguard for Privileged Sessions (SPS) Performing inband gateway authentication in SSH and Telnet connections Performing inband gateway authentication in RDP connections Troubleshooting gateway authentication
Configuring four-eyes authorization
Configuring four-eyes authorization Performing four-eyes authorization on One Identity Safeguard for Privileged Sessions (SPS)
Using credential stores for server-side authentication
Configuring local Credential Stores Performing gateway authentication to RDP servers using local Credential Store and NLA Configuring password-protected Credential Stores Unlocking Credential Stores Using a custom Credential Store plugin to authenticate on the target hosts
Integrating external authentication and authorization systems
How Authentication and Authorization plugins work Using a custom Authentication and Authorization plugin to authenticate on the target hosts Performing authentication with AA plugin in terminal connections Performing authentication with AA plugin in Remote Desktop connections Integrating ticketing systems
Performing authentication with ticketing integration in terminal connections Performing authentication with ticketing integration in Remote Desktop connections
Creating a custom plugin Plugin troubleshooting
Reports
Contents of the operational reports Configuring custom reports Creating report subchapters
Creating reports from audit trail content Creating search-based report subchapters from search results Creating search-based report subchapters from scratch
Creating PCI DSS reports Contents of PCI DSS reports Report output Import and visualize audit data from SPS in the Power BI Desktop reporting application
The One Identity Safeguard for Privileged Sessions (SPS) REST API One Identity Safeguard for Privileged Sessions (SPS) scenarios
Configuring public-key authentication on One Identity Safeguard for Privileged Sessions (SPS)
Configuring public-key authentication using local keys Configuring public-key authentication using an LDAP server and a fixed key Configuring public-key authentication using an LDAP server and generated keys
Organizing connections in non-transparent mode
Organizing connections based on port numbers Organizing connections based on alias IP addresses
Using inband destination selection in SSH connections
Using inband destination selection with PuTTY Using inband destination selection with OpenSSH Using inband selection and nonstandard ports with PuTTY Using inband selection and nonstandard ports with OpenSSH Using inband destination selection and gateway authentication with PuTTY Using inband destination selection and gateway authentication with OpenSSH
SSH usermapping and keymapping in AD with public key
Troubleshooting One Identity Safeguard for Privileged Sessions (SPS)
Network troubleshooting Gathering data about system problems Viewing logs on One Identity Safeguard for Privileged Sessions (SPS) Changing log verbosity level of One Identity Safeguard for Privileged Sessions (SPS) Collecting logs and system information for error reporting Collecting logs and system information of the boot process for error reporting Support hotfixes Status history and statistics
Connection statistics Memory Disk CPU Network connections Interface Load average Number of processes Displaying custom connection statistics
Troubleshooting a One Identity Safeguard for Privileged Sessions (SPS) cluster
Understanding One Identity Safeguard for Privileged Sessions (SPS) cluster statuses Recovering One Identity Safeguard for Privileged Sessions (SPS) if both nodes broke down Recovering from a split brain situation Replacing a HA node in a One Identity Safeguard for Privileged Sessions (SPS) cluster Resolving an IP conflict between cluster nodes
Understanding One Identity Safeguard for Privileged Sessions (SPS) RAID status Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data
Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data to a new SPS appliance Restoring One Identity Safeguard for Privileged Sessions (SPS) configuration and data to the same SPS appliance
VNC is not working with TLS Configuring the IPMI from the BIOS after losing IPMI password Incomplete TSA response received Using UPN usernames in audited SSH connections
Using SPS with SPP
Configuring the Passwords-initiated workflow
Configuring SPP for Passwords-initiated workflow
Configuring the Sessions-initiated workflow
Configuring SPP for Sessions-initiated workflow Configuring SPS for Sessions-initiated workflow Configuring SPS for SRA-initiated workflow
Linking SPS to SPP Switching seamlessly between SPS and SPP Troubleshooting the SPS to SPP link
SPP to SPS link error resolution SPP to SPS link issues
Configuring external devices
Configuring advanced routing on Linux Configuring advanced routing on Cisco routers Configuring advanced routing on Sophos UTM (formerly Astaro Security Gateway) firewalls
Using SCP with agent-forwarding Security checklist for configuring One Identity Safeguard for Privileged Sessions (SPS)
Encryption-related settings Connection policies Appliance access Networking considerations
Jumplists for in-product help
Basic Settings > Management Basic Settings > Local Services Basic Settings > System <Protocol name> Control > Global Options
Configuring SPS to use an LDAP backend
LDAP user and group resolution in SPS
Overview Common to all backends POSIX LDAP backend Active Directory LDAP backend
Glossary
  • Viewing Topics 501 - 501 of 501

Glossary

Glossary
4-eyes authorization
4-eyes authorization is an advanced authorization method where only two administrators logging in simultaneously are permitted to access the server. These administrators can monitor each other's work, reducing the chance of (accidental or intentional) human errors in the server administration process.
access policy
Collection of access policies. Access policies define who can authorize and audit a connection.
alias IP
An additional IP address assigned to an interface that already has an IP address. The normal and alias IP addresses both refer to the same physical interface.
Audit Player
Audit Player is a desktop application that can replay recorded audit trails like movie. The Audit Player is available for the Microsoft Windows and GNU/Linux platforms.
Audit trail
An audit trail is a file storing the recorded activities of the administrators in an encrypted format. Audit trails can be replayed using the Audit Player application.
auditing policy
The auditing policy determines which events are logged on host running Microsoft Windows operating systems.
authentication
The process of verifying the authenticity of a user or client before allowing access to a network system or service.
Authentication Policy
An authentication policy is a list of authentication methods that can be used in a connection. Connection definitions refer to an authentication policy to determine how the client can authenticate to the target server.
BOM
The byte order mark (BOM) is a Unicode character used to signal the byte-order of the message text.
BSD-syslog protocol
The old syslog protocol standard described in RFC 3164. Sometimes also referred to as the legacy-syslog protocol.
CA
A Certificate Authority (CA) is an institute that issues certificates.
Cadence icons
One Identity font that contains standard icons used in the user interfaces for various One Identity products.
certificate
A certificate is a file that uniquely identifies its owner. Certificates contains information identifying the owner of the certificate, a public key itself, the expiration date of the certificate, the name of the CA that signed the certificate, and some other data.
Channel Policy
The channel policy lists the SSH channels (for example terminal session, SCP, and so on) that can be used in a connection. The channel policy can further restrict access to each channel based on the IP address of the client or the server, a user list, or a time policy.
client mode
In client mode, syslog-ng collects the local logs generated by the host and forwards them through a network connection to the central syslog-ng server or to a relay.
Common Gateway Protocol (CGP)
Reliable connection is also known as Common Gateway Protocol (CGP). It makes reconnection possible to the server in case of a network failure. Default port number is 2598.
Connection Policy
Connection policies determine if a server can be accessed from a particular client. Connection policies reference other resources (policies, usergroups, keys) that must be configured and available before creating a connection policy.
controlled traffic
SPS audits and controls only the traffic that is configured in the connection and channel policies, all other traffic is forwarded on the packet level without any inspection.
destination
A named collection of configured destination drivers.
destination driver
A communication method used to send log messages.
destination, local
A destination that transfers log messages within the host, for example writes them to a file, or passes them to a log analyzing application.
destination, network
A destination that sends log messages to a remote host (that is, a syslog-ng relay or server) using a network connection.
disk buffer
The Premium Edition of syslog-ng can store messages on the local hard disk if the central log server or the network connection to the server becomes unavailable.
disk queue
See disk buffer.
domain name
The name of a network, for example: balabit.com.
Drop-down
Flare default style that can be used to group content within a topic. It is a resource to structure and collapse content especially in non-print outputs.
embedded log statement
A log statement that is included in another log statement to create a complex log path.
filter
An expression to select messages.
firmware
A firmware is a collection of the software components running on SPS. Individual software components cannot be upgraded on SPS, only the entire firmware. SPS contains two firmwares, an external (or boot) firmware and an internal (or core) firmware. These can be upgraded separately.
fully qualified domain name (FQDN)
A domain name that specifies its exact location in the tree hierarchy of the Domain Name System (DNS). For example, given a device with a local hostname myhost and a parent domain name example.com, the fully qualified domain name is myhost.example.com.
gateway
A device that connects two or more parts of the network, for example: your local intranet and the external network (the Internet). Gateways act as entrances into other networks.
Glossary
List of short definitions of product-specific terms.
HA network interface
The HA interface (labeled 4 or HA) is an interface reserved for communication between the nodes of SPS clusters.
High Availability
High Availability (HA) uses a second SPS unit (called secondary node) to ensure that the services are available even if the first unit (called primary node) breaks down.
host
A computer connected to the network.
hostname
A name that identifies a host on the network.
ICA
The base protocol of Citrix products (default port tcp/1494). It does desktop or application remoting through TCP or other network protocols. Independent Computing Architecture (ICA) is a proprietary protocol for an application server system, designed by Citrix Systems. The protocol lays down a specification for passing data between server and clients, but is not bound to any one platform. ICA is broadly similar in purpose to window servers such as the X Window System. It also provides for the feedback of user input from the client to the server, and a variety of means for the server to send graphical output, as well as other media such as audio, from the running application to the client.
IETF-syslog protocol
The syslog-protocol standard developed by the Internet Engineering Task Force (IETF), described in RFC 5424-5427.
key pair
A private key and its related public key. The private key is known only to the owner, while the public key can be freely distributed. Information encrypted with the private key can only be decrypted using the public key.
LDAP
The Lightweight Directory Access Protocol (LDAP), is an application protocol for querying and modifying data using directory services running over TCP/IP.
License
SPS's license determines the number of servers (IP addresses) that SPS protects. The license limits the number of IP addresses accessible.
log path
A combination of sources, filters, parsers, rewrite rules, and destinations: syslog-ng examines all messages arriving to the sources of the logpath and sends the messages matching all filters to the defined destinations.
log source host
A host or network device (including syslog-ng clients and relays) that sends logs to the syslog-ng server. Log source hosts can be servers, routers, desktop computers, or other devices capable of sending syslog messages or running syslog-ng.
log statement
See log path.
logstore
A binary logfile format that can encrypt, compress, and timestamp log messages.
Long Term Supported release
Long Term Supported releases are major releases of that are supported for three years after their original release.
LSH
See log source host.
name server
A network computer storing the IP addresses corresponding to domain names.
node
An SPS unit running in High Availability mode.
Note
Circumstance that needs special attention.
Oracle Instant Client
The Oracle Instant Client is a small set of libraries, which allow you to connect to an Oracle Database. A subset of the full Oracle Client, it requires minimal installation but has full functionality.
output buffer
A part of the memory of the host where syslog-ng stores outgoing log messages if the destination cannot accept the messages immediately.
output queue
Messages from the output queue are sent to the target syslog-ng server. The syslog-ng application puts the outgoing messages directly into the output queue, unless the output queue is full. The output queue can hold 64 messages, this is a fixed value and cannot be modified.
overflow queue
See output buffer.
parser
A set of rules to segment messages into named fields or columns.
ping
A command that sends a message from a host to another host over a network to test connectivity and packet loss.
port
A number ranging from 1 to 65535 that identifies the destination application of the transmitted data. For example: SSH commonly uses port 22, web servers (HTTP) use port 80, and so on.
primary node
The active SPS unit that is inspecting the traffic when SPS is used in High Availability mode.
PSM
An old abbreviation of Safeguard for Privileged Sessions (SPS).
Public-key authentication
An authentication method that uses encryption key pairs to verify the identity of a user or a client.
redundant Heartbeat interface
A redundant Heartbeat interface is a virtual interface that uses an existing interface of the SPS device to detect that the other node of the SPS cluster is still available. The virtual interface is not used to synchronize data between the nodes, only Heartbeat messages are transferred.
regular expression
A regular expression is a string that describes or matches a set of strings.
relay mode
In relay mode, syslog-ng receives logs through the network from syslog-ng clients and forwards them to the central syslog-ng server using a network connection.
Remote Desktop Gateway
Remote Desktop Gateway (RD Gateway) is a role service in the Remote Desktop Services server role that allows authorized remote users to connect to resources located on an internal or private network from any Internet-connected device. The accessible resources can be terminal servers, remote applications, remote desktops, and so on. This service is also called Remote Desktop Gateway or RD Gateway.
rewrite rule
A set of rules to modify selected elements of a log message.
SaaS
Software-as-a-Service.
SCB
An old abbreviation of Safeguard for Privileged Sessions (SPS).
secondary node
The passive SPS unit that replaces the active unit (the primary node) if the primary node becomes unavailable.
server mode
In server mode, syslog-ng acts as a central log-collecting server. It receives messages from syslog-ng clients and relays over the network, and stores them locally in files, or passes them to other applications, for example, log analyzers.
Skin
Used to design the online output window.
Snippet
Flare file type that can be used to reuse content. The One Identity SPS contains various default snippets.
SNMP
Simple Network Management Protocol (SNMP) is an industry standard protocol used for network management. SPS can send SNMP alerts to a central SNMP server.
source
A named collection of configured source drivers.
source driver
A communication method used to receive log messages.
source, local
A source that receives log messages from within the host, for example, from a file.
source, network
A source that receives log messages from a remote host using a network connection, for example, network(), syslog().
split brain
A split brain situation occurs when for some reason (for example, the loss of connection between the nodes) both nodes of an SPS cluster become active (primary) nodes. This might cause that new data (for example, audit trails) is created on both nodes without being replicated to the other node. Thus, it is likely in this situation that two diverging sets of data are created, which cannot be trivially merged.
SPS
Safeguard for Privileged Sessions
SSH settings
SSH settings determine the parameters of the connection on the protocol level, including timeout value and greeting message of the connection, as well as the encryption algorithms used.
SSL
See TLS.
syslog-ng
The syslog-ng application is a flexible and highly scalable system logging application, typically used to manage log messages and implement centralized logging.
syslog-ng agent
The syslog-ng Agent for Windows is a commercial log collector and forwarder application for the Microsoft Windows platform. It collects the log messages of the Windows-based host and forwards them to a syslog-ng server using regular or SSL-encrypted TCP connections.
syslog-ng client
A host running syslog-ng in client mode.
syslog-ng Premium Edition
The syslog-ng Premium Edition is the commercial version of the open-source application. It offers additional features, like encrypted message transfer and an agent for Microsoft Windows platforms.
syslog-ng relay
A host running syslog-ng in relay mode.
syslog-ng server
A host running syslog-ng in server mode.
template
A user-defined structure that can be used to restructure log messages or automatically generate file names.
Time Policy
The time policy determines which hours of a day can the users access a connection or a channel.
Tip
Additional, useful information.
TLS
Transport Layer Security (TLS) and its predecessor, Secure Sockets Layer (SSL), are cryptographic protocols which provide secure communications on the Internet. The application can encrypt the communication between the clients and the server using TLS to prevent unauthorized access to sensitive log messages.
traceroute
A command that shows all routing steps (the path of a message) between two hosts.
UNIX domain socket
A UNIX domain socket (UDS) or IPC socket (inter-procedure call socket) is a virtual socket, used for inter-process communication.
User List
User lists are white- or blacklists of usernames that allow fine-control over who can access a connection or a channel.
  •  Previous
  • Viewing Topics 501 - 501 of 501
  • Next 

 Welcome to One Identity Support

You can find online support help for*product* on an affiliate support site. Click continue to be directed to the correct support content and assistance for *product*.

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating

Company
  • About Us
  • Buy
  • Contact Us
  • Careers
  • News
Resources
  • Customer Stories
  • Documents
  • Events
  • Videos
  • Blogs
Related
  • Technical Documentation
  • One Identity University
  • Professional Services
  • Renew Support
  • Licensing Assistance
Social
  • Facebook
  • Instagram
  • Twitter
  • LinkedIn
  • Youtube
日本 web site version is selected
  • Albania
  • Angola
  • Anguilla
  • Antigua & Barbuda
  • Argentina
  • Aruba
  • Australia
  • Austria
  • Azerbaijan
  • Bahamas
  • Bahrain
  • Barbados
  • Belgium
  • Belize
  • Benin
  • Bermuda
  • Bolivia
  • Bosnia-Herzegovina
  • Botswana
  • Brazil
  • British Virgin Islands
  • Bulgaria
  • Burkina Faso
  • Burundi
  • Cameroon
  • Canada
  • Cape Verde
  • Cayman Islands
  • Central African Republic
  • Chad
  • Chile
  • 中国
  • Colombia
  • Comros
  • Congo
  • Costa Rica
  • Croatia (Hrvatska)
  • Cyprus
  • Czech Republic
  • Democratic Republic of Congo
  • Denmark
  • Djibouti
  • Dominica
  • Dominican Republic
  • Ecuador
  • Egypt
  • El Salvador
  • Estonia
  • Ethiopa
  • Finland
  • France
  • French Guiana
  • French Overseas Territories
  • French Polynesia
  • Gabon
  • Gambia
  • Germany
  • Ghana
  • Greece
  • Grenada
  • Guadeloupe
  • Guatemala
  • Guinea
  • Guyana
  • Haiti
  • Honduras
  • Hong Kong
  • Hungary
  • Iceland
  • India
  • Ireland
  • Israel
  • Italy
  • Ivory Coast
  • Jamaica
  • 日本
  • Jordan
  • Kenya
  • 대한민국
  • Kuwait
  • Latvia
  • Lesotho
  • Liberia
  • Libya
  • Lithuania
  • Luxembourg
  • Macedonia
  • Madagascar
  • Malawi
  • Malaysia
  • Mali
  • Malta
  • Martinique
  • Mauritania
  • Mauritius
  • Mayotte
  • Mexico
  • Monaco
  • Montenegro
  • Montserrat
  • Mozambique
  • Namibia
  • Netherlands
  • New Caledonia
  • New Zealand
  • Nicaragua
  • Niger
  • Nigeria
  • Norway
  • Oman
  • Panamá
  • Paraguay
  • Peru
  • Philippines
  • Poland
  • Portugal
  • Puerto Rico
  • Qatar
  • Reunion
  • Romania
  • Russian Federation
  • Rwanda
  • Saudi Arabia
  • Senegal
  • Serbia
  • Seychelles
  • Sierra Leone
  • Singapore
  • Slovakia
  • Slovenia
  • Somalia
  • South Africa
  • Spain
  • St. Kitts & Nevis
  • St. Lucia
  • St. Vincent & Grenadines
  • Suriname
  • Swaziland
  • Sweden
  • Switzerland
  • Taiwan
  • Tanzania
  • Thailand
  • Togo
  • Trinidad y Tobago
  • Turkey
  • Turks & Caicos Islands
  • Uganda
  • Ukraine
  • United Kingdom
  • United States
  • Uruguay
  • US Virgin Islands
  • Venezuela
  • Yemen
  • Zambia
  • Zimbabwe
日本
日本語 | English

© ALL RIGHTS RESERVED. Terms of Use Privacy Cookie Preference Center

OK Go to My Account

IE 8, 9, & 10 No longer supported

The One Identity Portal no longer supports IE8, 9, & 10 and it is recommended to upgrade your browser to the latest version of Internet Explorer or Chrome.

Upgrade to IE 11 Click here

Upgrade to Chrome Click here

If you continue in IE8, 9, or 10 you will not be able to take full advantage of all our great self service features.

Close