pmlogsrvd [-d | --debug] [-h | --help] [--log-level <level>] [--no-detach]
[--once] [-q | --queue <queue_path>] [--syslog [facility]]
[-t | --timeout <delay_seconds>] [-v | --version]
pmlogsrvd is the Safeguard log access daemon, the service responsible for committing events to the Safeguard event log, and managing the database storage used by the event log.
When an incoming event is processed by pmmasterd that event must be logged to the event log. pmmasterd commits a record of the log to the event log queue, which is monitored by pmlogsrvd. pmlogsrvd takes each event from the queue and commits that event to the actual event log.
pmlogsrvd has the following options.
Table 27: Options: pmlogsrvd
|-d | --debug
||Enables debug operation. This option prevents pmlogsrvd from running in the background, and enables debug output to both the log and the terminal.|
|-h | --help
||Displays the usage information and exits.|
Controls the level of log messages included in the log file. By default the logging level logs only error messages. Valid logging levels, in ascending order by volume of messages, are:
||Do not run in the background or create a pid file. By default, pmlogsrvd forks and runs as a background daemon. When you specify the --no-detach option, it stays in the foreground.|
||Processes the queue once immediately and then exits. |
|-q | --queue <path>
||Specifies the location of the event log queue as path.|
||Enables logging to syslog.|
|-t | --timeout <delay_seconds>
||Specifies the time delay between processing the queue as time seconds. By default pmlogsrvd waits for 120 seconds before waking to scan the event log queue if no other trigger causes it to begin processing. Normally processing is triggered directly by pmmasterd immediately after an event is processed.|
|-v | --version
||Displays the version number of Safeguard and exits.|
pmlogsrvd uses the following entries in the /etc/opt/quest/qpm4u/pm.settings file.
Table 28: Settings: pmlogsrvd
Specifies the location of the event log queue, used by both pmmasterd and pmlogsrvd. This setting is ignored by pmlogsrvd when you use the --queue option on the command line.
Fully qualified path to the pmlogsrvd log file.
By default, /pmlogsrvd/fR used this setting to determine whether to send log messages to syslog. When you use the /syslog/fR option on the command line, this setting is ignored.
- settings file: /etc/opt/quest/qpm4u/pm.settings
- pid file: /var/opt/quest/qpm4u/evcache/pmlogsrvd.pid
Transfers event logs and I/O logs after an off-line policy evaluation has occurred. pmlogxfer is initiated by pmloadcheck when there are log files queued for transfer from a Sudo Plugin host to the server.
Note that pmlogxfer is not intended to be run directly, it is normally invoked by pmpluginloadcheck at a regular interval (every 30 minutes by default).
pmlogxfer has the following options.
Table 29: Options: pmlogxfer
||Displays usage information.|
Displays the version number of Safeguard and exits.
Directory for offline log files:
pmmasterd [ -v ]| [ [ -ars ] [ -e <logfile> ] ]
The Safeguard master daemon (pmmasterd) is the policy server decision-maker. pmmasterd receives requests from pmrun or the Sudo Plugin and evaluates them according to the security policy. If the request is accepted, pmmasterd asks pmlocald or the Sudo Plugin to run the request in a controlled account such as root.
A connection is maintained between pmmasterd and the Sudo Plugin for the duration of the session. This also occurs between pmmasterd and pmlocald, if keystroke logging is enabled. When the pmmasterd connection is maintained throughout the session, keystroke and event log data is forwarded on this connection.
If keystroke logging is not enabled, pmlocald reconnects to pmmasterd at the end of the session to write the event log record showing the final completion code for the command run by pmlocald. If pmlocald is unable to reconnect, it writes instead to a holding file, pm.eventhold.hostname. It then attempts to write the pmevents.db record to the host the next time pmmasterd connects to pmlocald. Multiple files can accrue and they will all be delivered to the proper host when the connection is restored.
The policy server master daemon typically resides on a secure machine. You can have more than one policy server master daemon on different hosts for redundancy or to serve multiple networks.
pmmasterd logs all errors in a log file if you specify the -e filename option.
pmmasterd has the following options.
Table 30: Options: pmmasterd
||Sends job acceptance messages to syslog.|
||Logs any policy server master daemon errors in the file specified.|
||Sends job rejection messages to syslog.|
||Sends any policy server master daemon errors to syslog.|
||Displays the version number of pmmasterd and exits.|
- Safeguard policy file (sudo type): /etc/opt/quest/qpm4u/policy/sudoers
pmplugininfo -v | -c [-h <host>]
Run the pmplugininfo command on a Sudo Plugin host to display information about the policy server group that the host has joined.
pmplugininfo has the following options.
Table 31: Options: pmplugininfo
Displays output in CSV, rather than human-readable format.
Specifies the hostname to interrogate for policy group information.
Displays product version and exits.
The following is an example of the human-readable output:
Joined to a policy group : YES
Name of policy group : adminGroup1
Hostname of primary policy server : adminhost1