Parameters for remote log agents

Edit online

You can define the following parameters for remote log agents:

buffer_size

To reduce network traffic, events are buffered into blocks of the nominated size before relaying to the remote server. The buffer_size parameter specifies the maximum size message that the local program attempts to construct by combining smaller events into a large buffer. Buffers consist only of an integral number of events; events are not split across buffers. If any individual event exceeds that maximum configured size, the large event is sent in a buffer of its own, exceeding the configured value.

The default value is 1024 bytes.

compress

Verify Identity Access events are principally text messages. To reduce network traffic, use the compress parameter to compress buffers before transmission and expand on reception.

The default value is no.

dn

To establish mutual authentication of the remote server, a distinguished name (DN) must be configured. The DN can be checked against the name that is returned in the remote server’s certificate.

The default value is a null string. Explicitly specifying an empty string or using the default value enables the logging client to request a remote server connection with any server that is listening.

Specifying a value for the dn parameter limits successful connection to a specific server, such as: 
dn="cn=ivacld/timelord.testnet.tivoli.com,o=policy director,c=us"

A distinguished name must be specified as a string that is enclosed by double quotation marks.

error
If a send to a remote service fails, the system tries again. Before the system tries again, the system waits for the error retry timeout in seconds. If the attempt to try again fails:
  • The link is recorded.
  • The given event and future events are saved.
Events are saved in the local event cache file until the remote service is available again.

The default value is 2 seconds.

filter
The filter parameter is used to define which auditing events, for the audit.authn and audit.azn components, are included in the auditing log. The parameter contains a list of rules, which are separated by the pipe (|) character. Each rule starts with a + or - character to define whether the specified event is included or excluded from the auditing log. The *? pattern matching characters can also be used to identify the event. If no rules match the auditing event, the event is included in the auditing log. For example, to exclude all auditing events except for the event with an identifier of 114:
logcfg = audit.azn:file path=azn.log,filter=+114|-*
flush_interval
Events can sit in memory for a long time if:
  • Events are being consolidated into large buffers.
  • There is less logging activity.
Further, events can sit in memory before being:
  • Forwarded to the remote server.
  • Written to the cache file.
The flush_interval parameter limits the time that a process waits to fill a consolidation buffer.

The default value is 20 seconds. A flush interval of 0 is not allowed. Specifying a value of 0 results in the buffer being flushed every 600 seconds.

hi_water

The hi_water parameter for a remote logging connection is like the one specified for logging to a file.

path

Configure the path parameter to specify the location of a cache file on the local host. The cache file name defaults to ./server.cache, where server is the name of the remote server that is being logged to.

If the running process cannot establish communication with the remote server, or the link fails during operation, event recording switches to storing events in the specified file. The switch lasts until the server becomes available again. When the server is available, events are drained from the disk cache and relayed to the remote server.

For example, suppose that the path value is as follows:

path=pdmgrd_remote.cache

The log file is created if it does not exist. The size of this file is not bound, and it does not have any rollover capability. If a remote server is not accessible for sufficient time, you might run out of disk space.

port

Configure the port parameter to specify the port that the remote authorization server listens on for remote logging requests.

The default value is port 7136.

queue_size

The queue_size parameter for a remote logging connection is like the one specified for logging to a file.

rebind_retry
If the remote authorization server is unavailable, the log agent attempts to rebind to this server at this frequency in number of seconds. 
rebind_retry=number_seconds

The default rebind retry timeout value is 300 seconds.

server
The remote logging services are offered by the authorization service. The server parameter nominates the hosts to which the authorization server process is bound for event recording. 
server=hostname