×
 
 
  •  
$helper.renderConfluenceMacro('{bmc-global-announcement:$space.key}')
BMC PATROL Agent 11.0 ... Administering Configuring the PATROL Agent to enable TLS 1.2

Changing the PATROL Agent's security level

The PATROL Agent and the TrueSight Integration Service must run on the same security level to successfully communicate in TLS mode. The following steps guide you to change the PATROL Agent's security level.

Important Information

  • TrueSight Integration Service communicates with the PATROL Agent at security level 2 and above.
  • If you have already configured the PATROL Agent in TLS mode, ensure that you unset the TLS mode before changing its security level. For details, see Rolling back to SSL configuration. Open link
  • Ensure that you have the administrative level access to run this command.

  1. Stop the PATROL Agent.

    • (Microsoft Windows) Open the Services list, right-click the PATROL Agent service name, and select Stop.

    • (Unix) As a root user, go to the /etc/init.d directory, and run the following command:

      #Syntax
./PatrolAgent {start|stop|restart|status} {portnum}     
 
#Example
./PatrolAgent stop 9090

  2. Navigate to the <ROOT_INSTALL_DIR>\common\security\config_v3.0 directory location and run the following command: 

    p7_change_security_level_x86-64.cmd -c AGENT_CON -l 4 -n BOTH -d Patrol3 -v _v3.0

    Note

    p7_change_security_level_x86-64.cmd is a command line utility that allows the user to change security level and configuration for PATROL Console/Agent, Console Server, PATROL Central Web Edition.

    • Parameter description:
      • -c: This option is used to specify the component. Valid values are: AGENT_CON, CSERVER, PCWEB, PCWIN, DS_SERVER, DS_CLIENT, DS_CLI
      • -l: Specifies the security level. Valid values are: 0, 1, 2, 3, 4 Note: PATROL Agent can communicate with the Integration Service only on security level 2 and above.
      • -n: Specifies the network protocol that is used Valid values are: TCP , UDP, BOTH. Security Levels 0, 1 and 2 require both TCP AND UDP protocols. Security Levels 3 and 4 allow one protocol or both.
      • -d: Specifies the name of the Patrol3 or Patrol Central Web sub directory. No path is needed. Valid values are: Patrol3 is applicable to Agent/Console only. Webcentral is applicable only to the Patrol Central Web sub directory.

      • -v: Specifies the version of the Security installation. Valid value: _v3.0 Use this value only when the security installation version is ESS 3.0.

    • Run this command as a root user on PATROL Agents running on the Linux operating system.

  3. Restart the PATROL Agent.

    • (Microsoft Windows) Open the Services list, right-click the PATROL Agent service name, and select Start.

    • (Unix) As a root user, go to the /etc/init.d directory, and run the following command:

      #Syntax
./PatrolAgent {start|stop|restart|status} {portnum}
 
#Example 1
./PatrolAgent start 9090
   
#Example 2: To start the PATROL Agent on all ports where they were running before stopping them with this script
./PatrolAgent start ALL
 
#'ALL' value is invalid with the 'stop' Action.

Where to go from here

Once you update the PATROL Agent's security level, verify the workflow diagram to ensure all the relevant tasks to enable TLS mode are performed.

Related topic

Administering

Was this page helpful? Yes No Submitting... Thank you
Last modified by Rashmi Gokhale on Jun 11, 2020
task tls12

Comments

Log in or register to comment.

Updating the Integration Service registry files
Updating the PATROL Agent registry files
© Copyright 2014-2017 BMC Software, Inc.
Legal notices

Powered by Atlassian Confluence and Scroll Viewport

© Copyright 2005-2024 BMC Software, Inc. Use of this site signifies your acceptance of BMC’s Terms of Use . BMC, the BMC logo, and other BMC marks are assets of BMC Software, Inc. These trademarks are registered and may be registered in the U.S. and in other countries.