To view the latest 11.3.x version, see  PATROL Agent 11.3.02 .

Changing the PATROL Agent's security level

The PATROL Agent and the TrueSight Integration Service must run on the same security level to successfully communicate in TLS mode. The following steps guide you to change the PATROL Agent's security level.

Important Information

  • TrueSight Integration Service communicates with the PATROL Agent at security level 2 and above.
  • If you have already configured the PATROL Agent in TLS mode, ensure that you unset the TLS mode before changing its security level. For details, see Rolling back to SSL configuration.
  • Ensure that you have the administrative level access to run this command.
  1. Stop the PATROL Agent.

    • (Microsoft Windows) Open the Services list, right-click the PATROL Agent service name, and select Stop.

    • (Unix) As a root user, go to the /etc/init.d directory, and run the following command:

      #Syntax
      ./PatrolAgent {start|stop|restart|status} {portnum}    
        
      #Example
      ./PatrolAgent stop 9090
  2. Navigate to the <ROOT_INSTALL_DIR>\common\security\config_v3.0 directory location and run the following command: 

    p7_change_security_level_x86-64.cmd -c AGENT_CON -l 4 -n BOTH -d Patrol3 -v _v3.0

    Note

    p7_change_security_level_x86-64.cmd is a command line utility that allows the user to change security level and configuration for PATROL Console/Agent, Console Server, PATROL Central Web Edition.

    • Parameter description:
      • -c: This option is used to specify the component. Valid values are: AGENT_CON, CSERVER, PCWEB, PCWIN, DS_SERVER, DS_CLIENT, DS_CLI
      • -l: Specifies the security level. Valid values are: 0, 1, 2, 3, 4 Note: PATROL Agent can communicate with the Integration Service only on security level 2 and above.
      • -n: Specifies the network protocol that is used Valid values are: TCP , UDP, BOTH. Security Levels 0, 1 and 2 require both TCP AND UDP protocols. Security Levels 3 and 4 allow one protocol or both.
      • -d: Specifies the name of the Patrol3 or Patrol Central Web sub directory. No path is needed. Valid values are: Patrol3 is applicable to Agent/Console only. Webcentral is applicable only to the Patrol Central Web sub directory.
      • -v: Specifies the version of the Security installation. Valid value: _v3.0 Use this value only when the security installation version is ESS 3.0.

    • Run this command as a root user on PATROL Agents running on the Linux operating system.
  3. Restart the PATROL Agent.

    • (Microsoft Windows) Open the Services list, right-click the PATROL Agent service name, and select Start.

    • (Unix) As a root user, go to the /etc/init.d directory, and run the following command:

      #Syntax
      ./PatrolAgent {start|stop|restart|status} {portnum}
        
      #Example 1
      ./PatrolAgent start 9090
        
      #Example 2: To start the PATROL Agent on all ports where they were running before stopping them with this script
      ./PatrolAgent start ALL
      
      #'ALL' value is invalid with the 'stop' Action.

Where to go from here

Once you update the PATROL Agent's security level, verify the workflow diagram to ensure all the relevant tasks to enable TLS mode are performed.

Related topic

Administering

Was this page helpful? Yes No Submitting... Thank you

Comments

  1. Thurlow Caffey

    In steps 1 & 7, it would be nice if you stated how to stop/start the patrol agent for Linux & Windows i.e.

    On linux run the following from /etc/init.d as root:

    Usage: ./PatrolAgent Action {start|stop|restart|status} Agent Port {portnum}

    Note: 'ALL' value for 'portnum' with 'start' Action will attempt to start PatrolAgent on all ports where it was running before stopping them with this script. 'ALL' value is invalid with 'stop' Action.

    Apr 16, 2020 07:08
    1. Rashmi Gokhale

      Hi,

      Thanks for the feedback.

      I will confirm with the SME and update the document.

      Thanks,

      Rashmi

      Apr 17, 2020 01:30
    1. Rashmi Gokhale

      Hi,

      Thanks for the feedback.

      I have added start and stop details and published the page.

      Thanks,

      Rashmi


      May 10, 2020 05:31
  2. Thurlow Caffey

    In the important information box, prior to step one, you should really provide a link to how to UNSET the tls mode in the same bullet point where you warn about this action being necessary. Is this the correct link? : https://docs.bmc.com/docs/TSOperations/113/rolling-back-to-ssl-configuration-843620289.html

    Apr 16, 2020 07:48
    1. Rashmi Gokhale

      Hi,

      Thanks for the feedback.

      I will confirm with the SME and update the document.

      Thanks,

      Rashmi

      Apr 17, 2020 01:29
      1. Rashmi Gokhale

        Hi,

        Yes, the topic rolling-back-to-ssl-configuration-843620289.html has instructions to unset TLS. I have added the topic link and published the page.

        Thanks,

        Rashmi

        May 10, 2020 05:35
  3. Thurlow Caffey

    The name for the Linux flavor of the p7 command is "p7_change_security_level.sh". An explanation of what the -c values mean would be appreciated.

    Apr 16, 2020 11:01
    1. Rashmi Gokhale

      Hi,

      Thanks for the feedback.

      I will confirm with the SME and update the document.

      Thanks,

      Rashmi

      Apr 17, 2020 01:28
      1. Rashmi Gokhale

        Hi,

        I confirmed the -c options that we have documented here with the SME.

        -c: This option is used to specify the component. Valid values are: AGENT_CON, CSERVER, PCWEB, PCWIN, DS_SERVER, DS_CLIENT, DS_CLI

        Did you have any specific input about -c option that you would like me to discuss with the SME?

        Thanks,

        Rashmi

        May 04, 2020 07:25