Important

   

This documentation space contains information about PATROL Agents when deployed in a BMC Helix Operations Management environment. If you are a TrueSight Operations Management user, see PATROL Agent 22.1. Open link

Establishing accounts and ports

This section describes how to set up accounts and ports and specify which applications and instances use which accounts.

Accounts

PATROL Agent must use a valid account to run parameters, recovery actions, and application discovery. By default, it uses the account used to install PATROL. However, you can change the account that the agent runs under. You can also designate the agent to use particular accounts for applications and instances.

In environments where trusted connections are supported, you can assign an account to be used by a trusted connection that does not have an account on a particular host.

Setting the PATROL Agent default account

The /AgentSetup/defaultAccount variable specifies the user account that the agent runs for all parameters, recovery actions, and application discovery procedures when an account is not specified for these commands.

Formats and type of data

Text string, not applicable

Default value

Account used to install PATROL Agent

Minimum and maximum

Not applicable

Dependencies

None

Recommendation

None

Setting the PATROL Agent default account shell

You can use the /AgentSetup/defaultAccountShell configuration variable to specify which shell the PATROL Agent uses for the process spawned by the PATROL Agent default account.

Format and type of data

Text string (shell name)

Default value

None

Minimum and maximum

None

Dependencies

None

Recommendation

Value must contain a complete path, such as "/bin/sh" or the PATROL Agent will not work properly.

This variable is not available in the config.default file. You must create this variable manually by using wpconfig (Windows), or xpconfig (UNIX), or PATROL Configuration Manager.

If the variable is set to NULL, the agent defaults to the shell given in the password file of the default account. If the value does not contain a complete path, the PATROL Agent will not work properly.

Setting the PATROL Agent account for applications

The /AgentSetup/<appl>.OSdefaultAccount variable specifies the account that the agent uses when it runs all parameters and recovery actions for this application or application instance. You can override this account by specifying an account in a command.

Formats and type of data

Text string, not applicable

Default value

NULL (use PATROL Agent's default Account)

Minimum and maximum

Not applicable

Dependencies

None

Recommendation

None

Adding time zones to PATROL

You can use the /AgentSetup/timeZone configuration variable to define time zones that do not exist in the PATROL Agent time zone table. If you are using a system that runs in a time zone not recognized by PATROL, you can add the time zone and its offset to the /AgentSetup/timeZone variable. When the PATROL Agent finds the timeZone variable, it will add the contents to its time zone table and use the new time zone(s) data to calculate date and time.

Format and type of data

TimeZone/OffsetValue

TimeZone= the name of the time zone

OffsetValue = the offset value, in minutes, for the specified time zone. Begin the OffsetValue with a + or - sign.

Default value

NULL

Minimum and maximum

None

Dependencies

None

Recommendation

None

If you define the timeZone variable as TZ1/+200,TZ2/-100, the PATROL Agent recognizes TZ1 and TZ2 as time zone strings and will use their corresponding offset values for date conversion calculation. By default, the value of the variable is NULL.

Setting the PATROL Agent account for instances

The /AgentSetup/<appl.inst>.OSdefaultAccount variable specifies the account that the agent uses when it runs all parameters and recovery actions for this application instance. You can override this account by specifying an account in a command.

Formats and type of data

Text string, not applicable

Default value

NULL (use PATROL Agent's default Account)

Minimum and maximum

Not applicable

Dependencies

None

Recommendation

None

Default accounts for XPC servers

You can use the /AgentSetup/XPC/<xpcserver>.xpc_defaultAccount to specify a default account for each xpc server. When the xpc process is spawned in PATROL Agent, it checks to see if there is a default account for that xpc process and switches the user to that account before running that process. If the account is not defined, the xpc server runs under the PATROL Agent default account.

Format and type of data

Text string <xpcserver>.xpc_defaultAccount

Default value

None

Minimum and maximum

None

Dependencies

None

Recommendation

None

This variable is available only for Microsoft Windows platforms.

Using the application-specific account for commands

The /AgentSetup/<appl>.OSdefaultAccountAppliesToCmds variable determines whether menu commands run against instances of this application use the account specified by either appl.inst.OSdefaultAccount or appl.OSdefaultAccount. Otherwise, menu commands use the account with which the console logs into the agent. You can override this account by specifying an account in a command.

Formats and type of data

Boolean, yes or no

Default value

No (do not run as *.OSdefaultAccount)

Minimum and maximum

Not applicable

Dependencies

None

Recommendation

None

Setting the default account for trusted clients

The /AgentSetup/trustedConnectionsAccount variable specifies the default account that the agent assigns to a trusted client connection that does not have an account on the box. First, the agent tries the account for the trusted user. If the account is not available, the agent uses the account specified by trustedConnectionsAccount.

This variable is applicable only to installations using supported external authentication services, currently Kerberos 5.

Formats and type of data

Text string, not applicable

Default value

Patrol

If the agent fails to get the client's account, and this variable is not set or set to a non-valid account, the agent rolls back to "username/encryptedPassword" scheme used on non-trusted connections

Minimum and maximum

Not applicable

Dependencies

None

Recommendation

None

Setting the default account for PEM commands

The /AgentSetup/pemCommands_defaultAccount variable allows you to establish a special account under which all PEM commands can be run. To run PEM commands under this account, you must specify P for the PEM account option in the /AgentSetup/pemCommands_policy variable.

Formats and type of data

Text string (no spaces)

Default value

None

Minimum and maximum

Not applicable

Dependencies

/AgentSetup/pemCommands_policy variable must be set to P

Recommendation

None

The /AgentSetup/pemCommands_policy variable specifies under which account all PEM commands will run.

Values

A — Agent default account; if established, used in the following order:

1) appl.inst.OSdefaultAccount

2) appl.OSdefaultAccount

3) defaultAccount

P — special PEM default account
U — user account or KM account depending on where the event was initiated

Default value

U

Minimum and maximum

Not applicable

Dependencies

Accounts that are established

Recommendation

None


Ports

The agent allows you to specify the default port on UNIX and specify the port used to communicate through a firewall in a secure environment. PATROL also allows you to establish ports for sending and receiving SNMP trap information.

Setting the default port number on UNIX Only

The PATROL_PORT environment variable specifies the PATROL Agent port number on UNIX only. This variable applies only if the port number has not been specified by another means.

Hierarchy for UNIX agent port number

Following is the hierarchy for the PATROL Agent port number on UNIX:

  1. -p command line option is specified, use command line value
  2. "patrolagent" defined in /etc/services
  3. Environment variable PATROL_PORT
  4. Hard-coded default (3181)
Was this page helpful? Yes No Submitting... Thank you

Comments