Remote configuration parameters_fim

Click Config on the top-level File Integrity Monitor screen to view and modify the various parameters of the remote agent. This screen allows you to modify the execution schedule, severities of messages, and other parameters. 

You can modify these parameters while the FMON agent is running. Clicking Commit automatically commits changes to the remote FMON Agent and causes a new Image File to be created. 

As an alternative, you can also directly edit the configuration file using the Edit Remote Config hyperlink on the top-level File Integrity Monitor screen shown previously. This permits you to modify the basic parameters (discussed here) as well as any of the monitored directories, file match patterns, and file exclude patterns. The Remote Configuration Parameters screen is depicted as follows:

• Run File Integrity Check Now—This button causes file integrity check to be immediately run by the agent. This is useful if the operator wants to immediately see if any files have been added to the system (rather than waiting for the scheduled execution).

• Create New File Image—This button causes a new image file to be immediately generated. All changes are reset and future disk scans compares the list of files to the new image file. 

• Schedule Checks—This setting controls when file scans occur, corresponding to the Schedule directive in the configuration file. You can set the value to be hourly, daily, weekly, monthly, or disabled. The disabled setting disables all file checks.
• Schedule Delay (Secs)—This setting permits a delay (in seconds) to be added to the Scheduled Checks, corresponding to the SchedDelaySecs directive in the configuration file. The value can be used to load balance messages sent by various agent programs. 

• File Added Severity—This setting controls the severity of messages when new files are added, corresponding to the AddSeverity directive in the configuration file. You can set the value to be any severity, or can set the value to disabled to disable any reporting when files are added to the system. 

• File Deleted Severity—This setting controls the severity of messages when files are deleted, corresponding to the DeleteSeverity directive in the configuration file. You can set the value to be any severity, or can set the value to disabled to disable any reporting when files are deleted from the system. 

• File Changed Severity—This setting controls the severity of messages when file changes are detected, corresponding to the ChangeSeverity directive in the configuration file. You can set the value to be any severity, or can set the value to disabled to disable any reporting when files are changed. 

• Use Checksum—This setting controls whether checksums are generated for each file, corresponding to the UseChecksum directive in the configuration file. Normally, file changes are detected by looking at the creation time, modify time, and file sizes. Setting this value to True performs an additional check by looking at a complex checksum of the file, useful for testing whether any single bit in the file has changed. This can increase CPU usage of the file monitor and is disabled by default. 

• Auto Generate Image File—This setting controls whether the Image File is automatically replaced after each scan, corresponding to the AutoGenImage directive in the configuration file. By default, the Image File is updated only on demand. Setting this value to True causes only a single alert to be generated when a file is added, modified, or deleted from the system. Setting this value to False calls an alert to be generated each time a check is run, until the operator manually updates the image. 

• Poll Delay (Msec)—This setting throttles the CPU time used by the FMON Agent. The value corresponds to the PollDelayMsec directive in the configuration file. The default value of 10 indicates the FMON Agent waits 10 milliseconds after polling each file. The number of files, multiplied by this value, indicates the minimum time necessary to run a complete scan of the system. Such as, if there are 10,000 monitored files and the PollDelayMsec value is 100 milliseconds, a scan take at least 1000 seconds to complete. This might indicate that the Current State indicator might read Busy for at least 20 minutes each time a disk scan occurs.