Previous Topic: Configure an Existing Windows Endpoint for CA User Activity Reporting IntegrationNext Topic: Queries and Reports for CA ControlMinder Events


Configure an Existing UNIX Endpoint for CA User Activity Reporting Integration

Once you have CA ControlMinder Enterprise Management installed and configured, you can configure your endpoints for sending audit data to the Distribution Server by enabling and configuring the Report Agent.

Note: When you install CA ControlMinder, it lets you configure the endpoint for collecting and sending audit data. This procedure illustrates how you configure an existing endpoint for sending audit data if you did not configure this option at install time.

Follow these steps

  1. Run ACSharedDir/lbin/report_agent.sh:
    report_agent config -server hostname [-proto {ssl|tcp}] [-port port_number [-rqueue queue_name] -audit -bak
    

    If you omit any configuration options, the default setting is used.

    Note: For more information about the report_agent.sh script, see the Reference Guide.

  2. Create a +reportagent user in database.

    This user should have ADMIN and AUDITOR attributes and write access to local terminal. You should also set epassword to the Report Agent Shared Secret (which you defined when you installed the Distribution Server).

  3. Create a SPECIALPGM for the Report Agent process.

    The SPECIALPGM maps the root user to the +reportagent user.

Note: After you enable the Report Agent and audit routing, you can modify CA ControlMinder configuration settings to change performance-related settings. Before you do this, you should understand how the Report Agent collects audit events and routes them to the Distribution Server. For more information about Report Agent configuration settings, see the Reference Guide.

Example: Configure a UNIX Endpoint for CA User Activity Reporting Integration Using selang

The following selang commands show you how, assuming you enabled and configured the Report Agent, you create the required Report Agent user and specify special security privileges for the Report Agent process:

eu +reportagent admin auditor logical epassword(Report_Agent) nonative
auth terminal (terminal101) uid( +reportagent) access(w)
er specialpgm (/opt/CA/AcessControl/bin/ReportAgent) Seosuid(+reportagent) \
Nativeuid(root) pgmtype(none)