Documentation

Connections to log servers | EPM-UL

Suggest Edits

Hosts that access Endpoint Privilege Management log servers need to know how to connect to log servers and how long to wait for failovers. The connections are defined by the logservers and logport settings. These settings must be defined on the policy server host. Run hosts usually obtain this information from the policy server host’s policy file and do not need these settings. Log servers need to know only the port.

Connection timing is controlled by the logserverdelay and logserverprotocoltimeout settings.

logservers

  • Version 4.0.0 and later: logservers setting available.

The logservers setting provides a list of outgoing connection information for EPM-UL programs that use log servers.

The list can contain:

  • Host names
  • A single asterisk (*) denoting a Registry Name Service lookup
  • Netgroups in the form: 
    +@name
  • Hosts to exclude in the form: 
    -name
  • Netgroups to exclude in the form: 
    -@name
  • Absolute path names of a local pblogd. If spaces are required, the string must be quoted.
  • DNS SRV lookups, in the form: 
    _<pbul service name>._tcp.<domain name>.[:port=<port>[:interface=<IP or hostname>]]
  • External Programs, in the form: 
    \`/path/to/external/program\`

The following are tried in sequence to determine the port value:

  1. The non-zero port value from a DNS SRV lookup
  2. The value specified within the logservers setting
  3. The value of the logport setting
  4. The pblogd entry in services 5.
  5. Port 24347

Example

logservers mylogserver.mydomain
logservers sparky spot
logservers loghost1 loghost2
logservers +@logservers -@badlogservers -badlogserver
logservers sparky spot "/usr/sbin/pblogd"
logservers _auto
logservers _pbmasters
logservers _pbmasters._tcp.mydomain.
logservers _pbmasters._tcp. mydomain.:port=12345
logservers \`/bin/get_first_submitmaster\`

Default

No default value

Used on

  • Policy server hosts
  • Submit hosts by pbksh and pbsh when a Policy Server is not available

logport

  • Version 4.0.0 and later: logport setting available.

The port numbers for Endpoint Privilege Management daemons must use the non-reserved system ports. The allowed port numbers are 1024 to 65535 (inclusive).

Example

logport 12345
logport pblogd

Default

logport 24347

Used on

  • Log hosts
  • Policy server hosts
  • Run host
  • Submit hosts by pbksh and pbsh when a policy server host is not available

randomizelogservers

The randomizelogservers setting forces the policy server/submit host/run host to choose a log server host at random, rather than choosing the first available log server host that is specified in the logservers setting. This feature balances the load among multiple log server hosts.

When randomizelogservers is set to yes, all log servers are shuffled before trying them in order. This ensures that the same server is not always tried after the first one fails.

Example

randomizelogservers yes

Default

randomizelogservers no

Used on

  • Policy server
  • Sudo Manager client

Updated about 1 month ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.