Documentation

Log archiving settings

Suggest Edits

EPM-UL provides logfile tracking and archiving for I/O logs and eventlogs.

enablelogtrackingdb

  • Version 8.5 and earlier: enablelogtrackingdb setting not available.
  • Version 9.0 and later: enablelogtrackingdb setting available.

If set, the Endpoint Privilege Management for Unix and Linux component creating the event log or I/O log sends the location information to the centralized tracking database to be recorded.

This setting requires a configured REST service on the designated Log Archiver Database Server, and needs logarchivedbhost and pbrestport settings to update the database.

To disable the feature, set this to no, and the log writer will not send the logfile location to the log tracking database. It is enabled by default.

Example

Enable Tracking of Logfile Location:

enablelogtrackingdb yes

Example

Disable Tracking of Logfile Location:

enablelogtrackingdb no

Default

enablelogtrackingdb no

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivehost

  • Version 8.5 and earlier: logarchivehost setting not available.
  • Version 9.0 and later: logarchivehost setting available.

The name of the default destination host that receives the archived log files. For use on log servers where the logfile originates.

Requires a valid EPM-UL installation with the REST service configured.

Example

logarchivehost host

host is the hostname or IP address of the archive host.

Default

No default value

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivedbhost

  • Version 8.5 and earlier: logarchivedbhost setting not available.
  • Version 9.0 and later: logarchivedbhost setting available.

The name or the IP address of the host where the log tracking database is created and maintained. For use on log servers where the logfile originates.

Requires a valid EPM-UL installation with the REST service configured.

Example

logarchivedbhost logarchdbhost1
logarchivedbhost 192.10.42.235

Default

No default value

Used on

  • Log hosts
  • Policy server hosts if a log host is not used

logarchivedir

  • Version 8.5 and earlier: logarchivedir setting not available.
  • Version 9.0 and later: logarchivedir setting available.

Defines the main destination path for the log files on the Log Archive Storage Server host. Under this main directory, the logfiles are organized appropriately in their subdirectories:

  • event logs: /eventlog/
  • I/O logs: /iolog//submituser/

ℹ️

Note

If the directory does not yet exist, it is created and made secure (readable and writable by root only).

Example

logarchivedir /pbul/pbarchive

Default

During the install, depending on the operating system standards, this can be any of the following:

logarchivedir /var/log/pblogarchive

logarchivedir /usr/log/pblogarchive

logarchivedir /var/adm/pblogarchive

logarchivedir /usr/adm/pblogarchive

Used on

Log hosts designated as Log Archive Storage Server

logarchivedb

  • Version 8.5 and earlier: logarchivedb setting not available.
  • Version 9.0 and later: logarchivedb setting available.

The absolute path of the SQLite log tracking database file on the Log Archiver Database Server. If the file does not yet exist, it is created when the first row is inserted.

Example

logarchivedb /var/log/pblogtrack.db

Default

logarchivedb /opt/<prefix>dbs<suffix>/dbs/pblogarchive.db

Used on

Log hosts designated as Log Archiver Database Server

logarchivedb_delay

  • Version 9.4.0 and earlier: logarchivedb_delay setting not available.
  • Version 9.4.1 and later: logarchivedb_delay setting available.

Maximum accumulated time, in milliseconds, the log host busy handler sleeps during the retry cycle when it encounters a locked log tracking database.

  • The valid range is 0 - 1,200,000 milliseconds.
  • A 0 value means no retries are attempted and a database locked error is logged immediately.
  • Increase the value if there is a high demand on updating the log tracking database and there are too many database locked errors reported. A higher value, however, may affect the performance of the log host.

ℹ️

Note

SQLite may not invoke the busy handler if it determines the possibility of a deadlock.

Example

logarchivedb_delay     200000

Default

logarchivedb_delay     100000

Used on

Log hosts designated as Log Archiver Database Server

Updated 5 days ago

©2003-2025 BeyondTrust Corporation. All Rights Reserved. Other trademarks identified on this page are owned by their respective owners. BeyondTrust is not a chartered bank or trust company, or depository institution. It is not authorized to accept deposits or trust accounts and is not licensed or regulated by any state or federal banking authority.