Skip navigation
Share This:

The PATROL Agent is the core piece of the PATROL architecture that monitors managed systems. PATROL Agents load information from Knowledge Modules, gather statistics, and send alerts and requested information to various Consoles. To run parameters, recovery actions, and application discovery, the Patrol Agent must use a valid User account.

 

Many application Knowledge Modules use pconfig() in their PSL scripts to edit and add agent configuration variables. The PSL pconfig() function uses the Patrol Agent Default Account.

 

The PATROL Agent uses the default PATROL account for rights to perform the following advanced functions:
• collect information from performance counters
• collect information from the Windows event log
• self-tune for peak performance and non-intrusive use of the processor
• access system-level information
• make debug-level output available from the PATROL KM applications
• access the command interpreter for operating-system-level commands
• create and remove processes in the process table for collecting performance data

 

Type of accounts:

  • In a Windows environment PATROL default account can either be a local or a domain account.
  • In a Unix environment PATROL default account can either be a local or LDAP account.

 

Account prerequisites for a Unix OS:

  • Do not use root account as a patrol default account because this might create security risks.
  • User account should have login shell.
  • Create a local user (or a network user).
  • Patrol default account user should be the owner of the installation directory.
  • Patrol default account user should have write permission set (755) on the installation directory.
  • Patrol default account should have Write permission set (755) on /tmp dir.

 

Account prerequisites for a Windows OS:

  • On Windows platforms PATROL agent runs as its own user.
  • Before installing the Patrol agent a local or domain account must be created/exist on the server.
  • If the local user is being used for the patrol agent installation, then that user should be a part of the local administrator group.
  • If the local\domain user is being used for the patrol agent installation, then that user should be part of the local and domain administrator group.
  • The installation program grants the following advanced user rights to the PATROL Agent default account.

How to change the Patrol Agent Default Account?

The Default Account information is stored in the/AgentSetup/defaultAccount agent configuration variable. By default, it uses the account used to install Patrol. However, you can change the account that the agent runs under.  If there are any changes made to this account on the OS level or if you would like to change the account username or password, you can use any of the following methods to change the Patrol Agent default account:

 

  1. Using the pconfig utility:
  • Run the pconfig +get command to get the current configuration and save it to a file.
    Syntax: pconfig +get -p (PortNumber) > (FilePath)
    For eg: pconfig +get -p 3185 > /tmp/pconfig.txt (For UNIX OS) OR pconfig +get -p 3185 > C:\temp\pconfig.txt (For Windows OS)    
  • Go to the PATROL_HOME\bin directory and run the Encryption Utility to generate the encrypted password. The output of the following command will be the encrypted password.
    Syntax: pwd_encrypt <Enter the plain-text password here>
    For eg: pwd_encrypt patrol1234
  • Enter the Username and Encrypted Password in the /AgentSetup/defaultAccount in the pconfig.txt file generated in the first step.
    For eg: "/AgentSetup/defaultAccount" = { REPLACE = "patrol/$-2$-$A88CA7BD3DADDDFFC85FFF1CCCE8C383" },
  • Reload the configuration back to the Agent
    For eg: pconfig +Reload  /tmp/pconfig.txt (For UNIX OS) OR pconfig +Reload  C:\temp\pconfig.txt (For Windows OS)

 

2. Using Truesight CMA Console (Agent Section):

  • Create an Infrastructure Policy (Configuration=>Infrastructure Policies=>Create Policy)
  • Go to the “Agent” tab
  • Enter the username and password in the “Agent Default Account” Section. Here is a screenshot of this section:

3. Using Truesight CMA Console (Configuration Variables Section):

  • Create an Infrastructure Policy (Configuration=>Infrastructure Policies=>Create Policy)
  • Go to the “Configuration Variables” tab
  • Click on “Add Configuration Variable”
  • Enter “/AgentSetup/defaultAccount” in the Variable section
  • Enter the username/encrypted password (See Method#1 for generating the encrypted password) in the Value section.

 

For any further questions, feel free to comment on this post or contact BMC Customer Support through a support case.

Filter Blog

By date:
By tag: