Chat now with support
Chat mit Support

Foglight 6.1.0 - Installing Foglight on a UNIX System with an Embedded PostgreSQL Database

Before Installing Foglight Installing Foglight
Preparing to install Installing a new version of the Management Server Installed directories Foglight settings Uninstalling Foglight Upgrading the Management Server
Running the Management Server Installing and Upgrading Cartridges Installing Agents Appendix: Switching from an Embedded to an External Database

Adding command-line options

The server.config file allows you to add up to 10 command-line options for the fms command.

Each command-line argument corresponds to a space-delimited argument passed to the Foglight process.

For example, the following lines in the <foglight_home>\config\server.config file:

server.cmdline.option0 = "--name";
server.cmdline.option1 = "process_name";

Correspond to this direct argument on the command line:

fms --name process_name

Certain arguments can be specified in a single line that uses the long name for an option. For example:

server.cmdline.option0 = "--host=hostname";

Which corresponds to the following command-line argument:

fms --host=hostname

Binding the Management Server to an IP address

To cause the Foglight Management Server to bind to a specific IP address, use the dedicated properties in the <foglight_home>\config\server.config file. For example:

server.bind.address = “192.0.2.2";

server.remote.address = “host1.example.com";

Where host1.example.com is the host name assigned to the bind address in DNS. If no DNS name is available, a raw IP address can be used in this property.

Binding Foglight to a specific IP address can be used where, for example, the same IP address is to be used by multiple Management Server instances on a single host, each IP address delineating a virtual boundary between instances. In such situations, the Management Server will only listen for incoming TCP traffic on that specific IP address. By default, the Management Server listens to all IPv4 and IPv6 addresses.

Configuring Foglight to use stronger encryption

 

* 
NOTE: This only works in non-FIPS mode. Stronger encryption with fixed key size is used in FIPS-compliant mode.

Foglight Management Server 5.6.3 and later includes unlimited strength security policies. In some cases, such as Credential Management, this encryption level may be insufficient. If 256‑bit (or higher) AES keys are necessary, use the following procedure to configure the Management Server to use stronger encryption.

To configure Foglight to use stronger encryption:
1
Stop the Management Server.
2
Open the file <foglight_home>\config\server.config on the Management Server machine.
3
Set the java system property foglight.credentials.enc.key.size to 256 (or higher):
server.vm.option0 = "-Dfoglight.credentials.enc.key.size=256";
4
Save the server.config file.
5
Restart the Management Server.

Configuring Foglight to use the HTTPS port

If you do not choose to install Foglight in Secure Server mode, you can edit server.config after installation and manually configure Foglight to restrict the Management Server to use the HTTPS port when accessing the browser interface.

You must have a signed, valid certificate to use this HTTPS configuration. It is recommended that you obtain a valid certificate from a third party as outlined in Importing a network security certificate.

To configure the Management Server to use the HTTPS port:
1
Stop the Management Server.
2
Open the file <foglight_home>\config\server.config on the Management Server machine.
3
Set the parameter server.console.httpsonly to true:
server.console.httpsonly = "true";
4
Save the server.config file.
5
Import the signed certificate into the Foglight keystore. See Importing a network security certificate for instructions.
6
Restart the Management Server.
7
Launch the Foglight browser interface using the appropriate HTTPS URL (https://<hostname>:<https_port>) to ensure that the Management Server can be accessed using HTTPS.
 
* 
NOTE: The Foglight Management Server uses the HTTP port for local access even if you are accessing the browser interface through an HTTPS connection. If that is the case, both ports are open: the HTTPS port for external requests coming from the browser interface and the HTTP port for local requests. For example, the reporting service accesses the Foglight Management Server through the HTTP port while external requests use HTTPS.
You must configure your firewall or network security applications to allow both ports to remain open.
Verwandte Dokumente

The document was helpful.

Bewertung auswählen

I easily found the information I needed.

Bewertung auswählen