Chatta subito con l'assistenza
Chat con il supporto

Foglight Agent Manager 5.9.4 - Foglight Agent Manager Guide

Configuring the embedded Agent Manager Installing external Agent Managers
Understanding how the Agent Manager communicates with the Management Server Deploying the Agent Manager cartridge Downloading the Agent Manager installer Installing the Agent Manager Starting or stopping the Agent Manager process Frequently asked questions
Configuring the Agent Manager Advanced system configuration and troubleshooting
Configuring Windows Management Instrumentation (WMI) Configuring Windows Remote Management (WinRM) UNIX- and Linux-specific configuration
Monitoring the Agent Manager performance Deploying the Agent Manager to large-scale environments

Configuring the concentrator

This section describes how to configure the concentrator to connect to the upstream target (either the Management Server or another Agent Manager concentrator) and to listen for connections from downstream Agent Manager instances.

A concentrator’s upstream connection is independent of the downstream connections. For example, several Agent Manager instances on a local subnet can communicate to a concentrator using HTTP while the concentrator forwards requests over an non-secure network to the Management Server using HTTPS (or the other way around).

You can configure the concentrator to connect to the upstream target in different ways:

Using HTTP: Set the upstream target of the concentrator in the same way you typically set the Management Server URL:
Using HTTPS: To configure a concentrator connection to the Management Server using a secure connection, follow the instructions in Configuring the Agent Manager to use SSL certificates .

Between connections, the Agent Manager collects all upstream and downstream messages in queues. Queuing messages prevents them from getting lost in the event of a disconnection.

When running the Agent Manager as a concentrator, you must increase the default disk cache sizes.

1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Locate the <queue-sizes> XML element.
3
Edit the <upstream/> and <downstream/> blocks that appear after the <documentation> block:
Change the argument for the max-disk-space attribute in both the <upstream/> and <downstream/> blocks to a value larger than the default setting (1024 KB). For example, to change the default disk cache size to 1 GB, set the max-disk-space attribute in both the <upstream/> and <downstream/> blocks as follows:
The max-disk-space argument sets the amount of disk space (in KB) that can be used to store messages.
4
Save your changes to the fglam.config.xml file.
1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Locate the <http-downstreams> XML element.
3
After the <documentation> block, add an <http-downstream/> child element:
<config:http-downstream port="port_number" [address="network_address"]/>
a
Replace port_number with an available port number. This is the port on which the concentrator listens for connections from downstream Agent Manager instances.
b
Optional. If required, you can also bind the concentrator to single network address. To do so, include the attribute address="network_address" in the http-downstream child element (shown as an optional attribute in Step 3), replacing network_address with the network address where you want the concentrator to receive connections from the downstream instances.
The optional address attribute is useful when a machine has two or more network addresses, and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another.
4
If required, configure the concentrator to listen for connections on multiple different ports by adding additional <http-downstream/> elements and setting the port number (and, optionally, the network address), as described above.

Configuring downstream Instances

This section describes how to configure the downstream Agent Manager instances to connect to the concentrator.

Creating a secure connection with downstream instances

The following procedure can be used to create a secure connection between the concentrator and downstream Agent Manager instances using HTTPS.

1
Launch a command shell on the Agent Manager machine, and navigate to the <fglam_home>/jre/<jre_version>/<jre>/bin/ directory.
3
Respond to the prompts from keytool. Only the “first and last name” are required, all other fields can be left blank. The “first and last name” form the common name (CN) for this key pair and this needs to be provided to the Management Server (for reverse polling) or downstream Agent Managers (as the ssl-cert-common-name). You can type anything you want into this field, but the host name is the most common choice. The default value, if left blank, is Unknown.
5
Open the file <fglam_home>/state/<state name>/config/fglam.config.xml for editing.
6
Between the existing <http-downstreams> and </http-downstreams> tags, add an <https-downstream/> child element:
<password> is the same password you specified in Step 2 for -storepass. The password is saved in an encrypted form in fglam.config.xml when you restart the Agent Manager.
<path_to_keystore> is the path to the Agent Manager keystore.
<port_number> is the port number on which you want the concentrator to listen for connections from downstream Agent Manager instances.
<network_address> is the network address, to which the concentrator is bound when receiving connections from the downstream instances. This argument is optional. It is useful when a machine has two or more network addresses and you want the connections to the Management Server to go out from one, and the connections from the downstream instances to come in to another.
IMPORTANT: Other optional attributes are available for the <https-downstreams> element. See the file fglam.config.xml for details.
7
See Configuring Management Server URLs using the installer interface or Configuring Management Server URLs from the command line for information about these parameters, which you can set through the Agent Manager installer or configuration interface.

Excluding SSL ciphers from upstream or downstream Connections

You can exclude SSL cipher suites from both upstream Agent Manager connections (to the Management Server or an Agent Manager concentrator), or downstream connections (as a concentrator).

If you need to exclude one or more ciphers from the SSL encryption used for SSL connections, you can do so using one or more excluded-ssl-cipher elements in the fglam.config.xml file. For example, you may want to exclude lower encryption strength ciphers, or ciphers with security vulnerabilities.

1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Between the existing <http-upstreams> and </http-upstreams> tags, add an <http-upstream/> child element:
<http-upstream url="https://secure_server_URL:port_number">
1
Open the <fglam_home>/state/<state name>/config/fglam.config.xml file for editing.
2
Between the existing <http-downstreams> and </http-downstreams> tags, add an <https-downstream/> child element:
Related Documents

The document was helpful.

Seleziona valutazione

I easily found the information I needed.

Seleziona valutazione