Chat now with support
Chat with Support

Foglight 5.9.5 - Security and Compliance Guide

Security overview
Foglight security measures Customer security measures Security features in Foglight Disclaimer
Security features for APM appliances Usage feedback Appendix: FISMA compliance

Client communication

The Agent Manager connects to the Management Server using the same HTTP(S) ports as the browser interface. The Agent Manager uses the standard URL format to configure the address of the upstream Management Server; therefore if the port number is changed in the Management Server configuration, it is a simple matter to configure the Agent Manager to use the updated port.

Agent Manager instances that are configured to communicate through a concentrator can use any customer-designated port for their communication with that concentrator host. This needs to be configured on both the upstream and downstream Agent Manager instance.

Some agents hosted by the Agent Manager are run out-of-process, and use local TCP connections to communicate with the master Agent Manager process. Two protocols are used for this local communication: legacy RAPSD for agents which are supported by the Agent Manager, and the Agent Manager’s XML-over-HTTP for new agents implemented with the Agent Manager API (this is the same protocol used by the Agent Manager to connect to the upstream Management Server or concentrators). In both cases, the master Agent Manager process listens for local connections on an available port assigned randomly by the OS from the ephemeral port range. In both cases, these ports will only accept connections from localhost; neither case supports encryption for this local-only traffic.

Configuration parameters

The Foglight® Management Server stores its configuration parameters in configuration files within the Foglight directory on the Management Server's file system. When Foglight is launched, the parameters are read and cached internally; the configuration files on disk are not re-read until the Management Server restarts. This allows modification of the configuration files while Foglight is running without affecting real-time processing.

Audit log

From the Foglight® Administration Console, users can select security and change audit logs for a specific time period and display those logs in the Audit Viewer.

The View Audit Information dashboard allows you to review these logs and to filter them to show information for a specific time span. It also lists users who have logged in to Foglight, changes to user, group or role settings, and changes made to configuration items, including rules, schedules, or registry variables.

The following information appears in each log entry in the table:

Audit log entries are stored in the Foglight database.

A subset of the Foglight methods that are audited includes:

Log files

The following information is recorded in the Foglight® log files on the Management Server:

No user names or passwords are stored in the log file. These files are stored unencrypted on the file system within the Foglight directory structure. Any system user with read privileges to these files can access the logs.

Related Documents