Modify the A2A Client Configuration File

You can edit the A2A Client configuration file for the following reasons:
capam34
You can edit the A2A Client configuration file for the following reasons:
  • To change a configuration that is not included in the installer, such as port numbers.
  • To apply a configuration change after installation, such as changing the log file location.
  • To modify the log level to debug a problem.
Follow these steps:
  1. Stop the A2A Client service by entering the appropriate command:
    • UNIX
      :
      cspmclientd stop
    • Windows
      :
      net stop cspmclient
  2. Navigate to the A2A client configuration file,
    cspm_client_config.xml
    . The configuration file is in one of the following directories:
    • UNIX:
      $CSPM_CLIENT_HOME/cspmclient/config/cspm_client_config.xml
    • Windows:
      %CSPM_CLIENT_HOME%\cspmclient\config\cspm_client_config.xml
    Where
    CSPM_CLIENT_HOME
    is the A2A Client installation directory.
  3. Edit the cspm_client_config.xml file in a text editor then save your changes.
  4. Start the A2A Client service by entering the appropriate command:
    • UNIX
      :
      cspmclientd start
    • Windows
      :
      net start cspmclient
A2A Client Configuration Settings
The following table describes the XML tags in the A2A Client configuration file:
XML Tag
Description
<applicationtype>
Valid values are
cspm
or
cspm_agent
.
Default:
cspm
<cacheallow>
Enables or disables credential caching on the A2A Client.
Default:
true
.
This setting overrides the
PAM
cacheBehavior
setting. If the <
cacheallow
> tag is
true
, then the Client follows the
cacheBehavior
setting. If the
<cacheallow>
tag is
false
, then the
cacheBehavior
setting is ignored.
<loglevel>
Specifies the log level. The following entries are valid levels (in descending order):
  • OFF
  • SEVERE
  • WARNING
  • INFO
  • CONFIG
  • FINE
  • FINER
  • FINEST
  • ALL
The default level is OFF. Entry is case insensitive.
<cspmserver>
Specifies the host name of the
PAM
appliance. The installer sets this value.
<cspmserver_port>
The default port on which the appliance listens. The default is blank.
For HTTPS, the default is 443. If the server port is changed from 443, you must modify this value.
<daemonserver1_port>
The A2A Client uses this port to listen for local requests from client stubs. The daemon validates that the request is local. The default value is 28088.
<daemonserver2_port>
Identifies the port that the A2A Client listens for local requests from
PAM
. Default port: 28888
If the value is 1, the A2A client does not listen for external requests. Instead, the A2A client polls the appliance for event information.
<eventpolling_interval>
(Optional) Specifies the interval, in seconds, after which the A2A Client polls the appliance for events. If no value is specified, the Client uses the default polling interval of 120 seconds.
<logfile>
Specifies the location of the log file that is used by the A2A Client. The installer sets this value.
<c_logfile>
The log file that is used by the service and stateless client interface stubs.
  • Windows default:
    C:\WINDOWS\TEMP\cspm_c_client_log.txt
  • UNIX/LINUX default:
    /tmp/cspm_c_client_log.txt
All users of the A2A Client must have write access to the log file directory.
The
c_loglevel
setting controls the detail in the log file. The syntax is case-sensitive:
<c_loglevel>
LEVEL
</c_loglevel>
LEVEL
is one of the following values, in descending order:
  • OFF
  • SEVERE
  • WARNING
  • INFO
  • CONFIG
  • FINE
  • FINER
  • FINEST
  • ALL
The default level is OFF.
<patch>
Specifies patch management attributes, as in the following XML tags:
frequency
,
starthour
, and
endhour
.
<frequency>
Specifies the frequency at which the A2A Client polls the appliance for an update.
Valid values are
daily
or
weekly
. The default value is
daily
.
<startHour>
Determines the interval at which the A2A Client randomly polls the appliance for a version check.
Valid values are
0
-
23
. The default value is
0
(12 A.M.).
<endHour>
Determines the interval by which the A2A Client randomly polls the appliance for a version check.
Valid values are
0
-
23
. The default value is
5
(5 A.M.).
<operation>
For internal use only.
<preserveCacheBetweenRestarts>
Enables caching to local storage. before release 3.0.1, A2A Clients maintained the credential cache in memory
and
on local storage by default. Beginning with release 3.0.1, the default behavior is to maintain the cache
only
in memory. To enable local storage, set the
<preserveCacheBetweenRestarts>
tag to
true
.
Caching credentials locally reduces network traffic and increases reliability. The A2A Client can use the cached credentials instead of accessing
PAM
to process the credential requests. The A2A Client, like the appliance, provides credentials only in response to authorized credential requests. When a password change for a target account is triggered, the appliance notifies any A2A Client that is caching the password. This notification ensures that A2A Clients do not cache target passwords that are out of date.
<socket_read_timeout>
Specifies the socket timeout. The default value is 30 seconds.