PATROL Agent: How to use pconfig commands after the PATROL Agent version upgraded to 23.3?

PATROL Agent: How to use pconfig commands after the PATROL Agent version upgraded to 23.3?

Knowledge Article

Article Number

000418418

Old Article Number

Article Type

FAQ/Procedural

Title

PATROL Agent: How to use pconfig commands after the PATROL Agent version upgraded to 23.3?

Summary

PATROL Agent: How to use pconfig commands after the PATROL Agent version upgraded to 23.3?

Product

PATROL Agent

Component

PATROL Agent

Applies to

PATROL Agent version 23.3 and above

Question

pconfig command to update remote host configuration fails without credentials with PATROL Agent(PA) 23.4. Why?

Receiving below error while executing pconfig +get or pconfig +Reload command from different PA server.
Message from `HOST1 ' at port 3181: Not authorized to connect to this agent.
-- 0% complete.
Connection with `HOST1' at port 3181 was shutdown. -- 50% complete.

Also receiving below message in patrol agent error logs:
Tue May 28 12:53:32 PM 2024: ID 102003: W: ACL: bad username `<unknown>'
Tue May 28 12:53:32 PM 2024: ID 102089: W: Connection rejected (ACL) for Username `<unknown>' IP Address `xx.xxx.xx.xx' Type `C

Answer

This is enhancement made as part of PA 23.3 release documented here
If accessing the PA configuration remotely using pconfig from PA version 23.3 onwards, the credentials are required by default.
For example, pconfig +get -host <patrol agent host name> -p <portnum> -U <username> -W <password>.

This behavior can be changed by setting up the configuration variable /AgentSetup/pconfigRequiresRemoteAuthentication = { REPLACE="false"}.

If /AgentSetup/pconfigRequiresRemoteAuthentication configuration variable is set to True then, remote pconfig command will not work without valid monitoring user credentials.

Detailed explanation below:

No credentials are required by default when accessing the PA configuration locally using pconfig.
For example, pconfig +get -p <portnum>.
This behavior can be changed by setting up the configuration variable /AgentSetup/pconfigRequiresAuthentication = { REPLACE="true"} or setting up requiresconfigauthentication = true in the patrol.conf file.
For example, pconfig +get -p <portnum> -U <username> -W <password>.
If accessing the PA configuration remotely using pconfig from PATROL Agent version 23.3 onwards, the credentials are required by default.
For example, pconfig +get -host <patrol agent host name> -p <portnum> -U <username> -W <password>.
This behavior can be changed by setting up the configuration variable /AgentSetup/pconfigRequiresRemoteAuthentication = { REPLACE="false"}.
PA access on PatrolCli is allowed by using the default account credentials only.

Attachment(s):