User guide

ManualsBrandsQ-See ManualsComputer equipmentRemote Client Software V 4.0.1

Password

Password that will be used to perform Windows system login

Monitor

Specifies which Win32_NTLogEvent log files to track. If “All” is

specified, the WMI agent will automatically query the host to

determine which files are available, and those files will be tracked.

syslog-server

In addition to the Log Correlation Engine, events downloaded from the security device

can also be forwarded to one or more syslog servers. The syslog-server keyword

defines the address at which each server is located.

heartbeat-frequency

The number of seconds between each pair of client heartbeat messages that are sent

to the server

statistics-frequency

The number of minutes between each performance statistics report to the LCE server

debug

When this line is uncommented, extra debugging information is logged. This option

should be enabled only temporarily, as it may cause the application log file to grow

extremely large. Debug mode can be toggled during runtime by sending the SIGUSR1

signal to the lce_wmid process.

compress-events

LCE Clients have the ability to compress log data prior to sending the information to

the LCE server. Enabling this feature saves bandwidth. It may be disabled by changing

the option to “0”. This option is enabled by default.

WMI Encrypted Credentials

Encrypted credentials are not managed by the LCE Client Manager. If WMI encrypted credentials are used,

they must be configured on each individual WMI client machine.

A feature is available through the /opt/wmi_monitor/wmi_config_credentials binary to encrypt the WMI

credentials to an external file set. This tool has the ability to read the current hosts from the wmi_monitor LCP policy file,

and the credentials in that file. Once saved, the cleartext credentials in the policy file may be deleted.

The preferred method to store credentials is to use the wmi_config_credentials tool. While cleartext

usernames and passwords will currently work, a warning about their use being deprecated will appear in the

log files.

Option

Description

-i <wmi_monitor policy file >

When the –i option is used, it will read the specified wmi_monitor LCP

policy file and will read in the data available for the configured host(s).

-o </path/to/credentials>

When used, the –o option will instruct the program to write the credential

files to the specific directory.

-c </path/to/credentials>

When used, the –c option will instruct the program where to read the

credential files from the specific directory for modification purposes.

-v

When used, the –v option will print the version information to the screen.

-h

When used, the –h option will display the help file.