Configure ESM Server Settings Using the DB Configuration Tool
Table of Contents
4.2 (EoS)
Expand all | Collapse all
-
- Set Up the Endpoint Infrastructure
- Activate Traps Licenses
-
- Endpoint Infrastructure Installation Considerations
- TLS/SSL Encryption for Traps Components
- Configure the MS-SQL Server Database
- Install the Endpoint Security Manager Server Software
- Install the Endpoint Security Manager Console Software
- Manage Proxy Communication with the Endpoint Security Manager
- Load Balance Traffic to ESM Servers
-
- Malware Protection Policy Best Practices
- Malware Protection Flow
- Manage Trusted Signers
-
- Remove an Endpoint from the Health Page
- Install an End-of-Life Traps Agent Version
-
-
- Traps Troubleshooting Resources
- Traps and Endpoint Security Manager Processes
- ESM Tech Support File
-
- Access Cytool
- View the Status of the Agent Using Cytool
- View Processes Currently Protected by Traps Using Cytool
- Manage Logging of Traps Components Using Cytool
- Restore a Quarantined File Using Cytool
- View Statistics for a Protected Process Using Cytool
- View Details About the Traps Local Analysis Module Using Cy...
- View Hash Details About a File Using Cytool
Configure ESM Server Settings Using the DB Configuration Tool
The DB Configuration Tool is a command-line interface
(CLI) that provides an alternative to managing basic server settings through
the ESM Console. Examples of settings that you can change include
the ninja mode password, active directory caching, and number of
logs included in the ESM Tech Support file. For the full list, see Customizable
ESM Server Settings.
You can access the DB Configuration
Tool using a Microsoft MS-DOS command prompt that you run as an
administrator. The DB Configuration Tool is located in the Server
folder on the ESM Server.
All commands you run using
the DB Configuration Tool are case sensitive.
- Open a command prompt as an administrator in either
of two ways:
- Select StartAll ProgramsAccessories. Right-click Command prompt, and then select Run as administrator.
- Select Start and, in the Start Search box, type cmd but do not press Enter, yet. Then, to open the CLI command window as an administrator, press Ctrl+Shift+Enter.
- Navigate to the folder that contains the DB Configuration
Tool:
C:\Users\Administrator> cd C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server - View the existing server settings:
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server> dbconfig server show PreventionsDestFolder = InventoryInterval = 284 HeartBeatGracePeriod = 4200 NinjaModePassword = Password2 BitsUrl = http://CYVERASERVER:80/BitsUploads MaxActions = 1000 BitsUploadTimeoutInterval = 360 BitsUploadTimeout = 720 KeepAliveTimeout = 0 ExternalAddress = VdiHeartbeatGracePeriod = 25 UseDnsForAddressResolution = True TaskTimeout = 30 SqlDateTimeFormat = yyyy-MM-dd HH:mm:ss TaskOverrideInMinutes = 30 EnableStatistics = True ActiveDirectoryPathUpdateInterval = 1440 ActiveDirectoryGroupsUpdateInterval = 1440 EnableADCaching = True ContentVersion = 6-472 ContentUpdateTimeoutMinutes = 30 SupportFileCollectionTimeout = 10 SupportFileAggregationTimeout = 20 MaxCollectedIisLogs = 100 MaxCollectedNlogLogs = 1000 MaxCollectedDbRows = 100000 UseContentProductionKey = True - (Optional) Configure or change any of the ESM
Server settings, as needed. For usage guidelines and default values,
see Customizable
ESM Server Settings. For example, to specify the allowable
grace period, in seconds, for an endpoint that is not responding
(range is 300 to 86,400; default is 4200):
C:\Program Files\Palo Alto Networks\Endpoint Security Manager\Server> dbconfig server HeartBeatGracePeriod <value>For example, a value of 300 means that if the ESM Server does not receive any communication from the endpoint within five minutes (300 seconds), the Endpoint Security Manager reports the endpoint status as disconnected.