Applies to: All versions of Centrify DirectAudit.
We have 2 collectors - one is in the internal network and one is in DMZ. Our SQL database is in the internal network. None of our unix machines in DMZ (running DA) are able to see the collector in DMZ and dainfo --diag shows offline. From the unix machine, we are able to ping the collector in DMZ and telnet on port 4444. DA Manager on DMZ shows the DMZ collector to be active and running. Re-publishing the collector does not help. Stopping and restarting or re-enabling auditing on unix machine does not help. Logs do not show any attempt made by unix machine to connect to the right collector in DMZ.
This can happen if "Publication" is not set properly for the DMZ network in DirectAudit Manager. In the customer's case, the publication was set for the internal network only but there was no entry for the DMZ.
When you create a database, you specify one or more locations in Active Directory in which to create Service Connection Points (SCPs). SCPs enable the DirectAudit daemon on UNIX machines to locate the collector machines that transfer data to the database. SCPs also enable the collector configuration program and the DirectAudit Console to list all DirectAudit instances installed in the environment — which means the UNIX machines, collector machines, and the console machine must be able to locate the SCP. The DirectAudit Manager Console enables you to add, modify, or delete publishing locations for SCPs. For example, you can move an
SCP to a different Active Directory location, or if you add a forest, you can add an SCP location in that forest. If you uninstall a DirectAudit instance, you can first remove the SCPs, or if you
decide not to audit a forest, you can remove the SCPs from that forest.
To delete, add, or modify a publishing location:
1 Open the DirectAudit Console, right-click DirectAudit
Manager and click Manage Publication.You see a list of current locations.
2 Do one of the following:
To delete a location, navigate to it, select it, then click Remove. When prompted, click Yes.
When you delete an SCP, the collectors can no longer write data to the DirectAudit database. You should also remove the collectors themselves from the machines on which they are
To add a location, click Add. Navigate to the Active Directory container of choice, select it, then click OK. The SCP enables collectors to find the DirectAudit database.
Therefore, after adding an SCP, run the collector configuration wizard (see “Configuring a collector” on page 82 of DA Admin Guide) to locate the DirectAudit database to which the collector will write audited data.
To change an SCP location, first delete it, then add a new location.
Note You must have write permission for the Active Directory container in which to create the SCP and for the audited zones.
Note: If you have trouble deleting or adding a publication, please contact Centrify support and they can walk you through in using ADSIedit or ADUC to remove the same.