Administering the BigFix Explorer
This section describes the configuration scenarios for the BigFix Explorer component.
HTTPS certificate configuration
At installation time, the BigFix Explorer is configured to use HTTPS by default, and it creates its own certificate. If you want to customize HTTPS on the BigFix Explorer, for more details see Customizing HTTPS on BigFix Explorer.
Revoking the authentication certificate
After the installation of the BigFix Explorer instance, you can revoke the certificate of a BigFix Explorer instance needed for authenticating to the BigFix Root Server, if you have any reason to doubt its validity.
When you revoke the certificate, BigFix Explorer is no longer authenticated for trusted communication, and the certificate of the BigFix Explorer can no longer be used to communicate with the BigFix Root Server.
To revoke a BigFix Explorer certificate, you can use the revokeexplorercredentials BigFix Administration Tool command. For Windows installation see revokeexplorercredentials, for Linux installation see revokeexplorercredentials.
To rotate a BigFix Explorer certificate, you can use the rotateexplorercredentials BigFix Administration Tool command. For Windows installation see rotateexplorercredentials, for Linux installation seerotateexplorercredentials.
Rotating the authentication certificates chain
After the installation of one or more BigFix Explorer instances, you can revoke their certificates needed for authenticating to the BigFix Root Server and rotate the certificate authority used by the BigFix Root Server to generate each authentication certificate, if you have any reason to doubt their validity.
To rotate the certificate authority of the authentication certificate of the BigFix Explorer and to rotate each of the existing certificates, you can use the rotateexplorercredentials BigFix Administration Tool command. For Windows installation see rotateexplorercredentials, for Linux installation see rotateexplorercredentials.
Setting a different port number
It is possible to set a different port for the BigFix Explorer using the
_BESExplorer_HTTPServer_PortNumber
setting.
The default port number used by BigFix Explorer is 9383.
From the Edit Computer Settings menu of the BigFix Console, you can set the value for this setting.
Default Value | 9383 |
Setting Type | Numeric |
Component Affected | Explorer |
As an alternative, to modify the port for the BigFix Explorer, you can also run the Change Explorer REST API port Fixlet.
In the Description pane of the Fixlet, you can define the new port value to be used by the BigFix Explorer. The accepted values range from 1 to 65534.
The actionscript present in the Fixlet checks at runtime, through the BigFix Agent, that the defined port is not already in use on the machine. If this is the case, the Fixlet fails.
- Changes the
_BESExplorer_HTTPServer_PortNumber
setting. - Alters the firewall rule (both on Linux and Windows) replacing the port number with the new one.
- Restarts the BigFix Explorer service.
Enabling and managing the logging
It is possible to enable the logging for the BigFix Explorer using the
_BESExplorer_Logging_EnableLogging
setting.
It is also possible to specify the log path to be used by the BigFix Explorer using the
_BESExplorer_Logging_LogPath
setting.
It is also possible to specify which log levels are enabled for the BigFix Explorer using
the _BESExplorer_Logging_EnabledLogs
setting.
From the Edit Computer Settings menu of the BigFix Console, you can set the values for these settings.
Default Value | 1 (Enabled) |
Setting Type | Boolean |
Value range | 0 (Disabled) - 1 (Enabled) |
Component Affected | Explorer |
Default Value |
|
Setting Type | String |
Component Affected | Explorer |
Default Value | critical |
Setting Type | String |
Value range | critical - debug |
Component Affected | Explorer |
Use the Enable Explorer verbose log Fixlet to enable the verbose logging on the BigFix Explorer.
The Enable Explorer verbose log Fixlet sets
the _BESExplorer_Logging_EnabledLogs
setting to enable all logs.
Use the WARNING: Explorer verbose log is enabled Fixlet to disable the verbose logging on the BigFix Explorer.
The WARNING: Explorer verbose log is enabled
Fixlet sets the _BESExplorer_Logging_EnabledLogs
setting to "critical".
Setting the authentication session timeout
It is possible to set a dedicated authentication session timeout for the BigFix Explorer.
After this timeout expires, if no interaction occurs between the logged on user and BigFix
Explorer, the user will have to reauthenticate in HTTPS mode using BigFix Explorer. To
customize this timeout, use the _BESDataServer_ExplorerLoginTimeoutMinutes
setting on the BigFix Server.
The default value is 5 minutes.
From the Edit Computer Settings menu of the BigFix Console, you can set the value for this setting.
Default Value | 5 Minutes |
Value range | 0 - 4,294,967,295 |
Setting Type | Numeric (minutes) |
Component Affected | Server |