Pan Agent Expire setting

u2343 · ‎01-04-2010

Hi,

I see in the logfile the information :

2010 01 04 10:07:25, ########################### Start Pan-Agent #############################
2010 01 04 10:07:25, Add Domain: ce
2010 01 04 10:07:25, Num. of Threads: 40
2010 01 04 10:07:25, GroupMemebers cache flag is 1.
2010 01 04 10:07:25, Add DNS-style Domain: xxxxx.com
2010 01 04 10:07:25, Add NetBIOS Domain: xx
2010 01 04 10:07:25, Full expire is disabled.
2010 01 04 10:07:25, Max DC is 10.
2010 01 04 10:07:25, Check DC is disabled.
2010 01 04 10:07:25, Configured DC[1]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Configured DC[2]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Configured DC[3]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Configured DC[4]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Configured DC[5]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Configured DC[6]: xxx.xxx.xxx.xxx
2010 01 04 10:07:25, Ip mapping cache is enabled.

What does this mean? I have set the age-out timeout enabled and set for 45 min. But i experince that this is not working.

I have disabled the netbios probing also.

Regards,

Osman Bor

nrice · ‎01-04-2010

Hello Osman,

Our Engineering department reports that there is a new configuration item in the 3.0.x config.xml for the PAN Agent: <enable-full-expire>0</enable-full-expire>. The default value is 0 which means that this feature is disabled. The feature can be manually enabled by changing the value to 1 in the config.xml file and the age-out timer will always be enabled regardless of the Netbios probing. In 2.1.x, if the Netbios probing is disabled, the age-out timer is disabled as well. To make a change a to the default value, you'd need to stop the PAN Agent, locate the config.xml file in the PAN Agent file, either modify the existing entry (changing 0 to 1) or add the entry <enable-full-expire>1</enable-full-expire> then restart the Agent.

View solution in original post

nrice · ‎01-04-2010

Hello Osman,

Our Engineering department reports that there is a new configuration item in the 3.0.x config.xml for the PAN Agent: <enable-full-expire>0</enable-full-expire>. The default value is 0 which means that this feature is disabled. The feature can be manually enabled by changing the value to 1 in the config.xml file and the age-out timer will always be enabled regardless of the Netbios probing. In 2.1.x, if the Netbios probing is disabled, the age-out timer is disabled as well. To make a change a to the default value, you'd need to stop the PAN Agent, locate the config.xml file in the PAN Agent file, either modify the existing entry (changing 0 to 1) or add the entry <enable-full-expire>1</enable-full-expire> then restart the Agent.

u2343 · ‎01-06-2010

Thanks for the answer. This wil solve my problem.

Also is there any documentation about the meaning of the other settings of the config.xml file?

Regards,

O. Bor

nrice · ‎01-07-2010

Most of the items in the 'config.xml' can be configured through GUI and the local help file explains the usage.

The following items can only be configured by manually modifying the 'config.xml' file.

1. <max-dc>10</max-dc>

. The Maximum domain controllers pan agent can connect to.

. Default value is 10.

. Maximum value is 100.

2. <enable-dc-validation>0</enable-dc-validation>

. Whether or not to check the validation of the configured dc.

. Default value is 0 (disabled).

. Value 1 enables dc validation.

3. <enable-ip-cache>1</enable-ip-cache>

. Whether or not to enable ip-username mapping cache. (If enabled, pan-agent service will write ip-username mapping data to the file 'user_ip_map.txt' when it gets stopped; then after it gets restarted, pan-agent service will reload the ip-username mapping data from the cache file if it has not been stopped for over 5 minutes).

. Default value is 1 (enabled).

. Value 0 disables IP cache.

Unlock your full community experience!

Pan Agent Expire setting

Pan Agent Expire setting

Show your appreciation!