Configure the CPM Scanner

This topic describes how to configure the CPM Scanner used in the Accounts Discovery process described in .

Configure the CPM Scanner

Configure the CPM Scanner in the CACPMScanner.exe.config file, located in:

<CPM installation folder>/Scanner

You can edit parameters that define the connection to Privilege Cloud, CPM Scanner filters, logs, and optimization.

For details on these parameters, see CPM Scanner parameters file (CACPMScanner.exe.config).

Unix/Linux-specific configuration

When scanning Unix/Linux devices, the CPM scanner uses various parameters in theUnixPrompts.ini configuration file. This file is located in the CPM scanner installation folder (by default: C:\Program Files (x86)\Cyberark\Password Manager\Scanner), the same directory as the CACPMScanner.exe, and can be customized according to the Unix\Linux machine's specific configuration.

You can configure the following parameters in the UnixPrompts.ini file:

Parameter

Description

LoginPassword

A regular expression that matches a password request by the login process.

SudoPassword

A regular expression that matches a password request by a Unix/Linux system when using sudo. The CPM scanner uses this regular expression to match the request in order to run commands using sudo.

SudoError

A regular expression that matches an error received when commands are run using sudo. The CPM scanner uses this regular expression to match the sudo errors.

The following parameters enable the CPM scanner to support Unix/Linux flavors for which the required files are located in non-standard folders. If the CPM scanner does not find a file in the default path, it uses the relevant path parameter to search for it.

Specify the parameters in the table below in the Paths section of the UnixPrompts.ini file. In each parameter, specify the full path, including the file name, as shown in the following example:

 
[Paths]
sudoerPath=/usr/local/etc/sudoers

Separate multiple paths with a semicolon (;).

Parameter

Description

passwdPath

A list of paths to the possible location of the passwd file.

groupPath

A list of paths to the possible location of the group file.

shadowPath

A list of paths to the possible location of the shadow file.

sudoerPath

A list of paths to the possible location of the sudoers file.

Stop/Start the CPM Scanner

The CPM Scanner service is installed on the CPM machine automatically during the CPM installation.

When you are not working with the Accounts Feed you can disable the scanning functionality to reduce the workload on Privilege Cloud.

Stop the CPM Scanner service:

Start the CPM Scanner service:

  1. On the CPM machine, from the Start menu, select Settings, then Control Panel.

  2. From the list of Control Panel options, select Administrative Tools, then Services; the Services window appears.

  3. Start the CyberArk Central Policy Manager Scanner service.

CPM Scanner logs

All activities that are carried out by the CPM Scanner service are written in log files and stored in subfolders of the Password Manager installation folder.

The following log files contain the activities of the CPM Scanner.

File

Description

CACPMScanner.log

Contains informational messages and errors that refer to CPM Scanner function. This log is meant for the system administrator who needs to monitor the status of the CPM Scanner. This log file is stored in the Logs subfolder of the Password Manager installation folder.

Once the log size reaches 200MB, it is moved to an archive folder. By default, the folder is found at C:\Program Files (x86)\CyberArk\Password Manager\Logs\Archive.

DNAConsole.log

Indicates when the discovery process began and information about any general errors that occurred. This log file is stored in the Scanner\Log subfolder of the Password Manager installation folder.

DNATrace-<timestamp>-PM.log

Contains detailed information about each scan. The timestamp represents the date and time when the discovery process started. This log file is stored in the Scanner\Log subfolder of the Password Manager installation folder.

Activities carried out in discoveries that were not completed successfully are stored in a specific discovery log and can be viewed in the Discovery Management page.