Common Admin Tasks

Updating the ESM License

  1. Using a web browser, navigate to http://localhost:18080/esm/ where 18080 is the port you configured ESM Server on. If accessing from a machine other than the server, you must specify the hostname or IP address of the ESM Server in place of localhost. You should be presented with a screen requesting a license file

    ESM Server First Launch

  2. Click Browse to navigate and select your ESM license file.

  3. Click Upload, then click Renew License.

  4. The License Holder and Expiry Date should be updated with the new license details.

    ESM Licence Applied

  5. Click Refresh. You should see the main ESM Web Application screen.

Terminating sessions

Important Note

Sessions with an ESM type of SYS cannot be terminated from the user interface, regardless of the settings configured within the terminateSpec.yaml file.

ESM 2020 introduces enhanced security and configuration capabilities for terminating sessions. The functionality to terminate sessions from the ESM user interface requires the configuration of the terminateSpec.yaml file. This functionality is disabled by default.

To enable the session terminate capability remove the .template extension from the terminateSpec.yaml template file which is found in the bin folder of the agent.

The terminateSpec.yaml file uses regular expressions to match the name of the process that is requested to be killed and the owning user of the process that is to be killed. The configuration in the terminateSpec.yaml file extends the security capabilities that are found in the ESM user interface.

Property Name Values Notes
processFilterRegex Regular expression pattern to match the process command line.
userFilterRegex Regular expression pattern to match the process
canBeTerminated Boolean parameter about whether the process that matches the above two rules can be terminated.

An example terminate spec block for a SAS9 environment on Linux might look like the following:

terminateSpec:
  - processFilterRegex: .*SASFoundation\/9.4\/sas.*
    userFilterRegex: ''
    canBeTerminated: true

The above example allows any privileged user in ESM to kill any SAS session, where that process is owned by any user, and where the installed path of SAS is something like /opt/sas/software/SASFoundation/9.4/.

ESM Server Database Management

Database Backups

ESM uses a PostgreSQL relational database as its data server. You can use standard PostgreSQL data backup procedures to back up and restore the database used by ESM. For example, you could use the pgAdmin graphical user interface for manual backups, or you can integrate the pg_dump utility into scheduled scripts for automatic backups.

Note

ESM ships with a modified version PostgresSQL 12.

To back up using the pg_dump utility:

  • Run pg_dump to export the ESM database:

    $ cd /path/to/esm-server/pgsql/bin
    $ ./pg_dump -h localhost -p 15432 -U esm -d esm > /backup/path/esm-data-postgres.sql
    

  • Archive the exported database file per your organization's standards.

Database Restore

The text file containing the SQL that is created by pg_dump can be read in by the psql utility. To restore a backup of the ESM Server database:

  • Run psql to import the ESM server database:
    $ cd /path/to/esm-server/pgsql/bin
    $ ./psql -h localhost -p 15432 -U esm -d esm < /backup/path/esm-data-postgres.sql