000033181 - How to generate a report from CLI for the Last Updated Auto Reg status for Agents with Auto Registration enabled in RSA Authentication Manager 8.X

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support on Nov 26, 2019
Version 3Show Document
  • View in full screen mode

Article Content

Article Number000033181
Applies ToRSA Product Set: SecurID
RSA Product/Service Type: RSA Authentication Manager
RSA Version/Condition: 8.X

IssueThis article provides steps to generate a report from the CLI that lists the last updated auto reg status for agents that have auto registration enabled in RSA Authentication Manager 8.1.

TasksDownload and install an SSH client, such as PuTTy, for connecting remotely to the RSA Authentication Manager server and accessing the operating system.

Enable SSH to log on to the appliance operating system using Secure Shell (SSH), using the steps below:
  1. In the Operations Console, click Administration > Operating System Access.
  2. In the SSH Settings section, select the checkbox for each NIC on which SSH needs to be enabled.
  3. If multiple NICs are configured, SSH can be enabled on more than one NIC.
  4. Click Save.
ResolutionThe steps below show how to generate a report via command line for the last updated auto reg status for agents with auto-registration enabled in Authentication Manager 8.1:
  1. Logon to the Authentication Manager server, either with an SSH session or directly on the server using the rsaadmin account.
  2. Navigate to the /opt/rsa/am/utils directory as the rsaadmin user.
  3. Create a read-only user for database access using the command below:

./rsautil manage-readonly-dbusers -a create -o <OC_admin_username> -u <read-only_database_user_name> -i <IP_address_of_client_machine>
-n <IP_mask>

Note the following information when entering the command:

  • The OC_admin_username is the Operations Console administrator's name.
  • The read-only_database_user_name is the user name specified for the read-only user.
  • The IP_address_of_client_machine is the IP address of the user's client machine.
  • The IP_mask is the mask to include a range of IP addresses (optional).

Below is an example showing how to create a read-only database user in Authentication Manager 8.1 that can be used to run custom SQL queries:

rsaadmin@primary81:/opt/rsa/am/utils> ./rsautil manage-readonly-dbusers -a create -o <Operations Console admin user name> -u <read-only user name> -i <IP address of client machine> -n <subnet mask>
Enter Operations Console (OC) password: <enter the password for the Operations Console admin user defined above>
Enter password for the read-only database user: <enter the password for the read-only user defined above>
Confirm password for the read-only database user: <re-enter the password for the read-only user defined above>
Executing action: 'create'.
Trusted Root SSL CA certificate was copied in file '/opt/rsa/am/utils/RSAAMTrustedRootSSLCA.crt'.
'create' action complete.

As an example,

rsaadmin@primary81:/opt/rsa/am/utils> ./rsautil manage-readonly-dbusers -a create -o rsaadmin -u Testuser1 -i -n


  1. Upon successful creation of the read-only database user, create a text file in /opt/rsa/am/utils with an appropriate name, for example; AutoregAgentlist.sql.
  2. Copy the SQL statement below into the text file and save the changes.

SELECT Shost.Name as Hostname,Shost.PRIMARY_IP as IPaddress,Sagent.LAST_UPDATED_AUTO_REG

  1. In /opt/rsa/am/utils, use the following command to generate a .csv output file named AutoregAgentList.csv using SQL script named AutoregAgentlist.sql:

/opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U <read-only database user> AutoregAgentlist.sql -o AutoregAgentlist.csv

  1. When prompted enter the password created for the read-only database user from Step 3.
  2. Review the AutoregAgentlist.csv output file.