000024601 - Why does the RSA ClearTrust Agent log its configuration parameters more than once?

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 22, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000024601
Applies ToRSA ClearTrust Agent 4.6 for Microsoft IIS
RSA ClearTrust Agent 4.6 for Apache on Microsoft Windows
Microsoft Windows
IssueWhy does the RSA ClearTrust Agent log its configuration parameters more than once?
ResolutionPlease note that the following explanation was verified against RSA ClearTrust Agent version, but may apply to older agent versions as well.

In IIS, the agent is loaded at startup time. The agent picks up the configuration parameters and initializes. These configuration details are logged. First, the global configuration information is logged. If any virtual host is defined (webagent.conf), the configuration information for the virtual host is logged again. This is done because apart from inheriting the global configuration, the virtual host might override any global configuration or have extra configuration parameters. Therefore, it would appear that the agent for IIS is logging configuration information more than once. To see where logging for virtual host starts, look for the string "Configuration for [*:*:*]" in your log, or enable 'Massive' logging and look for "For Virtual Host [".

In Apache for Microsoft Windows, assuming there is only one agent virtual host (webagent.conf), the initialization information would appear to have been logged six times. This is because in Windows, Apache forks another child process (see Task manager). Both parent and child processes initialize the agent. Apache actually does initialization in 2 passes; configtest first, then if configtest succeeds, the real initialization. Therefore, from what we know about the agent, each Apache process should dump the congif information 4 times:

- Twice for configtest (global and the virtual host)

- Twice for actual initialization (global and virtual host)

Therefore, for 2 Apache processes on Windows, the total number of times the dump should occur is 8. However, while initialization happens in the parent process, the agent is able to detect the configtest pass, and so elects not to dump the information at that stage. This results in only 2 actual dumps by the parent process (at the real initialization stage). Therefore, the parent process dumps only twice. The initialization in the child process happens subsequent to the parent process. However, at this point, the agent is unable to detect the configtest pass, and therefore dumps the config information 4 times (twice for configtest and twice for actual initialization).

NOTE: This information regarding the functionality of the agent applies regardless of patch
Legacy Article IDa27294