Collecting Replicated Agent Authentication Records on the Primary Instance
The RSA Authentication Manager primary instance checks log records at regular intervals for new authentication records and information on the authentication agents that are installed in your deployment. You can use these collected records to run the List All Installed Agents report. AM looks for timestamps that are later than the last time that it checked the log files, unless you define an offset value to collect earlier records that were delayed by replication. By default, the offset value is 0 hours.
For example, suppose that a replica instance authenticates a user at 10:59 AM. The primary instance checks the log files for authentication records at 11:00 AM, and the replica instance sends data to the primary instance at 11:10 AM. When the primary instance checks the log files again, at 11:00 PM, it looks for authentication records with a timestamp that is 11:00 AM or later. If you set the offset value to 1 hour, then the primary instance looks for records with timestamps that are later than 10:00 AM, and it collects the replicated authentication record from 10:59 AM.
Before you begin
- You must be an Operations Console administrator.
- Obtain the rsaadmin operating system password for the primary instance.
- Secure shell (SSH) must be enabled on the primary instance. For instructions, see Enable Secure Shell on the Appliance.
Procedure
On the primary instance, log on to the appliance using an SSH client.
Change directories:
cd /opt/rsa/am/utils
- Type the following command, and press ENTER:
./rsautil store -o admin -p password$ -a update_config ims.agent.monitor.offset time GLOBAL 503
Where:
admin is the Operations Console administrator user name.
password is the Operations Console administrator password. For security reasons, instead of entering your password on the command line, you can wait for the utility prompt you for it.
time is the offset in hours to check for new agent authentication records that were synchronized after the last time that Authentication Manager checked log files. For example, 1 hour.
You do not need to restart the server.
Related Articles
How to change hostname in RSA Authentication Manager 7.1? Number of Views How to enable authentication by Primary RSA ACE/Server from Agent Host; How to troubleshooting Primary Name Resolution Number of Views Primary Instance Number of Views Quick Setup is hanging on the replica server at transferring data from the primary RSA Authentication Manager 8.x instance Number of Views Provisioning Form fails with 'An error occurred loading the fields for the form' error while running in RSA Governance & L… Number of Views
Trending Articles
Passwordless Authentication in Windows MFA Agent for Active Directory – Quick Setup Guide RSA Authentication Manager 8.9 Release Notes (January 2026) RSA Authentication Manager Upgrade Process RSA Authentication Manager 8.7 SP2 Setup and Configuration Guide An example of SSO using SAML and ADFS with RSA Identity Management and Governance 6.9.x
