Collecting Replicated Agent Authentication Records on the Primary Instance

The RSA Authentication Manager primary instance checks log records at regular intervals for new authentication records and information on the authentication agents that are installed in your deployment. You can use these collected records to run the List All Installed Agents report. Authentication Manager looks for timestamps that are later than the last time that it checked the log files, unless you define an offset value to collect earlier records that were delayed by replication. By default, the offset value is 0 hours.

For example, suppose that a replica instance authenticates a user at 10:59 AM. The primary instance checks the log files for authentication records at 11:00 AM, and the replica instance sends data to the primary instance at 11:10 AM. When the primary instance checks the log files again, at 11:00 PM, it looks for authentication records with a timestamp that is 11:00 AM or later. If you set the offset value to 1 hour, then the primary instance looks for records with timestamps that are later than 10:00 AM, and it collects the replicated authentication record from 10:59 AM.

Before you begin

  • You must be an Operations Console administrator.
  • Obtain the rsaadmin operating system password for the primary instance.
  • Secure shell (SSH) must be enabled on the primary instance. For instructions, see Enable Secure Shell on the Appliance.


  1. On the primary instance, log on to the appliance using an SSH client.

  2. Change directories:

    cd /opt/rsa/am/utils

  3. Type the following command, and press ENTER:

    ./rsautil store -o admin -p password$ -a update_config ims.agent.monitor.offset time GLOBAL 503


    admin is the Operations Console administrator user name.

    password is the Operations Console administrator password. For security reasons, instead of entering your password on the command line, you can wait for the utility prompt you for it.

    time is the offset in hours to check for new agent authentication records that were synchronized after the last time that Authentication Manager checked log files. For example, 1 hour.

    You do not need to restart the server.