1. Get the SIEM_STANDALONE.zip file from CA support and copy SIEM_STANDALONE.zip to PIM_INSTALL_DIR.
The default installation path is C:\Program Files\CA\AccessControlServer.
2. Unzip SIEM_STANDALONE.zip file (C:\Program Files\CA\AccessControlServer)
3. Navigate to 'C:\Program Files\CA\AccessControlServer\EventForwarder\bin', open 'acsiemwrap.ini', and check the below points:
a. Ensure that the command line value has the proper JAVA_HOME value.
Command line = "C:\jdk1.8.0\jdk1.8.0_74\bin\java.exe"
b. Ensure that the working directory value has the proper path where the EventForwarder folder is present.
Working directory = "C:\Program Files\CA\AccessControlServer\EventForwarder\bin"
4. Open the Command Prompt and Navigate to C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin
5. Execute the following command:
set JAVA_HOME=C:\jdk1.8.0\jdk1.8.0_74
Example-
C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin>set JAVA_HOME=C:\jdk1.8.0\jdk1.8.0_74
6. Run the following command:
pwdtools.bat -FIPSKEY -k ../../conf
Example-
C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin>pwdtools
.bat -FIPSKEY -k ../../conf
C:\jdk1.8.0\jdk1.8.0_74\bin\java.exe
The key location is :../../conf\FIPSkey.dat
The secret key is generated successfully.
Note: Please store FIPSKey.dat safely as this will be used in all your encryptio
ns and decryptions in FIPS mode.
C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin>
7. Run the following command:
pwdtools.bat -FIPS -p "Password01" -k ../../conf/FIPSkey.dat
Example-
C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin>pwdtools.bat -FIPS -p "Password01" -k ../../conf/FIPSkey.dat
C:\jdk1.8.0\jdk1.8.0_74\bin\java.exe
Key File location=../../conf/FIPSkey.dat
Plain Text: Password01
Encrypted value: {AES}:d4Wgi7tpJzFvV01YWaCkTA==
C:\Program Files\CA\AccessControlServer\EventForwarder\PasswordTool\bin>
8. From the previous command output, copy the Encrypted value and update the 'userEncPass' value in the 'messageserver.properties' file with the encrypted value. The 'messageserver.properties' file is available at C:\Program Files\CA\AccessControlServer\EventForwarder\conf
9. In the same 'messageserver.properties' file, update the 'ACTIVEMQ_HOME' value. Default value is C:\\ActiveMQ. Modify it if required and save the file.
10. Update the 'standalone.properties' file with SIEM server details. The 'standalone.properties' file is available at C:\Program Files\CA\AccessControlServer\EventForwarder\conf
To update the 'standalone.properties', follow the following instructions:
a. You can configure one SIEM server as primary and one or more SIEM servers as secondary.
b. To configure SIEM server, replace <primarySIEMHost> with the actual SIEM server hostname and <primarySIEMPort> with the actual SIEM server port.
SERVER_CONFIG=TENANT:\nTENANT=1\nENABLE=TRUE\nFORMAT=AUDIT_FORMAT_CEF\nHOST=commonlogging.lb.ssa.gov:10578
11. Open the Command Prompt, and navigate to the folder where the EventForwarder folder is present.
For example, CD C:\Program Files\CA\AccessControlServer\EventForwarder\bin
12. Run the below command to register EventForwarder as a service:
acsiemwrap -install "acsiemwrap" "CA Privileged Access Manager Server Control Event Forwarder (Java)"
Example-
C:\Program Files\CA\AccessControlServer\EventForwarder\bin>acsiemwrap -install "acsiemwrap" "CA Privileged Access Manager Server Control Event Forwarder (Java)"
13. Go to 'services.msc' and start the new service: “CA Privileged Access Manager Server Control Event Forwarder (Java)”.