The following sections help you enable and manage archiving locally:
When you finish creating your Messenger system, the Installation program can start the Messenger agents for you. To start the Archive agent manually, do the following:
In a terminal, become root.
Run the following:
systemctl start gwm-nmaa.service
If you want to archive the conversations of all Messenger users, select Archive Sessions on the General page of the Default Policy object, as described in Editing the Default User Policy. After you edit the default policy, you must stop and then start the Messenger agents in order to put the modified policy into effect throughout your Messenger system. Thereafter, the next time users log in to the Messenger system, their conversations are archived.
If you want to archive the conversations of some users but not others, you must create a policy that lists the users whose conversations you want to archive, as described in Creating a User Policy. You do not need to stop and then start the Messenger agents after creating the new policy. The next time the users governed by the policy log in to the Messenger system, their conversations are archived.
When users' conversations are being archived, the GroupWise Messenger client displays a page icon notifying users that their conversations are being logged into the archive.
The Messenger archive is a single archive containing the conversations of all Messenger users for whom archiving is enabled. Therefore, access to the archive should be granted only to users who can appropriately view everyone's conversations. Users who can search the Messenger archive must be added to the Messenger access control list (ACL).
In the GroupWise Admin console, navigate to Messenger > MessengerService > Settings > Archive Settings; in the Archive ACL heading, click Add.
Browse to and select those users that you want to grant access to the Messenger archive.
Click Save.
Restart the Archive Agent to put the access control list into effect.
Have authorized users log out and back in to the Messenger system in order to add the Search Archive item on the File menu.
In the GroupWise Admin console, navigate to Messenger > MessengerService > Archive Agents, and select the Archive Agent.
The table below summarizes the Archive Agent configuration settings in the Archive Agent object property pages and how they correspond to Archive Agent startup switches (as described in Using Archive Agent Startup Switches):
Table 5-1 Archive Agent Configuration Settings
|
GroupWise Admin console Properties Pages and Settings |
Corresponding Tasks and Startup Switches |
|---|---|
|
General Page |
|
|
Work Path |
|
|
Enable Messenger Services |
Turns on and turns off the availability of archiving and archive searching for Messenger users. |
|
Enable SNMP |
See Using SNMP Monitoring Programs. See also /nosnmp. |
|
Agent Settings Page |
|
|
IP Address DNS Host Name Bind to This Address Client/Server Port Message Transfer Port Description |
Displays the Archive Agent server information established during installation. |
|
HTTP Port HTTP Username HTTP Password Enable SSL for Web Console |
Using the Archive Agent Web Console and GroupWise Monitor. See also /httpport, /httpuser, /httppassword, and /httpssl. |
|
Queue Path Passphrase Delay Interval Expire |
See Moving the Archive Queue Directories. See Maintaining the Archive Store. |
|
Log Settings Page |
|
|
Log Level Enable Disk Logging Log Files Path Log Maximum Age Log Maximum Size |
See Using Archive Agent Log Files. See also /loglevel, /log, /logdays, /logmax, and /logdiskoff. |
|
SSL Settings Page |
|
|
Certificate Path SSL Certificate SSL Key File Set Password Enable SSL for Client/Server Enable SSL for Message Transfer Protocol |
See Enhancing Archive Security with SSL Encryption. See also /certpath, /certfile, /keyfile, /keypassword, and /ssl. |
Messenger archive security is initially established with the archive passphrase. The passphrase enables the Archive Agent to encrypt conversations as they are saved on disk.
Secure Sockets Layer (SSL) ensures secure communication between programs by encrypting the complete communication flow between the programs. The Installation program required configuring the messaging agent for SSL encryption, as described in Installing a GroupWise Messenger System
in the GroupWise Messenger Installation Guide.
You can also modify the SSL cipher suite if you need to disable certain ciphers that do not work in your environment. The ciphers suite can be modified both on the Archive Agent and the Messaging agent.
IMPORTANT:Unless you are required to modify the cipher suite for your environment, consider carefully before you make any changes as this decreases the security of your Messenger system.
The cipher list must be in OpenSSL format. For more information on OpenSSL format, see Cipher List Format.
To modify the SSL cipher suite use the /sslciphersuite startup switch.
By monitoring the Archive Agent, you can determine whether its current configuration is meeting the archiving and indexing needs being placed upon it. You have a variety of tools to help you monitor the operation of the Archive Agent:
The Archive Agent Web Console enables you to monitor and control the Archive Agent from any location where you have access to a browser and the Internet. This provides substantially more flexible access than the Archive Agent Web Console, which can only be accessed from the server where the Archive Agent is running.
You can use the same procedure to set up the Archive Agent Web Console as the Messaging Agent Web Console. For instructions, see Using the Messaging Agent Web Console. In addition, you can compress the archive indexes and perform maintenance on the archive from the Web Console.
As with the Messaging Agent, you can access the Archive Agent Web Console console from GroupWise Monitor. For setup and usage instructions, Using GroupWise Monitor.
Error messages and other information about the Archive Agent are written to log files as well as displaying on the Archive Agent console. Log files can provide a wealth of information for resolving problems with Archive Agent functioning. he default location is /var/opt/novell/log/messenger/aa.
You can use the same procedure for Archive Agent log files as for Messaging Agent log files. For instructions, see Using Messaging Agent Log Files.
You can monitor the Archive Agent from the Management and Monitoring component of any SNMP management and monitoring program. When properly configured, the Archive Agent sends SNMP traps to network management consoles for display along with other SNMP monitored programs. It also responds to requests for configuration and status information from SNMP management and monitoring programs.
You can use the same procedure for setting up the Archive Agent as for the Messaging Agent. For instructions, see Using SNMP Monitoring Programs.
To optimize connections between the Archive Agent and Messenger users:
In the GroupWise Admin console, navigate to Messenger > MessengerService > Archive Agents, and select the Archive Agent.
On the Agent Settings tab, fill in the following fields under Performance Preferences to configure how the Archive Agent communicates with Messenger users:
Maximum Number of Users: Specify the maximum number of Messenger users that you want the Archive Agent to be able to search the archive for at once. The default is 5120, which should be adequate for a very large Messenger system.
Client/Server Threads: Specify the number of client/server threads that you want the Archive Agent to start. The Archive Agent uses its client/server threads to search the archive for Messenger users, to communicate with the Messaging Agent in order to receive conversations to archive, and to maintain and index the archive.
The default number of client/server threads is 15. For a large Messenger system with archiving enabled for all users, you could increase the number to 50 or more, depending on the system resources of the server where the Archive Agent is running.
Click Save.
Restart the Messaging Agent to put the new performance settings into effect.
As your Messenger system grows and evolves, you might need to reconfigure the server where the Archive Agent runs or move Archive Agent directories to different locations.
On a server with multiple IP addresses, the Archive Agent binds to all available IP addresses, and Messenger clients can communicate with the Archive Agent on all available IP addresses unless you bind it to a specific address.
You can use the same procedure to bind the Archive Agent as you use to bind the Messaging Agent. See Binding the Messaging Agent to a Specific IP Address.
If you change the IP address or DNS hostname of the server where the Archive Agent is running, you must update the server information for your Messenger system as well.
You can use the same procedure for the Archive Agent as for the Messaging Agent. See Changing the Messaging Server's Network Address.
The Archive Agent uses its working directory for saving various temporary files during archiving and indexing. By default, the Archive Agent and the Messaging Agent share the same working directory if they are running on the same server.
You can use the same procedure to move the Archive Agent working directory as you use to move the Messaging Agent working directory. See Moving the Messaging Agent Working Directory.
Depending on the volume of conversations to archive and the length of time conversations must be retained, the Messenger archive can grow to be quite large. The default location is /var/opt/novell/messenger/aa/store. If necessary, you can move it to a different location where more disk space is available. However, the archive must reside on the same server where the Archive Agent runs.
Stop the Archive Agent.
Copy the Messenger archive (store directory) to the desired location.
In the GroupWise Admin console, navigate to Messenger > MessengerService > Archive Agents, and select the Archive Agent.
In the File Module > Store Path field, browse to and select the new location of the Messenger archive.
Click Save.
Start the Archive Agent.
Delete and regenerate the archive indexes from the Archive Agent console.
When messages are added to the archive store, they are not immediately indexed. Before a user can search for a message in the archive, it must be indexed. You can set when the store starts indexing, the interval time between indexing, and how long a message should be kept in the archive.
Stop the Archive Agent.
In the GroupWise Admin console, navigate to Messenger > MessengerService > Archive Agents, and select the Archive Agent.
On the File Module tab, edit the settings under QuickFinder Maintenance as desired.
In the Delay field, select the number of hours to wait until the first index is created, based upon how many hours after 12 a.m.
In the Update interval field, select the number of hours to wait between indexings.
In the Compress interval field, select the number of hours between QuickFinder compression.
Click Save.
Start the Archive Agent.
When archiving is enabled, the Messaging Agent passes conversations to the Archive Agent when the conversations are completed. If the Messaging Agent cannot communicate with the Archive Agent when it has a conversation to archive, it saves the conversation in its holding directory (queue) until it can communicate with the Archive Agent again. When the Archive Agent receives a conversation to archive, if it is already busy processing other conversations, it temporarily stores the conversation in its holding directory (queue). Either of these holding queues can be moved if necessary.
The default location for the Messaging Agent holding queue is /var/opt/novell/messenger/ma/queue.
To move the Messaging Agent queue:
Stop the Messaging Agent.
If there are conversations waiting to be passed to the Archive Agent, copy the Messaging Agent queue directory and its contents to the desired location.
In the GroupWise Admin console, navigate to Messenger > MessengerService > Messaging Agents, and select the Messaging Agent.
On the Agent Settings tab in the Messaging Queue Path field, browse to and select the new location of the Messaging Agent queue.
Click Save.
Start the Messaging Agent.
The default location for the Archive Agent holding queue is /var/opt/novell/messenger/aa/queue.
Stop the Archive Agent.
While the Archive Agent is stopped, the Messaging Agent is storing conversations to archive in its holding queue.
If there are conversations waiting to be archived in the Archive Agent holding queue, copy the Archive Agent queue directory and its contents to the new location.
In the GroupWise Admin console > Messenger > MessengerService > Archive Agents, select the Archive Agent.
On the Agent Settings tab in the Queue Path field, browse to and select the new location of the Archive Agent holding queue.
Click Save.
Start the Archive Agent.
You can override settings provided in the GroupWise Admin console by using startup switches in the Archive Agent startup file (strtup.aa). The startup file is located in /etc/opt/novell/messenger. You can override startup switches provided in the startup file by using startup switches on the command line. For more information about starting the Archive Agent, see Starting the Archive Agent.
This section contains information on the following Archive Agent startup switches:
The table below summarizes the Archive Agent startup switches and how they correspond to configuration settings in the GroupWise Admin console. These startup switches must begin with a dash (-) when used in the Cross-Platform client.
Table 5-2 Archive Agent Startup Switches
|
Linux Archive Agent |
GroupWise Admin console Setting |
|---|---|
|
SSL Certificate |
|
|
Certificate Path |
|
|
N/A |
|
|
HTTP Password |
|
|
HTTP Port |
|
|
HTTP Username |
|
|
Enable SSL for Web Console |
|
|
Host IP Address with Bind to this Address selected |
|
|
SSL Key File |
|
|
SSL Set Password |
|
|
Log Files Path |
|
|
Log Maximum Age |
|
|
Enable Disk Logging |
|
|
Log Level |
|
|
Log Maximum Size |
|
|
Maximum Number of Users |
|
|
Enable SNMP |
|
|
N/A |
|
|
N/A |
|
|
N/A |
|
|
Client/Server Threads |
Specifies the full path to the certificate file used to provide secure SSL communication between the Archive Agent and other programs. See Enhancing Archive Security with SSL Encryption.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--certfile /dir/file |
|
Example: |
--certfile /certs/gw.crt |
See also /certpath, /keyfile, and /keypassword.
Specifies the full path to the directory where certificate files are stored on your system. See Enhancing Archive Security with SSL Encryption.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--certpath /dir |
|
Example: |
--certpath /certs |
See also /certfile, /keyfile, and /keypassword.
Specifies a Diffie-Hellman cipher parameters file used for SSL/TLS to replace the default parameters set by Messenger. Messenger uses default Diffie-Hellman parameters of 2048 bits to generate the DH key. A valid DH parameter is in PEM format.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--dhparm directory/pemfile |
|
Example: |
--dhparm /var/tmp/dh.pem |
Specifies the password for the Archive Agent to prompt for before allowing Archive Agent status information to be displayed in your browser. Unless you are using SSL encryption, do not use an existing eDirectory password because the information passes over the connection between your browser and the Archive Agent. See Using the Archive Agent Web Console and GroupWise Monitor.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--httppassword unique_password |
|
Example: |
--httppassword AgentWatch |
See also /httpuser.
Sets the HTTP port number used for the Archive Agent to communicate with your browser. The setting must be unique on the server where the Archive Agent runs. See Using the Archive Agent Web Console and GroupWise Monitor.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--httpport port_number |
|
Example: |
--httpport 8314 |
Sets the availability of SSL encryption between the Archive Agent and the Web Console displayed in your browser. Valid values are enable and disable. See Using the Archive Agent Web Console and GroupWise Monitor.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--httpssl setting |
|
Example: |
--httpssl enable |
Specifies the user name for the Archive Agent to prompt for before allowing Archive Agent status information to be displayed in a browser. Providing a user name is optional. Unless you are using SSL encryption, do not use an existing eDirectory user name because the information passes over the connection between your browser and the Archive Agent. See Using the Archive Agent Web Console and GroupWise Monitor.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--httpuser unique_username |
|
Example: |
--httpuser NMWebConsole |
See also /httppassword.
Binds the Archive Agent to a specific IP address when the server where it runs uses multiple IP addresses, such as in a clustering environment. Without the /ip switch, the Archive Agent binds to all available IP addresses and Messenger clients can communicate with the Messaging Agent on all available IP addresses.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--ip IP_address |
|
Example: |
--ip 172.16.5.19 |
Specifies the full path to the private file used to provide SSL encryption between the Archive Agent and other programs. See Enhancing Archive Security with SSL Encryption.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--keyfile /dir/file |
|
Example: |
--keyfile /certs/gw.key |
See also /keypassword.
Specifies the password used to encrypt the private SSL key file when it was created. See Enhancing Archive Security with SSL Encryption.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--keypassword password |
|
Example: |
--keypassword gwssl |
See also /keyfile.
Specifies the directory where the Archive Agent stores its log files. The default location is the \novell\nm\aa\log directory. See Using Archive Agent Log Files.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--log /dir |
|
Example: |
--log /nm/log/aa |
See also /loglevel, /logdays, /logmax, and /logdiskoff.
Specifies how many days to keep Archive Agent log files on disk. The default is 14 days. See Using Archive Agent Log Files.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--logdays days |
|
Example: |
--logdays 30 |
See also /log, /loglevel, /logmax, and /logdiskoff.
Turns off disk logging for the Archive Agent so that no information about the functioning of the Archive Agent is stored on disk. The default is for logging to be turned on. See Using Archive Agent Log Files.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--logdiskoff |
Controls the amount of information logged by the Archive Agent. Logged information is displayed in the log message box and written to the Archive Agent log file during the current agent session. The default is Normal, which displays only the essential information suitable for a smoothly running Archive Agent. Use Verbose to display the essential information, plus additional information helpful for troubleshooting. Use Diagnostic to include code-specific information. See Using Archive Agent Log Files.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--loglevel level |
|
Example: |
--loglevel diagnostic |
See also /log, /logdays, /logmax, and /logdiskoff.
Sets the maximum amount of disk space for all Archive Agent log files. When the specified disk space is consumed, the Archive Agent deletes existing log files, starting with the oldest. The default is 128 MB. See Using Archive Agent Log Files.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--logmax megabytes |
|
Example: |
--logmax 256 |
See also /log, /loglevel, /logdays, and /logdiskoff
Specifies the maximum number of connections between the Archive Agent and Messenger clients. The default is 5120. See Optimizing Connections between the Archive Agent and Messenger Users.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--maxconns connections |
|
Example: |
--maxconns 10000 |
See also /threads.
Disables SNMP for the Archive Agent. The default is to have SNMP enabled. See Using SNMP Monitoring Programs.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--nosnmp |
Sets the level of anonymous product information is sent to OpenText. The level is initially set during the install or upgrade. The following options are available:
0: Turns off anonymous product information collection.
1: Enables basic collection which collects the uptime, product version, OS type, and number of peak users.
2: Enables basic collection additional data collection which adds message traffic, chat room usage, number of conversations, and other similar information.
|
Linux Messaging Agent |
|---|---|
|
Syntax: |
--productinfo=value |
|
Example: |
--productinfo=1 |
Sets the SSL cipher suites used by the Archive Agent, the Messaging Agent, and Messenger clients. The cipher list must be in OpenSSL format. For more information on OpenSSL format, see Cipher List Format
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--sslciphersuite “setting” |
|
Example: |
--sslciphersuite “HIGH:!AECDH:!EXP:@STRENGTH” |
See also /certpath, /certfile, /keyfile, and /keypassword.
Specify a specific SSL protocol to disable. By specifying SSL_OP_NO_TLSv1, GroupWise will disable TLSv1 support. Specify additional options by adding the SSL key work separated by a comma.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--ssloption SSL_protocol |
|
Example: |
--ssloption SSL_OP_NO_TLSv1,SSL_OP_NO_TLSv1_1 |
Specifies the maximum number of client/server threads the Archive Agent can create. The default is 15. See Optimizing Connections between the Archive Agent and Messenger Users.
|
Linux Archive Agent |
|---|---|
|
Syntax: |
--threads number |
|
Example: |
--threads 20 |
See also /maxconns.