List of settings and detailed descriptions

Some of the configuration settings are commonly used and they have tasks already documented in the BigFix Support site for your assistance. If such a task exists, it is indicated along the Task available ? row in the tables which you can use. If no task exists, create the configuration setting manually.

Note: The component restart is required ONLY if explicitly mentioned in the Component restart required ? field. If the Component restart required ? field does not exist in the setting details, then the component restart is NOT required.

Making a configuration setting

You can make a configuration setting in two ways: through the BES Console or manually on the endpoint.

Through the BES Console
  1. Open the BES console and navigate to the Computer section under the All Content domain.
  2. Select the computer(s) to which you want to apply the configuration settings.
    Note: To change a configuration setting for the server or relays using this mechanism, you must select the computer(s) that have the server or relays installed.
  3. Right-click the computer(s) and choose Edit Computer Settings.
  4. Create a custom setting using a Name and Value pair from the configuration table.
  5. Click OK to send the configuration setting through an action named Change Multiple Settings or a similar one.

    The setting takes effect after the action is complete.

  6. View the computer's updated setting. To view the updates, right-click the computer and select Edit Computer Settings or click the computer in the computer list and then select the Summary tab. Then, scroll down to the Client Settings section.

Manually on the endpoint

The client configuration settings are maintained as keys in the Windows registry at the following location: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\BigFix\EnterpriseClient\Settings\Client. To update the settings, do the following steps:
  1. Create a key at the registry location and give it a name.
  2. Create a string value (REG_SZ type) named value within the key.
  3. Set the value data within the value.
For guidance, review the already existing client setting keys.
Note: On Windows, you do not need to stop the BESClient service to apply the client setting manually. However, some settings may not take effect until the BESClient service is restarted. On Unix/Linux, you must stop the BESClient service to manually apply the configuration setting in the besclient.config file.

Description, values, and references

For information related to parallel FillDB configuration, see Configuring parallel FillDB.

Plugin Portal

Name/Description References Values Component(s) affected Version(s) applicable
_BESPluginPortal_Log_Verbose
If set to 1 it enables verbose logging on the Plugin Portal for troubleshooting purposes. This setting increases the information written to the existing BESPluginPortal.log file and should not be left on during normal operation.
The Plugin Portal
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) or 1 (enabled)
Component restart required ? No
Plugin Portal 10 and later
_BESPluginPortal_HTTPServer_LogFilePath

The full path to the Plugin Portal log file.

The Plugin Portal
Default value <Plugin Portal InstallDir>\ BESPluginPortal.log (Windows)

/var/log/ BESPluginPortal.log(Linux)

Setting type String
Component restart required ? Yes
Plugin Portal 10 and later
_BESPluginPortal_PersistentDeviceReport_ClientCertPath
In case MongoDB is configured for TLS/SSL, this client setting defines the full path of the client x.509 certificate file that the Plugin Portal must use for connecting to the MongoDB.
The Plugin Portal
Setting type String
Component restart required ? Yes
Plugin Portal 10 and later
_BESPluginPortal_PersistentDeviceReport_CACertPath
In case MongoDB is configured for TLS/SSL, this client setting defines the full path of the Certificate Authority file that the Plugin Portal must use to validate the certificate presented by the MongoDB.
The Plugin Portal
Setting type String
Component restart required ? Yes
Plugin Portal 10 and later
_BESPluginPortal_ManagementRights_MinRefreshInterval
When enabled, it controls the minimum frequency at which the Plugin Portal evaluates the management right actions. By default, it is disabled.

If enabled, the devices managed by the Plugin Portal will report faster on the BigFix console but changes against the operator management rights will not be evaluated immediately.|

The Plugin Portal
Default value 0 (disabled)
Setting type Numeric (Hours)
Value range 1 - 8,760 (1 hour - 365 days)
Task available ? No
Component restart required ? Yes

Plugin Portal

10 Patch 1 and later

_BESPluginPortal_Performance_ExcludeCustomSitesSubscription
When enabled (1, default value), the Plugin Portal adds an additional filter to exclude the subscription to Custom Sites for the devices it discovers. For more details, see Custom Site management.
Custom Site management
Default value 1 (enabled)
Setting type Boolean
Value range 0 (disabled) - 1 (enabled)
Task available ? No
Component restart required ? Yes

Plugin Portal

10 Patch 4 and later

Top

Inspector behavior

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Inspector_ActiveDirectory_Refresh_Seconds
Controls the frequency at which the BigFix client polls the Active Directory information.
Active Directory property updating
Default value 43,200 (12 hours)
Setting type Numeric (Seconds)
Value range 1,200 - 2,147,483,648 (20 minutes - ~25K days)
Task available ? No
Component restart required ? No
Client All
_BESClient_Inspector_AdminPrivilegeFromToken
Enable this setting if you have user accounts belonging to a local domain group and the local domain group belongs to the administrators group. If this setting is not enabled, the administrative privileges of these user accounts are not correctly retrieved. This setting is not enabled by default, set this setting to "1" to enable.

Among other business needs, you should enable this setting also when the Active Directory security groups information is not correctly retrieved by the BigFix client.

Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled - 1 (enabled)
Task available ? No
Component restart required ? No
Client 9.5.9 and later
_BESClient_Inspector_RPMForceCacheRefresh
Set to 1 to force the refresh of the rpm inspector cache. In this case, when the rpm inspector is invoked, if the last time the rpm cache was refreshed exceeded 60 minutes, it forces a refresh to the rpm cache to exclude any mismatch between cached information and actual operating system rpm status.
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) - 1 (enabled)
Platform Linux/AIX
Component restart required ? No
Client All
_BESClient_Inspector_RPMDisableCache
Set to 1 to disable the rpm inspector cache. In this case, if the child process is enabled, seriously degraded client performance should be expected.
Note: The cache operation is independent from the child process. In particular, the cache may be enabled even if the child process is disabled.

Managing Downloads

Problems experienced when attempting to start the Unix/Linux BigFix Client after installation

Stopping the BESClientUI from running on every local user session on a Citrix Server

Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) - 1 (enabled)
Platform Linux/AIX
Component restart required ? No
Client All

_BESClient_Inspector_DisableWMI

This setting will disable the use of any inspectors that make calls to the Windows WMI. WMI has been found to cause problems on some computers, especially older versions of Windows (95 and 98). Problems include high CPU usage and 'blue screen' crashing of Windows. WMI is used by some optional retrieved properties.

High Disk I/O and/or CPU on the client related to WMI queries
Default value 0 (disabled)
Setting type Boolean
Value range 1 (true) - WMI inspectors disabled

0 (false) - WMI inspectors enabled

Task available ? No
Client 9.2 and later

Top

Action execution

Name/Description References Values Component affected Version(s) applicable
_BESClient_ActionManager_PrefetchPlugInTimeoutSeconds
This configuration setting enables to customize the amount of time that the client waits, after executing a prefetch plug-in, for the plug-in to generate an answer. The time is expressed in seconds.

Prefetch plug-in took too long

Linux Prefetch Plug-in Management and related Messages in Client Log

The client logs contains a prefetch plug-in error that prevents the Fixlet from completing successfully. What is causing the error? What should I do?

Default value 60
Setting type Numeric (seconds)
Value range 60 - 6,000
Platform All
Component restart required ? No
Client All
_BESClient_ActionManager_PresentOfferAfterAllConstraints
To control the Client behavior when managing actions configured as an offer. If set to 1 (True), the offer is presented to the user on the Client UI at action start time. If set to 0 (False), the offer is presented to the user on the Client UI as soon as the action is received by the Agent (BESClient).
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform Windows and Mac
Component restart required ? No
Client 9.5.7 and later
_BESClient_ActionManager_UIMissingHoldMode
To control client behavior for actions with "don't care" user constraint and UI to display. This setting is very useful when you have remote clients connecting to the computer and the remote sessions with an error of User interface process unable to launch (XX.YYYY) for user '' Example User interface process unable to launch (22.1008) for user '' This usually indicates an error condition of the connection to the remote connection was present, but was terminated. We are not able to detect the user name being used because the abandoned user connection was left active but not terminated correctly. Other examples and information related to this are conditions of abandoned session tokens.
User interface process unable to launch
Default value "failed"
Setting type String
Values "none" "failed" "all"
  • "none" - automatically run the action if the only UI sessions are disabled or failed.
  • "failed" - hold the action in a pending message state if there are UI sessions that are failed.
  • "all" - hold the action in a pending message state if there are UI sessions that are failed or disabled.
Task available ? No
Platform All
Component restart required ? Yes
Client All
_BESClient_ActionManager_PendingRestartExclusions

String(s) residing in the registry key X which are to be ignored by the BigFix Client when determining if a restart is needed.

The strings must be separated by semicolons and the last string must have a terminating semicolon (for example "exclude1;exclude2;exclude3;").

With the setting _BESClient_ActionManager_PendingRestartExclusions=:; all entries in the Microsoft registry key HKLM\System\CurrentControlSet\Control\Session ManagerPendingFileRenameOperations are ignored because every entry is a path containing always a colon.
Note: The strings are case sensitive.
Determining if a restart is needed
Default value Blank
Value range NA
Task available ? No
Platform Windows
Component restart required ? No
Client All
_BESClient_ActionManager_LocaleEnable
This configuration setting will enable BigFix Clients to display non-English messages if the translation files are in place (IEM 6.0+).
Default value 1 (enabled)
Setting type Boolean
Value range 1 (enable), 0 (disable)
Task available ? Yes
Platform Linux, Unix
Component restart required ? Yes
Client All

Top

Action management

The settings described in this section are made on the BigFix Client to configure how actions are run locally.

Settings affecting data download on the Client

Whenever an action requiring the download of one or more than one files is taken, the target agent prevents the action from running on the client if the total size of the downloads associated to the action exceeds the value set in _BESClient_Download_SizeLimitMB, and the Client is not connected to a preferred relay.

The Client installed on the Server and the Client/Relay do not consider the setting _BESClient_Download_SizeLimitMB, allowing always the download (on the Relay/Client the condition is true when the Relay is active).

The connected relay is a preferred relay if:

  • The relay selection associated to the Client is the Manual Relay Selection, and the connected relay is the primary or the secondary relay.
  • The relay selection associated to the Client is the Automatic Selection with Affiliation, and the connected relay is member of an affiliation group belonging to the affiliation list. The number of affiliation groups belonging to the affiliation list can be configured using the setting _BESClient_PreferredRelay_MaxAffiliationsToCheck. The special affiliation group "*" is never used for setting a preferred relay.
  • The connected relay is either in the same sub-network of the client, or the number of network hops from the Client to the relay is lower than the value configured in the setting _BESClient_PreferredRelay_MaximumHopCount. In this case there is no dependency from the relay association method selected on the Client.
Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_PreferredRelay_MaxAffiliationsToCheck
Use this setting to specify the number of affiliation groups, belonging to the affiliation list, to consider when evaluating the preferred relay. By default any member of the first group in the affiliation list is a preferred relay.
Default value 1
Setting type Numeric
Value range 1 - 255
Task available ? No
Component restart required ? No
Client 9.5.9 and later
_BESClient_PreferredRelay_MaximumHopCount
Use this setting to specify the maximum number of network hops from the client to the preferred relay. The number of network hops from the client to the preferred relay must be lower than the value specified in this setting. By default, if the connected relay is in the same sub-network of the Client, it is a preferred relay.
Note: By setting the value to 0, this setting considers the Relays in the same sub-network as not preferred.
Default value 1 (adjacent sub-network)
Setting type Numeric (number of hops)
Value range 0 - 255
Task available ? No
Component restart required ? No
Client 9.5.9 and later

Settings affecting wait and waithidden commands on the client

You can use the wait command, as part of an action, to wait for the completion of a specific process or program before continuing with the next actionscript command. You can also use the waithidden command to run the process or program in a hidden window. When defining the wait command, you can optionally specify an override section to change some of the default behaviors, represented by keywords, that are applied at runtime on the target Clients. If you do so the different behavior applies only to the program or process triggered by that wait or waithidden command on all the clients where the action runs. The settings listed in the following table allow you to define the default behavior for timeout and disposition on a specific client for all the programs or processes triggered by any wait or waithidden commands, unless it is specified differently in an override section of that specific wait or waithidden command definition.

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_ActionManager_OverrideTimeoutSeconds
Use this setting to define on the specific Client how many seconds the action processing must wait for the completion of the wait or waithidden command's process before timing out. When the timeout elapses, the behavior specified in the disposition is applied to the wait or waithidden command's process, the overall action stops processing and exits in Timeout Reached status.
Default value 0
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.5.11 and later
_BESClient_ActionManager_OverrideDisposition

Use this setting to define on the specific Client what to do with the processes or programs triggered by any wait or waithidden command once the timeout elapses.

The available values are:
  • abandon, to disassociate the wait or waithidden command's process from the remainder of the actions.
  • terminate, to kill the wait and waithidden command's process.
Default value abandon
Setting type String
Value range abandon, terminate
Task available ? No
Client 9.5.11 and later

Top

Archiving client files

This allows the BigFix Administrator to automatically log data from specific managed computers.

For details, see Archiving Client files on the BigFix Server.

Archive Manager

For detailed description about Archive Manager, see Archive Manager.

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_ArchiveManager_OperatingMode
The OperatingMode dictates the style of archiving, allowing periodic or triggered archiving.
Archive Manager
Default value 0
Setting type Numeric
Value range
  • 0 - Disables all archival operations
  • 1 - Automatic with a period = BESClient_ArchiveManager_IntervalSeconds
  • 2 - Enables the archive now action command. To allow a custom action to post client attributes to an archive file, make sure the OperatingMode is set to 2.
Task available ? No
Client 9.2 and later
_BESClient_ArchiveManager_FileSet-<tag>
This setting (or a group of settings with optional tags) specifies the files to be archived. This technique lets you specify multiple named batches of files. Each setting starts with "_BESClient_ArchiveManager_FileSet-" and ends with a batch name (the <tag> part).

The value of each setting is a path on the client file system. It can be a single file, in which case that file is part of the archive; a single directory, in which case all files in the directory will be part of the archive; or a directory path ending with wild cards, in which case all files in the directory matching the wild cards will be part of the archive. For example, the setting _BESClient_ArchiveManager_FileSet-(log), representing all the log files in a temporary log folder, could have a value like c:\temp\log. Everything after the dash (-) is used as the default prefix of the files as they are unpacked on the root server. Therefore a file named x.log in the c:\temp\log folder would be unpacked as (Log)x.log.

Archive Manager
Default value None
Setting type String
Client 9.2 and later
_BESClient_ArchiveManager_SendAll
This setting allows you to send just the archives that have changed, avoiding redundant uploads. There are two possible values for this setting. The Default value of 0 is recommended for most applications.
Archive Manager
Default value 0
Setting type Boolean
Value range
  • 0 - Only send files that have changed since the last archive operation
  • 1 - Send all files, even if they have not changed.
Task available ? No
Client 9.2 and later
_BESClient_ArchiveManager_MaxArchiveSize

This setting limits the size (in bytes) of the uploaded archive. Because a typical archive might be composed of several files, the archive size corresponds to the sum of the file sizes. If the limit is exceeded, an archive that contains only the index file is created and uploaded by the Archive Manager. The index contains the following header line: MaxArchiveSize: Exceeded Copy.

Archive Manager
Default value 1,000,000 (one million bytes). Starting in BigFix version 8.0, the file system is 64-bit. This means that the actual maximum file size is 264 – 1, sufficient for any reasonably sized file.
Setting type Numeric (bytes)
Value range 0 - (264– 1)
Task available ? No
Client 9.2 and later
_BESClient_ArchiveManager_IntervalSeconds
When the OperatingMode is set to 1, this setting determines the interval at which the client triggers an archive.
Archive Manager
Default value 86,400 seconds (24 hours)
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.2 and later

Top

Post file

The PostFile program receives the chunks of files posted by the Upload Manager and appends them to its own copy of the file. The Upload Manager specifies the range of bytes being posted and the sha1 of the file, which is used as the filename. For details about the configuration settings related to this component, see Post File in BigFix Configuration Settings.

For details, see PostFile.

Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_PostFile_ThrottleKBPS

The PostFile component of BigFix uses this setting for controlling throttle values for the incoming data.

The value of the setting can be adjusted for varying connection speeds or other network anomalies. When PostFile communicates with the Upload Manager, it passes along this value. If there is a conflict between any two computers over these settings, it favors the smaller value.

Bandwidth throttling
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? No
Relay, Root server 9.2 and later
_BESRelay_PostFile_ChunkSize

The PostFile component of BigFix uses this setting for controlling the chunk size of incoming data.

The value of the setting can be adjusted for varying connection speeds or other network anomalies. When PostFile communicates with the Upload Manager, it passes along this value. If there is a conflict between any two computers over these settings, it favors the smaller value.

Bandwidth throttling
Default value 0
Setting type Numeric (in bytes)
Value range 1,024 - (264- 1)

Any value between 1 and 1,023 is reset to 1,024.

Task available ? No
Relay, Server 9.2 and later

Top

Upload Manager

The Upload Manager coordinates the sending of files in chunks to the Post File program. You can throttle the upload dataflow to conserve bandwidth. The file system uses 64-bits, sufficient for file sizes of up to 264 – 1 bytes in length.

Note: BigFix Inventory and BigFix License Metric Tool upload a lot of data from the BigFix Clients. If you plan to use any of these two applications you are suggested to specify a value for the settings _BESRelay_UploadManager_BufferDirectoryMaxSize and _BESRelay_UploadManager_BufferDirectoryMaxCount described in the following table to limit the disk space usage.
Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_UploadManager_AllowConsoleUploads
Controls the ability to upload files as "console uploads" to the relay. Set it to 1 to re-enable.
Note: Enabling this type of upload is not secure because the relay does not require any sort of authentication.
Upload Manager
Default value 0 (disabled)
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? No
Relay, Root server 9.5 and later
_BESClient_UploadManager_BufferDirectory
The input buffer directory of the Upload Manager. This directory is on the client computer, in the BigFix Client folder.
Upload Manager
Default value None
Setting type String
Task available ? No
Component restart required ? No
Client 9.2 and later
_BESClient_UploadManager_ChunkSize
Uploads are done one chunk at a time. In a conflict between this computer and the upstream computer, the size of the chunk is set to the smaller of the two. The local chunk size setting is specified in bytes.
Upload Manager
Default value 131,072 (128KB)
Setting type Numeric (bytes)
Value range 1,024 - 4,294,967,295
Note: If you set a value less than 1,024, it is automatically reset to 1,024.
Task available ? No
Component restart required? Yes
Client 9.2 and later
_BESClient_UploadManager_ThrottleKBPS
After each chunk is uploaded, the Upload Manager calculates the amount of time to sleep to maintain the throttle speed in kilobytes per second (ThrottleKBPS). This allows you to compensate for network bottlenecks. For example, a BigFix client that is connected over a slow VPN to the relay might have a low upload throttle rate to minimize the bandwidth on that network segment. In a conflict between this computer and the upstream relay (or server), the throttle KBPS is set to the smaller of the two.
Upload Manager
Default value 0 (Disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? No
Client 9.2 and later
_BESRelay_UploadManager_BufferDirectory
Like the BigFix Client, the BigFix Relay also has an Upload Manager, and it also has a buffer directory, whose path is specified by this setting. The Upload Manager uploads the files in the sha1 subdirectory of the specified directory. It sorts the files by modification time and then, just like the BigFix Client, it uploads them in chunks to smooth out the bandwidth requirements.
Upload Manager
Default value None
Setting type String
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later
_BESRelay_UploadManager_BufferDirectoryMaxSize

Denotes the maximum amount of space on disk that can be used to store the data uploaded from the BigFix Clients using the Upload Manager. You can specify this setting on the BigFix Server or on the BigFix Relays. Depending on the role of the system in the BigFix topology, the behavior of this setting differs as follows:

BigFix Relay

You can set the maximum file size to be as large as 264 – 1 bytes. The default value is 1 GB. A check against this setting is run every time a new file is received.

BigFix Server

By default, the setting is not specified on the system, meaning that the maximum size of the Buffer Directory is unlimited. Specify this setting to define a threshold size for the Buffer Directory. You must remove the setting to restore the default value. The BigFix Server checks every 15 minutes if the size of the Buffer Directory exceeds the value set in _BESRelay_UploadManager_BufferDirectoryMaxSize. If this check is true, the BigFix Server does not accept any additional uploaded files. Change the value of the setting either manually or using the appropriate Fixlet, or reduce the content of the Buffer Directory to resume uploading files.
Note: Starting from version 9.5 Patch 5, the _BESRelay_UploadManager_BufferDirectoryMaxSize checking is listed among the prerequisite checks for running the upgrade. For more information, see Upgrading on Windows systems or Upgrading on Linux systems.
Upload Manager
Default value
  • 1 Gbyte, on relay and on the server until 9.5.4
  • 264 – 1, on the server starting from 9.5.5
Setting type Numeric (bytes)
Value range 0 - 264 – 1
Task available ? Yes
Component restart required ? No
Relay, Root server 9.2 and later
_BESRelay_UploadManager_BufferDirectoryMaxCount

Denotes the maximum number of files that the Upload Manager Buffer Directory is allowed to store. You can specify this setting on the BigFix Server or on the BigFix Relays. Depending on the role of the system in the BigFix topology, the behavior of this setting differs as follows:

BigFix Relay

A check against this setting is run every time a new file is received.

BigFix Server

By default the setting is not specified on the system, meaning that the maximum number of files in the Buffer Directory is unlimited. Specify this setting to define a threshold to the number of files stored in the Buffer Directory. You must remove the setting to restore the default value.

The BigFix Server checks every 15 minutes if the number of uploaded files stored in the Buffer Directory exceeds the value set in _BESRelay_UploadManager_BufferDirectoryMaxCount. If this check is true, the BigFix Server does not accept any additional uploaded files. Change the value of the setting either manually or using the appropriate Fixlet, or reduce the content of the Buffer Directory to resume uploading files.
Note: Starting from version 9.5 Patch 5, the _BESRelay_UploadManager_BufferDirectoryMaxCount checking is listed among the prerequisite checks for running the upgrade. For more information, see Upgrading on Windows systems or Upgrading on Linux systems.
Upload Manager
Default value
  • 10,000 on both server and relay, up to version 9.5.4.
  • 264- 1 on the server (later than version 9.5.4)
Setting type Numeric
Value range 0 - 264 – 1
Task available ? Yes
Component restart required ? No
Relay, Root server 9.2 and later
_BESRelay_UploadManager_CompressedFileMaxSize
This setting denotes the amount of space of the largest compressed file the Upload Manager is allowed to handle. You can set the maximum file size to be as large as 264 – 1 bytes. It applies only to the server and it is evaluated during the decompression of the uploaded archive.
Upload Manager
Default value 20,971,520 (20 MB)
Setting type Numeric (bytes)
Value range 0 - 264- 1
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later
_BESRelay_UploadManager_ChunkSize
Uploads are done one chunk at a time. In a conflict between this computer and the upstream computer, the size of the chunk is set to the smaller of the two.
Upload Manager
Default value 131,072 (128 KB)
Setting type Numeric (bytes)
Value range 1,024 - 4,294,967,295
Note: If you set a value less than 1,024, it is automatically reset to 1,024.
Task available ? No
Component restart required ? Yes
Relay, Root server 9.2 and later
_BESRelay_UploadManager_ThrottleKBPS
After each chunk is uploaded, the Upload Manager calculates the amount of time to sleep to maintain the throttle speed in kilobytes per second (ThrottleKBPS). This allows you to compensate for network bottlenecks. For example, a BigFix relay that is connected over a slow VPN to the server might have a low upload throttle rate to minimize the bandwidth on that network segment.

In a conflict between this computer and the upstream server (or relay), the throttle KBPS is set to the smaller of the two.

The default value is 0, which disables throttling.

Upload Manager
Default value 0 (Disabled)
Setting type Numeric (KBPS)
Value range 1 - 65,536
Task available ? No
Component restart required ? No
Relay, Root server 9.2 and later
_BESRelay_UploadManager_CleanupHours
Sometimes archived files accumulate but do not get uploaded. This might happen with a network outage, a downed server or other communication problem. To avoid overloading the system, these old files are deleted or cleaned up. This setting determines how old a file can get before it is deleted.
Upload Manager
Default value 72
Setting type Numeric (hours)
Value range 0 - 4,294,967,295
Relay, Root server 9.2 and later

Top

Gathering content

Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_GatherMirror_UpstreamCheckPeriodMinutes
This setting controls the minimum amount of time a relay (or a root server in DSA deployments) will wait between checking for new versions of sites. In a network with full connectivity, this polling behavior will be unimportant, because relays will always receive notifications when new sites become available. But when notifications get missed, this polling behavior allows a relay to "catch up". The downside to polling too frequently is that it can drive unnecessary load into the parent. The polling will only be done in response to a client request, so if none of a relay's children are asking for a site, it won't go upstream to check for the site, even if its polling period has expired. Note that a "request" in this case means any query about the status of the site -- so a command polling request from a Client can trigger this upstream check even though it's not directly requesting any sites. This setting does not directly control a "relay gather interval", as there is no such thing. The Relay only initiates gather requests in response to notifications received from its parent or gather requests received from one of its children. However, if a Relay has many children, gather requests will come in frequently, and the amount of time between upstream checks will end up being very close to the minimum amount of time specified by this setting.
Default value 360
Setting type Numeric (number of minutes)
Value range 0 - 4,294,967,295
Task available ? No
Relay 9.2 and later
_BESGather_Download_CheckParentFlag
When a file is requested from the BigFix Relay, it can either download the file from the BigFix Server or download the file directly from the Internet. If this setting is set to 1 (True), then the BigFix Relay will first attempt to download the file from the BigFix Server.
Note: This setting should stay at 0 (False) for the BigFix Server.

Setting up a proxy connection

Relay downloads patch from Internet directly instead of gathering from BigFix Server

How to have Relays download content directly from the Internet

Default value BigFix Server: 0 (False) BigFix Relay: 1 (True)
Setting type Boolean
Value range 1 (True) - Check the BigFix Server first to download the file 0 (False) - Do not check the BigFix Server when to download the file
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_CheckInternetFlag
When a file is requested from the BigFix Relay, it can download the file directly from the Internet instead of from the BigFix Server. If this setting is set to 1 (True), then the BigFix Relay will first attempt to connect to the BigFix Server (if the _BESGather_Download_CheckParentFlag is set to 1) then directly connect to the Internet if the download from the BigFix Server fails.
Note: This setting should stay at 1 (True) for the BigFix Server.

Setting up a proxy connection

Relay downloads patch from Internet directly instead of gathering from BigFix Server

How to have Relays download content directly from the Internet

Default value BigFix Server: 1 (True) BigFix Relay: 0 (False)
Setting type Boolean
Value range 1 (True) - Download the file directly from the Internet 0 (False) - Do not download the file directly from the Internet
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_CacheLimitMB
BigFix Gather will cache downloaded files on the BigFix Server or BigFix Relay computer so that the file will not need to be downloaded again if the action is reissued. This setting will specify how many MB to cache before overwriting the old files. When the cache is full, the least recently used files will be replaced. This setting requires a restart of the BES Relay Service.
Default value 1,024
Setting type Numeric (MB)
Value range 1 - 4,294,967,296
Task available ? Yes
Server, Relay 9.2 and later
_BESGather_Download_RetryMinutes
When BigFix Gather fails to download a file from the Internet or its parent during an action, it will wait for the specified amount of time then try again.
Default value 10
Setting type Numeric (minutes)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_RetryLimit
When BigFix Gather fails to download a file from the Internet or its parent during an action, it will retry the specified number of times (each time it will double the amount of time it waited to retry the last time).
Default value 6
Setting type Numeric (retry limit)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_ChannelThreshold
BigFix Gather can simultaneously download two files at a time by using one "main channel" and one "thin channel". The main channel is used for all downloads, but if the main channel is currently downloading a large file, the thin channel can be used to download smaller files if the download size is less than the specified threshold. If this setting is set high, BigFix Gather will use the thin channel to download larger files, which could slow down actions because two large files may be downloading at the same time (each using half the bandwidth) instead of one file after the other. If this setting is set low, the thin channel will be used for only very small file downloads.
Default value 500,000
Setting type Numeric (bytes)
Value range 1 - 100,000,000 (Set to 0 to disable the thin channel)
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_InactivityTimeout
When the BigFix Gather service is downloading a file from the Internet or its parent, it sometimes will experience some inactivity because of network problems, disconnections, etc. When there is inactivity, BigFix Gather will wait for the specified number of seconds to receive more data before aborting the download.
Note: This setting is deprecated starting from BigFix Version 9.0.
Default value 300
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295 (Set to 0 to disable time-out mechanism)
Task available ? No
Server, Relay 9.2 and later
_BESGather_Download_TimeoutSeconds
With this value, you specify the maximum amount of time since the last activity on the connection. The BigFix Gather service waits for the specified number of seconds before aborting the download operation. After the download connection is established, if the time since the last activity is greater than the value set in this parameter, the download operation is aborted.
Default value 30
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay 9.5.7 and later
_GatherService_ForwardGet_UserAgentOverride
This string determines the User-Agent: string in the HTTP headers that the BES Gather Service uses. This can be used to help work strict proxy configurations.
Default value None
Setting type String
Value range N/A
Task available ? No
Component restart required ? Yes
Server, Relay, Agent 9.2 and later

Top

HTTPS
Name/Description References Values Component(s) affected Version(s) applicable
_BESGather_Use_Https

You can use the the HTTPS protocol to get license updates or gather external sites directly on a BigFix server or in an airgapped environment. To enable the HTTPS protocol, set the client keyword _BESGather_Use_Https to 1. After enabling HTTPS, you can create or download a package of certificates that you want to trust. The BigFix server validates the certificates during its gathering process.

Customizing HTTPS for Gathering
Default value 2
Setting type Numeric
Value range
  • 0 - The server uses the protocol defined in the URL.
  • 1 - The server tries to gather all sites using the HTTPS protocol only.
  • 2 - The server first tries to gather all sites using the HTTPS protocol. If the server fails to gather a site using HTTPS, it will try to gather again using the HTTP protocol.
Task available ? No
Component restart required ? Yes
Server 9.5 and later
_BESGather_CACert
Path of the downloaded set of trusted certificates.
Customizing HTTPS for Gathering
Default value None
Setting type String (path)
Server 9.5 and later

Top

Deployment Encoding

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_DeploymentEncoding_IANAName
This setting is mandatory on each BigFix V9.5 client in environments where the version of BigFix installed on the server is earlier than V9.5. It specifies the deployment encoding to use when communicating with the infrastructure. The value for this setting defaults to "windows-1252" on Mac clients. Other available values are: windows-874, windows-932/Shift_JIS, windows-936/GBK, windows-949/windows-949-2000, windows-950/Big5, windows-1250, windows-1251, windows-1252, windows-1253, windows-1254, windows-1255, windows-1256, windows-1257, windows-1258.
Note:
This setting is ignored on the client side beginning in version 9.5.
  • Mac and Android use UTF-8 and can not be changed by setting this option.
  • Unix default is determined by the client locale environment variables (ex: LC_ALL or LC_CTYPE).
  • Windows default is determined by the language for non-Unicode programs selected in the Windows control panel.
On the server side, this setting is required on Linux and a specific warning is logged if the setting is missing. It's used as default value for _BESClient_FxfEncoding_IANAName.

Login BigFix Console failed with error - 'The application's codepage (932) is not same as server's codepage (1252)'

BigFix client backward compatibility

BigFix support for Unicode characters

Default value Empty
Setting type String
Value range Standard IANA values
Platform All
Component restart required ? Yes
Client, Server All

Top

Logging

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_EMsg_Detail
This configuration setting will enable the BigFix Client debug log that will give information about the BigFix Client activity. The higher the level of detail, the greater the detail of the messages that are put into the file and/or NT event log.
Note: Setting this value too high can cause the log file to grow extremely quickly filling up disk space.
Data Collection: BigFix Client
Default value 0 (none)
Setting type Numeric (detail level)
Value range 0 - 10,000
  • 0 - none
  • 1 - critical error
  • 10 - debug
  • 10,000 - verbose
Task available ? Yes
Client 9.2 and later
_BESClient_EMsg_File
Full path to file to store activity messages. If empty string and the computer is not Win9x, activity messages are added to the NT event log. If you change the name or the path of this file, to avoid character display problems, ensure to use names that have only standard ASCII characters and not extended ASCII characters.
Note: The _BESClient_EMsg_Detail setting must be greater than 0 to use this option.
Data Collection: BigFix Client
Setting type String (full path)
Task available ? Yes
Client 9.2 and later
_BESClient_EMsg_MaxSize
Defines the maximum size of the single client debug log file.
Note: Starting from Version 10 Patch 1, when the file reaches the maximum size, the log file is rotated. This means that the whole disk usage for the logs will be eleven times the value of this setting.
Data Collection: BigFix Client
Default value 52,428,800(50 MB)
Setting type Numeric (bytes)
Value range 0 - 104,857,600(100 MB)
Platform All
Client 9.2 and later
_BESClient_Log_MaxSize
Size of daily log file. When the log becomes this big, it is renamed to 'date'.back (unless this file already exists) and then the log for the day is restarted. Result is that for any particular day, you have the first part of the day, and the last part of the day.
Data Collection: BigFix Client
Default value 512,000
Setting type Numeric (bytes)
Value range 0 - 4,294,967,295
Task available ? No
Client 9.2 and later
_BESClient_Log_Days
Number of days to save Client log files.
Data Collection: BigFix Client
Default value 10
Setting type Numeric (days)
Value range 1 - 366
Task available ? No
Client 9.2 and later
_BESRelay_Log_Verbose
A non-zero value will enable verbose logging on the BigFix relay for troubleshooting purposes. This setting increases the information written to the existing logfile.txt and should not be left on during normal operation especially on the root server where its performances can be compromised.
Enabling debug/verbose logging for the BES Root Server and BES Relay services
Default value 0 (disabled)
Setting type Boolean
Value range (True) - Enable Verbose Logs 0 (False) - Disable Verbose Logs
Task available ? No
Relay
_BESClient_LinuxPatch_enable_debug_log
This configuration setting will:
  • Enable/disable DEBUG mode for deployment logs (EDR_DeploymentResults.txt), which generates on BigFix client (/var/opt/BESClient/EDRDeployData) while patching.
  • Generate/delete EDR deployment files like EDR_Yumconfig, EDR_RepomdRequest, EDR_RepomdMapping, EDR_RepoRefresh, EDR_MetadataRequest, and EDR_MetadataMapping on BigFix client after patching.
Default value 0 (disabled)
Setting type Boolean
Value range
  • 0
    • Disable DEBUG mode for deployment logs while patching.
    • EDR deployment files are deleted after patching.
  • 1
    • Enable DEBUG mode for deployment logs while patching.
    • EDR deployment files are retained even after patching is completed.
Task available ? No
Client 9.2 and later
Auditing
Name/Description References Values Component(s) affected Version(s) applicable
_BESRootServer_Audit_Verbosity

It controls whether SSL connections are logged in the server audit log. Specify _BESRootServer_Audit_Verbosity = all to log the all information about both failed and successful SSL connections. Specify _BESRootServer_Audit_Verbosity = null or remove the option from the settings to disable the logging of SSL connections.

You can specify this setting either in the besclient.config file or on the Console by accessing the Computers domain, right-clicking the Client where you want to log SSL information and selecting Edit Settings.

Default value None
Setting type String
Value range all, null
Task available ? No
Server components All

Top

CPU Usage

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Resource_WorkIdle
The BigFix Client works (evaluate relevance) for a designated amount of time then sleeps for a designated amount of time. This setting controls how many milliseconds to work before going to sleep in each cycle. If this number is high in comparison to the _BESClient_Resource_SleepIdle setting, then the BigFix Client will evaluate Fixlet relevance faster, but the CPU usage is higher.

Virtualized environments and virtual machines

Configuring Client CPU Utilization

Default value 10
Setting type Numeric (milliseconds)
Value range 1 - 500
Task available ? Yes
Platform All
Client All
_BESClient_Resource_WorkNormal
The BigFix Client controls the CPU work limit in normal evaluation mode. It represents the number of milliseconds to work to balance CPU when in normal mode. By default the BigFix Client works for 50 milliseconds, then sleeps for 50 milliseconds (_BESClient_Resource_SleepNormal) when in normal mode.
How should I configure the Bigfix Client to run on an virtual server that hosts multiple images?
Default value 50
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Component restart required ? No
Client All
_BESClient_Resource_SleepIdle
The BigFix Client works (evaluate relevance) for a designated amount of time then go to sleep for a designated amount of time. This setting controls how many milliseconds to sleep after working in each cycle. If this number is high in comparison to the _BESClient_Resource_WorkIdle setting, then the BigFix Client takes longer to evaluate Fixlet relevance, but the CPU usage is lower.
Configuring Client CPU Utilization
Default value 480
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Task available ? Yes
Client All
_BESClient_Resource_SleepNormal
The BigFix Client controls the CPU sleep interval in normal evaluation mode (as opposed to 'Idle' mode). It represents the number of milliseconds to sleep after evaluating for _BESClient_Resource_WorkNormal milliseconds. The BigFix Client only sleeps for up to 1000 milliseconds to balance the CPU usage.
How should I configure the Bigfix Client to run on an virtual server that hosts multiple images?
Default value 50
Setting type Numeric (milliseconds)
Value range 1 - 3,600,000 (1 hour)
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_QuietEnable
Quiet mode causes the BigFix Client to not actively process Fixlets, send in reports, respond to commands, etc. It will basically sit idle until the wakeup time is enabled. A BigFix Client can be put in quiet mode for a maximum of 20 hours a day.
Note: If you put a BigFix Client in quiet mode, it will not send any reports to the BigFix Server or respond to any commands so use caution when enabling this setting.
Virtualized environments and virtual machines
Default value 0 (false)
Setting type Boolean
Value range 1 (True) - enable quiet mode 0 (False) - disable quiet mode
Platform All
Task available ? No
Client All
_BESClient_Resource_QuietSeconds
If quiet mode is enabled, you can specify the number of seconds the BigFix Client should stay quiet. This number must be greater than 0 and less or equal to 72000 (20 hours) in order for the BigFix Client to enter quiet mode. In quiet mode, the BigFix Client checks once a minute to determine if the quiet time has elapsed. However, the BigFix Client will quickly respond to service shutdown requests at any time.
Virtualized environments and virtual machines
Default value 0
Setting type Numeric (seconds)
Value range 0 - 72,000(20 Hours)
Platform All
Task available ? No
Client All
_BESClient_Resource_QuietStartTime
If quiet mode is enabled, you can specify a time for the BigFix Client to enter quiet mode. Set the time as a string in the form hh:mm where hh is number between 0 and 23, and mm is a number between 0 and 59. This is the local time for which the BigFix Client will quiet down to no activity. If the value is not properly formatted, the client will not enter quiet mode.
Virtualized environments and virtual machines
Default value None
Setting type String
Value range hh:mm
Platform All
Task available ? No
Client All
_BESClient_Resource_InterruptSeconds
When a BigFix Client receives a UDP message but is too busy processing a relevance clause, this configuration setting determines the length of time the BigFix Client will wait before it stops evaluating the relevance clause to deal with the UDP message.
Default value 60
Setting type Numeric (seconds)
Value range 1 - 600
Platform All
Task available ? Yes
Client All
_BESClient_Resource_StartupNormalSpeed
It sets the new client to do work (evaluate relevance) until it gets through a complete pass of all the content. In this way a new client can subscribe to sites and complete a full first pass quickly.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? Yes
Client All
_BESClient_Resource_PowerSaveDeepSleepEnable
It sets the client in deep sleep mode for a designated amount of time. The client ignores UDP messages, queuing them except for send client alert request message. When setting to 1, the client switches to the deep sleep mode.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_AccelerateForPendingMessage
This setting affects how _BESClient_Resource_PowerSaveEnable behaves when it receives UDP messages. When set to 1, the client avoids sleeping when it detects pending commands. That is, the client wakes up immediately if there are pending commands. When setting to 0, the client always waits for timer expiration.
Note: This setting does not affect the _BESClient_Resource_PowerSaveDeepSleepEnable setting in any manner.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveEnable
It sets the client in sleep mode for a designated amount of time. The client continues to process the UDP messages based on the value set for _BESClient_Resource_AccelerateForPendingMessage. When set to 1, the client switches to the simple sleep mode. This option is useful for tablets and laptops.
Default value 0
Setting type Boolean
Value range 0 or 1
Task available ? No
Platform All
Component restart required ? No
Client All
There are six values of BESClient_Resource_PowerSaveTimeoutX (where X ranges from 0 to 5) that control how many minutes the client sleeps; they will be applied based on both Network and Power Supply conditions.
Network Power Applied timeout Default value
Connected AC or Battery - High BESClient_Resource_PowerSaveTimeout0 10
Connected Battery - Medium BESClient_Resource_PowerSaveTimeout1 20
Connected Battery - Low BESClient_Resource_PowerSaveTimeout2 60
Not connected AC or Battery - High BESClient_Resource_PowerSaveTimeout3 720
Not connected Battery - Medium BESClient_Resource_PowerSaveTimeout4 1,440
Not connected Battery - Low BESClient_Resource_PowerSaveTimeout5 2,880
In cases where the network is "Connected", if there is at least one network interface with internet connection, the battery power is evaluated as follows:
OS Battery - High Battery - Medium Battery - Low
Windows / OS X BatteryLifePercent > 66% 33% <= BatteryLifePercent <= 66% BatteryLifePercent < 33%
Unix / Android BatteryLifePercent = 100% 100% <= BatteryLifePercent <= 20% BatteryLifePercent < 20%
Note:
  • For enterprise servers (which usually do not have a battery), only _BESClient_Resource_PowerSaveTimeout0 and _BESClient_Resource_PowerSaveTimeout3 are used.
  • These parameters take effect only if _BESClient_Resource_PowerSaveEnable or _BESClient_Resource_PowerSaveDeepSleepEnable is set to 1.
_BESClient_Resource_PowerSaveTimeout0
This setting controls how many minutes the client sleeps when the network is present at high power.
Virtualized environments and virtual machines
Default value 10
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveTimeout1
This setting controls how many minutes the client sleeps when the network is present at medium power.
Virtualized environments and virtual machines
Default value 20
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveTimeout2
This setting controls how many minutes the client sleeps when the network is present at low power.
Virtualized environments and virtual machines
Default value 60
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveTimeout3
This setting controls how many minutes the client sleeps when the network is not present at high power.
Virtualized environments and virtual machines
Default value 720
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveTimeout4
This setting controls how many minutes the client sleeps when the network is not present at medium power.
Virtualized environments and virtual machines
Default value 1440
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Resource_PowerSaveTimeout5
This setting controls how many minutes the client sleeps when the network is not present at low power.
Virtualized environments and virtual machines
Default value 2,880
Setting type Numeric (minutes)
Value range 0 - 2,147,483,647
Task available ? No
Platform All
Component restart required ? No
Client All
_BESClient_Query_WorkTime

This setting is used, together with _BESClient_Query_SleepTime, to configure the QnA CPU throttling. It determines how long the QnA processing a query runs before sleeping.

Query
Default value 10
Setting type Numeric (milliseconds)
Value range 1 - 500
Platform All
Component restart required ? No
Client 9.5 and later
_BESClient_Query_SleepTime

This setting is used, together with _BESClient_Query_WorkTime, to configure the QnA CPU throttling. It determines how long the QnA processing a query sleeps before continuing to run.

Query

Run WebUI Query request with REST API

Default value 480
Setting type Numeric (milliseconds)
Value range 1 - 3,600,000
Component restart required ? No
Platform All
Client 9.5 and later
_BESClient_Resource_WorkFastHashVerify
The BigFix client controls the CPU work limit, in fast evalutation mode. This setting shows the milliseconds of the CPU work.
Default value 20 milliseconds
Setting type Numeric
Value range 1 millisecond - 500 milliseconds
Component restart required ? No

Client

10 Patch 2

_BESClient_Resource_SleepFastHashVerify
The BigFix client controls the CPU sleep interval, in fast evalutation mode. This setting shows the milliseconds of CPU sleep, after evaluating for the _BESClient_Resource_WorkFastHashVerify value in milliseconds.
Default value 60 milliseconds
Setting type Numeric
Value range 1 millisecond - 1 hour (1000*60*60 milliseconds)
Component restart required ? No

Client

10 Patch 2

Top

Proxy agent

Name/Description References Values Component(s) affected Version(s) applicable
_ProxyAgent_ManagementRights_MinRefreshInterval
When enabled, it controls the minimum frequency at which the Proxy Agent evaluates the Management Rights actions. By default it is disabled. If enabled, the devices managed by the Proxy Agent will report faster on the BigFix console but changes against the operators management rights will not be evaluated immediately.
Default value 0 (disabled)
Setting type Numeric (Hours)
Value range Value range 1 - 8,760 (1 hour - 365 days)
Task Available No
Component restart required ? Yes
Proxy agent From 9.5.16

Proxy configuration

Client
Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Comm_ProxyServer
Sets the hostname that is used to reach the proxy.
Setting up a proxy connection on a client
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Client All
_BESClient_Comm_ProxyPort
Sets the port that is used to communicate with the proxy.
Setting up a proxy connection on a client
Default value None
Setting type Numeric
Value range 0 - 65,535
Platform All
Component restart required ? No
Client All
_BESClient_Comm_ProxyUser
Sets the user name that is used to authenticate with the proxy if the proxy requires authentication.
Setting up a proxy connection on a client
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Mandatory ? No (depending on the authentication method)
Client All
_BESClient_Comm_ProxyPass
Sets the password that is used to authenticate with the proxy if the proxy requires authentication.
Setting up a proxy connection on a client
Default value None
Setting type String
Value range N/A
Platform All
Component restart required ? No
Mandatory ? No (depending on the authentication method)
Client All
_BESClient_Comm_ProxyManualTryDirect
Specifies whether direct connections can be used. This setting applies if the connection to the proxy uses the hostname or IP Address and port number that are specified in _BESClient_Comm_ProxyServer and _BESClient_Comm_ProxyPort. These values are available:
Setting up a proxy connection on a client
Default value 0
Setting type Numeric
Value range 0 - 2
0
Do not try direct connection.
1
Try direct connection if a proxy connection cannot be established.
2
Try direct connection first.
Platform All
Component restart required ? No
Mandatory ? No
Client All
_BESClient_Comm_ProxyAutoDetect
Specifies whether the system uses the proxy configuration settings that are specified for Internet Explorer.
Important: Ensure that at least one user is logged in to the client to be able to get the Internet Explorer configuration settings.
Setting up a proxy connection on a client
Default value 1
Setting type Boolean
Value range 0 - 1
0
Use the values that are specified in _BESClient_Comm_ProxyServer and _BESClient_Comm_ProxyPort.
1
Use the Internet Explorer configuration settings.
Component restart required ? No
Platform Windows
Mandatory ? No
Client All
_BESClient_Comm_ProxyAutoDetectTryDirect
Specifies whether direct connections can be used when the system uses the proxy configuration settings that are specified for Internet Explorer. This setting is valid only if _BESClient_Comm_ProxyAutoDetect = 1.
Setting up a proxy connection on a client
Default value 1
Setting type Numeric
Value range 0 - 2
0
Do not try direct connection.
1
Try direct connection if a proxy connection cannot be established.
2
Try direct connection first.
Platform Windows
Component restart required ? No
Mandatory ? No
Client All
AutoProxyRawProxyList
Specifies a blank space delimited list of proxies to try to connect to.
Note: This setting is saved in the registry under the following key HKLM\Software\BigFix\EnterpriseClient\GlobalOptions and not user-configured. The information provided here is only for troubleshooting purposes.
Setting up a proxy connection on a client
Default value None
Setting type String
Value range NA
Platform Windows
Component restart required ? No
Mandatory ? No
Client All
AutoProxyRawBypassList
Specifies a blank space delimited list of URLs to contact directly without passing through the proxy. You can use the "*" as a wildcard.
Note: This setting is saved in the registry under the following key HKLM\Software\BigFix\EnterpriseClient\GlobalOptions and not user-configured. The information provided here is only for troubleshooting purposes.
Setting up a proxy connection on a client
Default value None
Setting type String
Value range NA
Platform Windows
Component restart required ? No
Mandatory ? No
Client All

Top

Server/Relay

Name/Description References Values Component(s) affected Version(s) applicable
_Enterprise Server_ClientRegister_ProxyServer
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the hostname used to reach the proxy.

Setting up a proxy connection on a relay

BigFix server cannot gather external sites (error: 17NotASignedMessage)

Software Distribution task fails with error "Unexpected HTTP Response 502"

Default value None
Setting type String
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyPort
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the port used by the proxy server.

Setting up a proxy connection on a relay

BigFix server cannot gather external sites (error: 17NotASignedMessage)

Default value None
Setting type Numeric
Value range 0 - 65,535
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyUser
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the username used to authenticate with the proxy if the proxy requires authentication.

Setting up a proxy connection on a relay

BigFix server cannot gather external sites (error: 17NotASignedMessage)

Default value None
Setting type String (username)
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxyPass
A BigFix relay can be set up to use a proxy server when downloading files. This could be useful if there is a proxy between the BigFix relay and the BigFix server or if the BigFix relay is connecting directly to the internet for downloads and must use a proxy. This setting controls the password used to authenticate with the proxy if the proxy requires authentication. Warning: The password will be stored in plain text within the registry.

Setting up a proxy connection on a relay

Best practices to consider when defining a proxy connection

BigFix server cannot gather external sites (error: 17NotASignedMessage)

Default value None
Setting type String
Value range N/A
Task available ? No
Server, Relay 9.2 and later
_Enterprise Server_ClientRegister_ProxySecureTunnel
If set, it defines whether or not the proxy is enforced to attempt tunneling. By default the proxy does not attempt tunneling.
Best practices to consider when defining a proxy connection
Default value false
Setting type Boolean
Value range 0 | 1
Mandatory ? No
Relay, Server 9.2 and later
_Enterprise Server_ClientRegister_ProxyAuthMethodsAllowed
Restricts the set of authentication methods that can be used. You can specify more than one value separated by a comma. For information about restrictions affecting the supported authentication methods when using FIPS, see Setting a proxy connection on the server.
Setting up a proxy connection on a relay
Default value None (Any)
Setting type String
Value range basic | digest | negotiate | nltm
Mandatory ? No
Relay, Server 9.2 and later
_Enterprise Server_ClientRegister_ProxyUseForDownstreamComm
If set to 1, this setting indicates that all downstream communications in your Endpoint Manager environment pass through the proxy.
Setting up a proxy connection on a relay
Default value 0
Setting type Boolean
Value range 0 (false) | 1 (true)
Mandatory ? No
Relay, Server 9.2 and later
_Enterprise Server_ClientRegister_ProxyExceptionList
Specifies the computers, for example the parent relay, domains and subnetworks that must be reached by the relay without passing through the proxy. Use the following format:
"localhost, 127.0.0.1, hostname1, hostname2, IP_Addr_A, IP_Addr_B,domain_Z, domain_Y, ..."
By default internal communications are not diverted towards the proxy. To maintain this behavior, ensure that you include localhost, 127.0.0.1 in the list of exceptions when specifying a value for this setting.
Note: Ensure that you read Setting up a proxy connection to learn more about using the proxy exception list on a relay thru the samples.
Setting up a proxy connection on a relay
Default value localhost, 127.0.0.1 (internal communications are not diverted towards the proxy)
Setting type String
Value range N/A
Mandatory ? No
Relay, Server 9.2 and later

Top

Registration

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Register_StopOnFlushError
To prevent that duplicated computers are generated on the Console when the BESClient file system goes temporarily in read-only mode.
Default value 0 (false)
Setting type Boolean
Value range 0 (false) - 1 (true)
Client 9.5.8 and later
_BESClient_Register_IntervalSeconds
The BigFix Client will contact the ClientRegister CGI on the BigFix Server periodically to report its IP address (this is important if the BigFix Client changes IP addresses through DHCP), get the BigFix Server time, and get the BigFix Server version. If this setting is set too high, the BigFix Client may not receive UDP "pings" that tell it to gather the latest sites when new actions or new Fixlet content is available. If this setting is set too low, the BigFix Client will flood the BigFix Server with registration requests.
What is the meaning of the message "skipping relay select. Registering with current relay" in BES Client Debug log?
Default value 21,600 (6 hours)
Setting type Numeric (seconds)
Value range 600 - 82,800 (23 Hours)
Task available ? No
Client All
_BESClient_SecureRegistration

To set the value for the password needed to perform a manual registration to an authenticating relay. This setting is useful when a new client needs to be registered to an existing authenticating relay, and the authenticating relay uses a password to perform the key exchange. This setting is read at client startup time only.

In case of failure, the client tries to register again to an existing authenticating relay and follows the same behavior of the relay selection.

Client could not register with the BigFix server successfully

Reasons for large group of BigFix Clients failing to register and appear offline

BigFix Clients not choosing their specified BigFix Relay

Default value None
Setting type String
Value range Only ASCII characters
Platform All
Client 9.5.7 and later
_BESRelay_Selection_AutoSelectableRelay
A value of "0" makes the BigFix relay unavailable for auto selection after the next actionsite propagation. A value of "1" allows the BigFix relay to be used by BigFix clients for auto selection.
How can I control client relay selection for a particular Relay or DSA Server?
Default value 1 (enabled)
Setting type Boolean
Value range 1 (enabled) - Enable Auto Selection

0 (disabled) - Disable Auto Selection
Task available ? No
Relay All
_BESClient_RegistrationManager_RegisterWith51Relays
This configuration setting enables a BigFix 6.0 Client to gather from a BigFix 5.1 Relay for troubleshooting purposes (TEM 6.0+).
How can I control client relay selection for a particular Relay or DSA Server?
Default value 0 (disabled)
Setting type Boolean
Value range 1 (enabled)

0 (disabled)
Task available ? No
Client All
_Enterprise Server_ClientRegister_ClientRegistrationExpirationPeriod
This setting controls how quickly BigFix relays mark BigFix clients as expired. BigFix clients have this length of time to register again before their license is made available for use by another BigFix client. This setting could be used to increase the rate at which licenses are transferred from offline BigFix clients to active BigFix clients when the total number of clients gets above the license seat count.
Proxy Configuration (Server/Relay)
Default value 1,440 (1 day)
Setting type Numeric (minutes)
Value range 1 - 4,294,967,295
Task available ? No
Relay, Server All
_Enterprise Server_ClientRegister_MaxRelayPathLength
This setting is used to control the maximum length a chain of BigFix relays can extend. The setting prevents circular chains of BigFix relays from forming by automatic BigFix relay selection. This setting could be used to stop long chains of BigFix relays from forming or create a maximum depth a BigFix relay can be from the BigFix server.
Default value 32
Setting type Numeric
Value range 1 - 4,294,967,295
Task available ? No
Relay, Server All

Top

Relay selection
Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_RelaySelect_AlwaysOnIPListChange

If a client is temporarily on a sub-network from where it cannot register to the desired relay, the client registers with the root server. By default an auto relay selection is not triggered even if, later on, the client IP situation changes and the client can communicate again with the desired relay. This means that the client will continue to be registered with the root server until a new explicit relay selection occurs.

You can assign the value 1 to this configuration setting to change the default behavior and trigger automatically a new relay selection when the IPList addresses changes after the registration even if the IP used for the current registration is still available.

Default value 0 (false)
Setting type Boolean
Value range 0 (false) - 1 (true)
Client 9.2.8 and later
_BESClient_RelaySelect_IntervalSeconds
The BigFix Relay selection algorithm will run this often. If a closer BigFix Relay is found, the closer BigFix Relay will be used.
Note: If the BigFix Relay selection is failing, this interval is ignored.
What is the meaning of the message "skipping relay select. Registering with current relay" in BES Client Debug log?
Default value 21,600 (6 hours)
Setting type Numeric (number of seconds)
Value range 600 - 31,536,000 (1 year)
Task available ? Yes
Client, Relay All
_BESClient_RelaySelect_MinRetryIntervalSeconds
If the BigFix Relay selection algorithm fails (no BigFix Relays are found), the BigFix Client will try again after this many seconds. The BigFix Client will double this value on each successive retry that fails to locate a BigFix Relay.
Default value 60
Setting type Numeric (number of seconds)
Value range 0 - 31,536,000 (1 year)
Task available ? Yes
Client All
_BESClient_RelaySelect_MaxRetryIntervalSeconds
After failing to find a BigFix Relay, the BigFix Client will continue to try to find a BigFix Relay. Each time it fails, the BigFix Client will double the time it spends until this maximum is exceeded. Then the BigFix Client will try with this maximum retry interval until it successfully selects a BigFix Relay.
Default value 7,200 (2 Hours)
Setting type Numeric (Seconds)
Value range 0 - 31,536,000 (1 year)
Task available ? Yes
Client All
_BESClient_RelaySelect_MaximumTTLToPing
The maximum number of network hops (Time To Live) a BigFix Client will search over before considering its automatic relay selection attempt a failure. A BigFix Client will be able to find only BigFix Relays that are less than the maximum number of network hops away from the BigFix Client. This setting can be used to limit the ICMP traffic generated by the automatic relay selection algorithm.
Automatic relay selection in a high latency and/or high hop network is failing
Default value 20
Setting type Numeric
Value range 1 - 255
Task available ? Yes
Client, Relay All
_BESClient_RelaySelect_PingDelayMicroSeconds
During the automatic relay selection algorithm, the BigFix Client will wait this long between each iteration. On each iteration the BigFix Client sends ICMP packets with a TTL greater than the last iteration. This setting can be used to slow down the automatic relay selection algorithm and reduce the network traffic generated.
Automatic relay selection in a high latency and/or high hop network is failing
Default value 200
Setting type Numeric (microseconds)
Value range 0 - 1,000,000 (1 second)
Task available ? No
Client All
_BESClient_RelaySelect_ResistFailureIntervalSeconds
This setting controls the time interval that the BigFix Client will ignore communications errors before performing BigFix Relay selection. Once a BigFix Relay has been selected and the BigFix Client has successfully registered, it will ignore errors when it attempts to post its results to the BigFix Relay or BigFix Server for this long before deciding to choose another BigFix Relay.
Configuring relay failover
Default value 600 (10 minutes)
Setting type Numeric (seconds)
Value range 0 - 21,600 (6 hours)
Task available ? Yes
Client All
_BESClient_RelaySelect_FailoverRelay
This setting determines what the BigFix Client will do in the event that no BigFix Relays respond to TTL pings up to the maximum configured distance. In this event, the BigFix Client will attempt to register with the defined failover BigFix Relay before trying the BigFix Server. This setting was first introduced in BigFix 5.1.
Note: This format is the same as for the __RelayServer1 and __RelayServer2 settings. For example: http://servername:port/bfmirror/downloads/.
What manual Relay selection options do I have for my clients and Relays?
Default value None
Setting type String (URL of the failover relay)
Task available ? No
Client All
_BESClient_RelaySelect_FailoverRelayList
This setting contains a list of failover relays to choose from when no relay listed as primary, secondary or specified in the tertiary list responded to pings. This setting, first introduced in BigFix 9.0, is a semi-colon delimited list of relays to try. For automatic relay selection, see Relay Affiliation. If specified, this setting overrides _BESClient_RelaySelect_FailoverRelay. (Example: relay1.company.com;192.168.123.32;relay2.company.com)
Default value None
Setting type String
Value range A semicolon-separated list
Task available ? No
Platform All
Component restart required ? No
Client All
__RelaySelect_Automatic
Use this setting to specify if the client is configured for automatic parent relay selection. Setting "__RelaySelect_Automatic = 1" means that the client uses the automatic parent relay selection.
Note: Clients that are configured for automatic parent relay selection cannot communicate through a proxy with their parent relay because they must be able to ping the relay.
Default value 0 (disabled)
Setting type Boolean
Value range 1 (enabled), 0 (disabled)
Task available ? Yes
Client All
_BESClient_RelaySelect_TertiaryRelayList
When using manual relay selection, this setting is a way to specify a list of failover relays to choose from when the primary and secondary relays are not reachable. This setting is a semi-colon delimited list of relays to try. Manual selection goes in this order, primary/secondary/tertiary list/failover/root. For automatic relay selection, see Relay Affiliation. (Example: relay1.company.com;192.168.123.32;relay2.company.com)
What manual Relay selection options do I have for my clients and Relays?
Default value None
Setting type String
Value range A semicolon-separated list
Task available ? No
Client All

Top

Relay management
Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Relay_NameOverride
If the BigFix Relay is using a DNS name that is not accessible by all BigFix Clients, an override can be used. If this value is set on the BigFix Relay computer, it will return this setting for the dns name inspector, which will be reported to the BigFix Server and used by other BigFix Clients to locate the BigFix Relay. You can also use this value if you want your BigFix Clients to locate their relays by IP address, rather than DNS name lookup. For example, if the BigFix Relay is reported at relay1:52311, you can use this setting to make the BigFix Relay be accessible at relay1.company.com:52311 or even 192.168.100.123:52311.
Note: This value needs to be set on only the one BigFix Relay computer and not on all the BigFix Client computers.
Why are my BigFix Clients not choosing their specified BigFix Relay?
Default value None
Setting type String (override name)
Value range hostname OR ipaddress (do not include port number)
Task available ? Yes
Relay All
_BESClient_Relay_Chain_Days
The relay chain information is stored in .txt files within a new client folder named RelayChain located in the BES Global directory. Use this setting to specify the number of days for which the files should be retained in the folder.
Viewing the relay chain on the client
Default value 10
Setting type Numeric (days)
Value range 0 - 366
Client 9.5.13 and later

Top

Affiliation
Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_Register_Affiliation_AdvertisementList

This BigFix Client setting should also be set to a semi-colon (;) delimited list of relay affiliation groups. For example: AsiaPacific;DMZ;*

Note: The labels, defined in the client setting _BESRelay_Register_Affiliation_AdvertisementList and delimited by semi-colon ( ; ), must not be bigger than 64 characters.
Default value None
Setting type String (A semicolon-separated list)
Task available ? No
Relay All
_BESClient_Register_Affiliation_SeekList

This BigFix Client setting should be set to a semi-colon (;) delimited list of relay affiliation groups. For example: AsiaPacific;Americas;DMZ

Default value None
Setting type String (A semicolon-separated list)
Task available ? No
Client All

Top

Child Number Limit
Name/Description References Values Component(s) affected Version(s) applicable
_Enterprise Server_ClientRegister_MaxChildCount
Maximum number of clients the BigFix relay will allow to register. Once this limit is reached, connections will be rejected. This limit also includes the registered BigFix clients that are not running but that are in the registration list. The not running BigFix clients are removed from the registration list after 24 hours.
Note: The setting should be applied before the clients are registered.
Logics about automatic relay selection
Default value 0 (unlimited)
Setting type Numeric
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay All
_Enterprise Server_ClientRegister_MaxChildRelayCount
Maximum allowed number of BigFix clients that are BigFix relays registered to the parent. This limit also includes the registered BigFix relays that are not running but that are in the registration list. The not running BigFix relays are removed from the registration list after 24 hours. This limit is calculated independently of the MaxChildCount setting.
Note: The setting should be applied before the relays are registered.
Logics about automatic relay selection
Default value 0 (unlimited)
Setting type Numeric
Value range 0 - 4,294,967,295
Task available ? No
Server, Relay All

Top

Client notification

Command polling
Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Comm_CommandPollEnable

When this configuration setting is enabled, computers will poll their parent relay for UDP commands they may have missed. If you set it to '1', the BigFix Client will check with its BigFix Relay for any new gathers or refreshes when the number of seconds specified in “_BESClient_Comm_CommandPollIntervalSeconds elapses.999999"

Enabling client polling

Changing the gather interval for a BigFix Client via the command polling client settings

Default value 0
Setting type Boolean
Value range 1 (True) - 0 (False)
Task available ? Yes
Client 9.2 and later
_BESClient_Comm_CommandPollIntervalSeconds
When 'BESClient_Comm_CommandPollEnable = 1', this configuration setting determines how often the BigFix Client will check with its BigFix Relay for any gathers or refreshes. Avoid setting this to be less than 900 seconds due to performance implications.
Changing the gather interval for a BigFix Client via the command polling client settings
Default value 900
Setting type Numeric (seconds)
Value range 60 - 31,536,000 (1 Year)
Task available ? Yes
Client 9.2 and later

Top

UDP Notification
Name/Description References Values Component(s) affected Version(s) applicable
_Enterprise Server_ClientRegister_BatchCount
This setting controls the number of UDP pings the BigFix relay will send before delaying for a period of time. The length of the delay is controlled by _Enterprise Server_ClientRegister_BatchDelay. This setting could be used to limit the rate at which a BigFix relay sends out UDP pings if this network traffic is harmful in some way.
Default value None
Setting type String
Value range N/A
Task available ? No
Server, Client, Relay 9.2 and later
_Enterprise Server_ClientRegister_BatchDelay
This setting controls how long the BigFix relay will wait between sending out a batch of UDP pings to BigFix clients. This setting could be used to limit the rate at which a BigFix relay sends out UDP pings if this network traffic is harmful in some way.
Default value 1,000
Setting type Numeric (milliseconds)
Value range 1 - 4,294,967,295
Task available ? No
Server, Client, Relay 9.2 and later
_Enterprise Server_ClientRegister_DisableChildUDPMessages

A client setting that you can set on the BigFix server or a BigFix relay to control the UDP notifications sent to the BigFix clients children.

If set to 1, no UDP notifications are sent from that machine to the attached BigFix Clients. In this case the BigFix Client subscribed to that parent relay must periodically poll the parent to look for notifications and downloads. See also _BESClient_Comm_CommandPollEnable and _BESClient_Comm_CommandPollIntervalSeconds client settings.

This setting does not affect the behavior of the BigFix Client installed on the relay or on the server which continues to receive UDP messages.

Default value 0
Setting type Boolean
Value range 0 - 1
Task available ? No
Component restart required ? Yes
Server, Client 9.2 and later
_BESClient_Comm_ListenEnable
When set to 0 the BigFix Client will not listen for UDP messages. If the BigFix Client does not receive UDP messages it will not receive gather pings sent from the BigFix Server notifying the BigFix Client of new actions and content.
UDP messages on BigFix Agent
Default value 1 (True)
Setting type Boolean
Value range 1 (True) - Listen for UDP 0 (False) - Ignore UDP
Task available ? No
Client 9.2 and later

Top

Persistent TCP connections

For detailed documentation on how to manage persistent TCP connections, see Persistent connections.

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_PersistentConnection_Enabled
Controls the ability to create a persistent connection on the client.

Set the value for this setting to 1 (True) if you want to enable the process for creating a persistent connection on the client. The TCP persistent connection is established between a client and its parent relay.

Persistent connections
Default value 0 (False)
Setting type Boolean
Value range 0 - 1
Task available ? No
Client 9.5.11 and later
_BESRelay_PersistentConnection_Enabled
Controls the ability to create a persistent connection on the relay. Set the value for this setting to 1 (True) if you want to enable the process for creating a persistent connection on the relay. The TCP persistent connection is established between a client and its parent relay.
Persistent connections
Default value 0 (False)
Setting type Boolean
Value range 0 - 1
Task available ? No
Relay 9.5.11 and later
_BESRelay_PersistentConnection_NumberPerSubnet
It defines the number of simultaneous persistent connections that the relay can establish for each subnet. From this value depends the fault-tolerance capability of the relay if connection failures occur in the subnet which affect the clients.
Persistent connections
Default value 3
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later
_BESRelay_PersistentConnection_MaxNumber
It defines the maximum overall number of simultaneous persistent connections that the relay can establish. This setting prevents that a relay keeps too many connections open.
Persistent connections
Default value 100
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later
_BESRelay_PersistentConnection_KeepAliveSeconds
It determines how often the relay performs the health check of the established persistent connections.
Persistent connections
Default value 600
Setting type Numeric (seconds)
Component restart required ? Yes
Relay 9.5.11 and later
_BESClient_PersistentConnection_SubnetCidrOverride

It overrides the subnet value detected by the client and has only effect in the context of the persistent connection. This setting is useful within more complex networks where the value of the subnet detected by the client might prevent persistent connections from working properly. The setting is effective only on clients having

_BESClient_PersistentConnection_Enabled set to 1.

Persistent connections
Default value NA
Setting type valid CIDR format (For example 192.168.1.0/24)
Component restart required ? No
Note: The setting takes effect after the following client registration.
Client 9.5.11 and later

Top

Communication

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Comm_SkipInternetActiveTest
Before the BigFix Client tries to gather it will check the Windows API connection test to determine if an internet connection is available. This setting will allow the BigFix Client to ignore the results of the connection test and attempt to gather anyway.
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - ignore connection test 0 (False) - perform connection test
Task available ? No
Client 9.2 and later
_BESClient_Comm_IPCommunicationsMode
This setting determines the network topology preference. Available values for this settings are: "Ipv4ThenIpv6", "Ipv6ThenIpv4", "OnlyIpv4". This setting was first added in BigFix 9.0.
Default value Ipv4ThenIpv6
Setting type String
Value range Ipv4ThenIpv6, Ipv6ThenIpv4, OnlyIpv4
Task available ? No
Component restart required ? No
Client 9.2 and later

Top

Authentication
Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_Comm_KeyExchangePassword
If an agent does not have a certificate and can only reach an authenticating relay on the network, connected through the internet, you can enable the key exchange with an authenticating relay. The client includes the password in its key exchange with the authenticating relay, which verifies it before forwarding the key exchange to its parent.
Manual key exchange
Default value None
Setting type String
Component restart required ? No
Relay 9.2 and later
_BESRelay_Comm_Authenticating
Set to 1 to configure an authenticating relay or use the related task in the BES Support site. To configure an open relay, set the parameter to 0 or use the related task in the BES Support site.

Authenticating relays

Setting up internet relays

Manually deploying a new BigFix Virtual Relay instance

Default value 0
Setting type Boolean
Value range 0 (disabled)

1 (enabled)

Component restart required ? Yes
Relay 9.2 and later
_BESRelay_Comm_ClientCertUpdatePassword
If an agent has an expired short-term certificate and can only reach an authenticating relay on the network, connected through the internet, you can manually update the certificate with an authenticating relay. The client includes the password in its update certificate request with the authenticating relay, which verifies it against this setting value before forwarding the certificate update request to its parent.
Default value None
Setting type String
Component restart required ? No

Relay

10 Patch 7

Top

Download

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Download_SizeLimitMB

Use this setting to specify the size in MB that must not be exceeded by the total size of the downloads associated to an action. If the total size of the downloads associated with the action exceeds the specified value, the action is prevented from running. This check is done by the target agent for each action requiring the download of one or more than one files.

Condition `download <url>`:

Not being predictable the size of the download, it is considered by default the maximum value (4,294,967,295). Therefore, if the connected Relay is not a preferred Relay in the download condition mentioned above, the action is prevented from running.

Condition `download now <url>`:

Does not use the Relay Hierarchy, the check will not be executed. It is the same condition as when the setting is not defined.

In case of a dynamic download, for each action, the check is done on the total size of the files downloaded in the prefetch passes. When the threshold is reached, the download stops.

Managing Downloads
Default value max unsigned int32 (4,294,967,295)
Setting type Numeric (MB)
Value range 0 - 4,294,967,295
Task available ? No
Component restart required ? No
Client 9.5.9 and later
_BESClient_Download_Direct
Normally, BigFix Clients will contact their BigFix Relay to receive downloads from the internet. This setting forces the BigFix Client to download files directly from the internet using the URL specified. This setting takes precedence over other download settings.
Managing Downloads
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - download from the Internet; 0 (False) - download normally
Task available ? No
Client All
_BESClient_Download_DirectOnFail
When the BigFix Client fails to download a file from the BigFix Server or BigFix Relay, it can attempt to download the file directly from the Internet.
Note: If there is a proxy in your network that blocks unauthenticated access to the Internet, turning this setting to 1 (True) may not work.
Managing Downloads
Default value 0 (False)
Setting type Boolean
Value range 1 (True) - download from the Internet on failure 0 (False) - do not download from Internet on failure
Task available ? No
Client All
_BESClient_Download_Direct_Domainlist
This setting is a semi-colon (;) delimited list of domains for which direct download is desired. You can use the "*" as a wildcard.

(Example: my.company.com;192.168.123.*;microsoft.com;*.adobe.com)

Managing Downloads
Default value None
Setting type String
Value range A semicolon-separated list
Task available ? No
Component restart required ? No

Client

10 Patch 1

_BESClient_Download_DirectRecovery
When the BigFix Client fails to download a file from the Internet, it can attempt to download the file from the BigFix Server or BigFix Relay.
Managing Downloads
Default value 0 (False)
Setting type Boolean
Value range 0 (False) - Do not download from the BigFix Server or BigFix Relay on failure.

1 (True) - Download from the BigFix Server or BigFix Relay on failure.

Task available ? No
Component restart required ? No

Client

10 Patch 1

_BESClient_Download_ResetOnRelaySwitch

If set to 1, this setting enables the download interruption on the Relay switch. It means that when the BigFix Client registers to a new Relay, the download in progress from the old Relay will be stopped and is restarted from the new Relay.

Managing Downloads
Default value 0 (false)
Setting type Boolean
Value range 0,1
Restart Required No

Client

10 Patch 7

_BESClient_Download_Direct_SubnetList

This setting is a semi-colon (;) delimited list of subnets in CIDR format and allows you to specify the list of subnets that allow the Direct Download.

The setting accepts only subnets specified in CIDR format, for example: 192.1.77.0/25;192.1.0.0/16

If the Client connected to the Relay is part of one of this subnets, the direct download is allowed.

Managing Downloads
Default value None
Setting type String
Value range A semicolon-separated list
Restart Required No

Client

10 Patch 7

_BESClient_Download_MinimumDiskFreeMB
This setting stops both stages of downloading (normal stage and pre-caching stage) if the free space of the disk on which the client stores downloads is less than the value of this setting.
Managing Downloads
Default value 20
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_NormalStageDiskLimitMB
This setting stops normal stage downloading if the client is already using this much normal stage download disk space. Actions marked for normal downloads will report constrained if the total space used for downloads exceeds this limit.
Note: Normal stage downloads may exceed this limit by borrowing some space from the pre-cache stage space if it is not full.

Managing Downloads

JobDiskLimited message in the BigFix Client log

Default value 2048
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_PreCacheStageContinueWhenDiskLimited

This setting indicates whether files that are pre-cached for a group action can be removed on the Client system to allow the Agent to continue with action download requests for subsequent sub actions in the group. Files that are removed from the pre-cache area on the Client have to be downloaded again at run time from the parent relay, if required by a sub action.

Enabling data pre-cache
Default value 0 (Disabled)
Setting type Boolean
Value range 0 (Disabled) or 1 (Enabled)
Task available ? No
Client 9.5.10 and later
_BESClient_Download_PreCacheStageDiskLimitMB

This setting stops pre-cache stage downloading if the client is already using this much pre-cache stage download disk space. Actions marked for pre-caching will report constrained if the total space used for downloads exceeds this limit.

Enabling data pre-cache

JobDiskLimited message in the BigFix Client log

Default value 250
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_PreCacheStageEnabled

This setting determines if pre-cache download functionality is enabled. Set this to zero (0) to disable pre-caching of downloads.

Default value 1 (Enabled)
Setting type Boolean
Value range 1 (Enabled), 0 (Disabled)
Task available ? No
Client All
_BESClient_Download_RetryMinutes
When the BigFix Client fails to download a file from the BigFix Server or a BigFix Relay during an action, it will wait for the specified amount of time then try again. After each failed attempt, it will double the previous retry interval used until an upper bound of 10 minutes (hard coded).
Note: The RetryMinutes value means: another download attempt does not start for a period of x minutes; when the attempt actually occurs might vary depending on the client activities and load.
BigFixTroubleshooting Downloads
Default value 1
Setting type Numeric (minutes)
Value range 0 -10 (minutes)
Task available ? No
Client All
_BESClient_Download_RetryLimit

When the BigFix Client fails to download a file from the BigFix Server or a BigFix Relay during an action, it will retry the specified number of times. The retry interval is managed by the _BESClient_Download_RetryMinutes setting.

BigFixTroubleshooting Downloads
Default value 6
Setting type Numeric (retry limit)
Value range 0 - 100
Task available ? No
Client All
_BESClient_Download_ChannelThreshold

The BigFix Client can simultaneously download two files at a time by using one "main channel" and one "thin channel" when the BigFix Client is attached to the BES Root Server. The main channel is used for all downloads, but if the main channel is currently downloading a large file, the thin channel can be used to download smaller files if the download size is less than the specified threshold. If this setting is set high, the BigFix Client will use the thin channel to download larger files, which could slow down actions because two large files may be downloading at the same time (each using half the bandwidth) instead of one file after the other. If this setting is set low, the thin channel will be used for only very small file downloads.

Default value 500,000
Setting type Numeric (bytes)
Value range 1 - 100,000,000 (Set to 0 to disable the thin channel)
Task available ? No
Client All
_BESClient_Download_InactivityTimeout

When the BigFix Client is downloading a file from the BigFix Server or BigFix Relay, it sometimes will experience some inactivity because of network problems, disconnections, etc. When there is inactivity, the BigFix Client will wait for the specified number of seconds to receive more data before aborting the download.

BigFixTroubleshooting Downloads
Default value 300 (5 minutes)
Setting type Numeric (seconds)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_DownloadsCacheLimitMB

This configuration setting sets the BigFix client download cache limit. The BigFix client keeps all files that were cached in the same day, regardless of the download cache limit. If there is only one file which is larger than the configured download cache size, the BigFix client keeps this file, regardless of the age or the download cache limit.

Default value 20
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESClient_Download_UtilitiesCacheLimitMB

This configuration setting sets the Utility cache limit.

Default value 10
Setting type Numeric (in MB)
Value range 0 - 4,294,967,295
Task available ? No
Client All
_BESRelay_Downloads_OlderThanInDays
This setting specifies which rows listing the downloaded files must be deleted by the cleanup task in the Mirror Server/Config/DownloadState.db database on the Relay. The rows representing files older than the value specified in this setting are deleted from that database.
Note:

The information about the downloaded files is visible at: http://server_host:52311/cgi-bin/bfenterprise/BESMirrorRequest.exe.

Download Status Report Clean-up
Default value 60
Setting type Numeric (days)
Value range 0 - 2,147,483,647
Task available ? No
Relay All
_BESClient_Download_FastHashVerify

When this setting is enabled, the client increases the CPU consumption during the hash verification of the file.

If the pre-cache option is selected, this acceleration will not be activated.

The values used for the CPU increase are set in _BESClient_Resource_WorkFastHashVerify and _BESClient_Resource_SleepFastHashVerify.

By default, the setting is disabled.

Default value 0 (False)
Setting type Boolean
Value range 0 (False) - Use default settings for CPU consumption.

1 (True) - Switch to fast verify scenario.

Client

10 Patch 2

Top

Reports management

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Report_MinimumInterval

When the BigFix Clients are performing an action, they will send reports of the status of the action (Evaluating, Waiting, Running, Fixed, etc.). This setting controls the minimum number seconds between sending reports. If this number is too high, the BigFix Clients will take a long time update their action status. If this number is too low, it will put extra load on the BigFix Server to process the extra action status reports.

Default value 60
Setting type Numeric (in seconds)
Value range 0 - 86,400
Task available ? No
Client All
_BESRelay_PostResults_ResultTimeLimit
The BigFix relay accumulates reports from the BigFix clients and then compresses them and sends them to the parent BigFix relay or BigFix server after waiting a specified amount of time. This setting sets the amount of time to wait before sending the reports. The longer the wait, the more latency before the BigFix server receives the reports from the BigFix clients, but the greater the efficiency of the system (lower network traffic).
BES Client report interval vs BES Relay post
Default value 3
Setting type Numeric (seconds)
Value range 1 - 4,294,967,295
Task available ? No
Relay All
_BESRelay_PostResults_RawCarbonCopyPath
If specified, this setting defines the path on the relay where a copy of the BigFix reports must be saved for troubleshooting purposes. By default no copy is saved.
Default value None
Setting type String (path)
Relay All
_BESRelay_PostResults_QueryRawCarbonCopyPath
If specified, this setting defines the path on the relay where a copy of the BigFix Query reports must be saved for troubleshooting purposes. By default no copy is saved.
Default value None
Setting type String (path)
Relay 9.5.2 and later
_BESRelay_PostResults_ResultSizeLimit
This is the maximum size in bytes of inputs to an archive that a relay submits to its parent. No more files will be added to the archive once this limit has been exceeded (although the last file added cab push the size over the limit).
Note:
  • The archive of uncompressed and unencrypted reports are themselves compressed, so the output of the archiving process may be smaller than ResultSizeLimit even when the limit gets hit.
  • The Relay does *not* immediately start posting the next repost after running into this limit, so this setting can serve as a throughput limiter on the relay.
Default value 1024*1024
Setting type Numeric (size in bytes)
Component restart required ? Yes
Relay All

Top

Query

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_Query_MOMaxQueryTime

This setting determines how long the QnA can process a query submitted by a Master Operator before stopping, discarding the request and responding to the agent that the request could not be completed because the maximum processing time has elapsed.

Getting client information by using BigFix Query

BigFix Query

Default value 60
Setting type Numeric (seconds)
Value range 1 - 3,600
Client 9.5.2 and later
_BESClient_Query_NMOMaxQueryTime

This setting determines how long the QnA can process a query submitted by a Non Master Operator before stopping, discarding the request and responding to the agent that the request could not be completed because the maximum processing time has elapsed.

Getting client information by using BigFix Query

BigFix Query

Default value 10
Setting type Numeric (seconds)
Value range 1 - 3,600
Client 9.5.2 and later
_BESClient_Query_IdleTimeout

This setting determines how long the QnA will wait for new reports to be processed before stopping. The QnA will start automatically when a new query to process is received by the agent.

Getting client information by using BigFix Query
Default value 600
Setting type Numeric (seconds)
Value range 60 - 3,600
Client 9.5.2 and later
_BESRelay_Query_RemovalTask
This setting determines how often the BigFix Query requests cleanup task runs to free up space in the cache on the relay.
Getting client information by using BigFix Query
Default value 10
Setting type Numeric (minutes)
Relay 9.5.2 and later
_BESRelay_Query_MinTime
This setting determines the criteria used by the cleanup task for removing BigFix Query requests. When the cleanup task runs, it removes the requests whose age is older or equal to the value specified in the setting.
Getting client information by using BigFix Query
Default value 60
Setting type Numeric (minutes)
Relay 9.5.2 and later
_BESRelay_Query_MemoryLimit
This setting specifies the maximum size of the cache that can be used on the relay to store the BigFix Query requests. When the specified threshold is exceeded, the older entries are removed until the threshold is satisfied again.
Getting client information by using BigFix Query
Default value 100
Setting type Numeric (MB)
Relay 9.5.2 and later
_BESRelay_Query_ResultsMemoryLimit
This setting specifies the maximum size of the cache that can be used on the relay to store the BigFix Query results. When the specified threshold exceeds the older entries, regardless of their age, are removed until the threshold is satisfied again.
Getting client information by using BigFix Query
Default value 100
Setting type Numeric (MB)
Relay 9.5.2 and later

Top

Application Usage Collection

Name/Description References Values Component(s) affected Version(s) applicable
_BESClient_UsageManager_EnableAppUsage
If you set this configuration setting to 1, you enable the application usage tracking on the Client system. By doing so you allow application usage tracking inspectors to report the time intervals when the instances of the applications are running.
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All
Component restart required ? No
Client 9.2 and later
_BESClient_UsageManager_EnableAppUsageSummaryApps

In this configuration setting you can specify the list of names of the applications that the agent should collect usage summary information about. Use the ':' character as separator, for example:

"+:app1:app2" means to track app1 and app2

"-:app1:app2" means to track all applications but app1 and app2

This setting requires the _BESClient_UsageManager_EnableAppUsageSummary to be set to 1.

Default value Null
Setting type String
Value range Null
Platform All
Component restart required ? No
Client 9.2 and later
_BESClient_UsageManager_EnableAppUsageSummary

Set this configuration setting to 1 to enable collecting application usage summary data on the Client system.

Application usage summary
Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All
Component restart required ? No
Client 9.2 and later
_BESClient_UsageManager_EnableAppUsageSummaryPath

This setting is used to determine whether or not the Client must collect and save the full path information of the executable of an application. You can retrieve this information by running the application usage summary inspector on the Client system.

When this setting is turned on (value 1), the Agent collects and saves the executable full path data in the UsageData stat files.

When the setting is turned off (value 0), the saved full path data is deleted and the used disk space is released.

If _BESClient_UsageManager_EnableAppUsageSummaryPath is set to 0, the application usage summary inspector returns "nonexistent object" errors.

This setting requires the_BESClient_UsageManager_EnableAppUsageSummary to be set to 1.

Default value 0 (false)
Setting type Boolean
Value range 0 or 1
Platform All platforms except AIX
Component restart required ? No
Client 9.5.5 and later

Top

Bandwidth throttling

Set on the BigFix Server or on the BigFix Relays to control how to download files during the gathering phase.

Name/Description References Values Component(s) affected Version(s) applicable
_BESGather_Download_LimitBytesPerSecond
BigFix Gather can "throttle" the download speed by limiting the amount of bytes it downloads per second. This setting is especially effective if network bandwidth is a concern (such as with a dial-up connection). When this setting is used on the BigFix Relay, the BigFix Relay will limit its download speed when downloading from the BigFix Server or parent BigFix Relay. This setting throttles all downloading traffic.
Bandwidth throttling
Default value 0 (disabled)
Setting type Numeric (bytes)
Value range 0 - 4,294,967,295 (Set to 0 to disable download throttling and use the maximum possible bandwidth)
Component restart required ? Yes
Task available ? Yes
Server, Relay All
_BESGather_Download_ThrottleGroup
The parent considers this Relay to be part of the group that is specified here.

Bandwidth throttling

Static throttling

Default value An empty string
Setting type String
Platform Windows
Relay All
_BESClient_Download_ThrottleGroup
The parent considers this client to be part of the group that is specified here.

Bandwidth throttling

Static throttling

Default value An empty string
Setting type String
Client All
_BESRelay_HTTPServer_ThrottleKBPS
'Global' throttling on outgoing data to BigFix clients from the BigFix relay/server (0 means no limit). If its value is 1000 and there are 100 clients downloading simultaneously, the BigFix relay/server will send data to each BigFix client at 10KBPS (for a total of 1000KBPS). Throttling is implemented by sending a chunk of data at full speed, and then waiting chunksize/KBPS seconds before sending the next chunk so if all requests are smaller than the chunk size, then there may be no throttling at all. Uploaded data to other BigFix relays/server is not throttled by this setting (PostResults data).
Bandwidth throttling
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESClient_Download_LimitBytesPerSecond

The BigFix Client can "throttle" the download speed by limiting the amount of bytes it downloads per second. This setting is especially effective if network bandwidth is a concern (such as with a dial-up connection). If the BigFix Server or BigFix Relay is also set to use throttling, the lower of the two values will be used as the download speed.

Bandwidth throttling
Default value 0 (disabled)
Setting type Numeric (bytes/second)
Value range 0 - 4,294,967,295 (Set to 0 to disable download throttling)
Task available ? Yes
Component restart required ? No
Client All
_WebReports_HTTPServer_ThrottleKBPS
Server-side static throttling settings control the total amount of download traffic that a server will send out to clients using static throttling. This setting denotes the amount of bandwidth allocated to any given write connection divided by the number of active write connections.
Bandwidth throttling
Default value 0 (disabled)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Web Reports All
_BESRelay_HTTPServer_DynamicThrottleEnabled
When you enable dynamic throttling for any given link, BigFix monitors and analyzes the existing data throughput to establish an appropriate data rate. If there is no competing traffic, the throughput is set to the maximum rate. In the case of existing traffic, it throttles the data rate to the specified percentage or the minimum rate, whichever is higher.

Bandwidth throttling

Dynamic throttling

Default value 0 (disabled)
Setting type Boolean
Value range 0 - 1
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottleMaxKBPS
This setting usually defaults to the maximum unsigned integer value, which indicates full throttle. Depending on the link, this value sets the maximum data rate in bits or kilobits per second.

Bandwidth throttling

Dynamic throttling

Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottleMinKBPS
This setting defaults to zero. Depending on the link, this value sets the minimum data rate in bits or kilobits per second. This value places a lower limit on the percentage rate given below.

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESRelay_HTTPServer_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric
Value range 1 - 100
Task available ? Yes
Component restart required ? Yes
Server, Relay All
_BESClient_Download_DynamicThrottleEnabled
Same as _BESRelay_HTTPServer_DynamicThrottleEnabled

Bandwidth throttling

Dynamic throttling

Default value 0 (disabled)
Setting type Boolean
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottleMaxBytesPerSecond

Bandwidth throttling

Dynamic throttling

Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottleMinBytesPerSecond

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Client All
_BESClient_Download_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric
Value range 0 - 100
Task available ? Yes
Component restart required ? Yes
Client All
_BESGather_Download_DynamicThrottleEnabled
Same as _BESRelay_HTTPServer_DynamicThrottleEnabled

Bandwidth throttling

Dynamic throttling

Default value 0 (disabled)
Setting type Boolean
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottleMaxBytesPerSecond

Bandwidth throttling

Dynamic throttling

Default value 0 (No limit)
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottleMinBytesPerSecond

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric (KBPS)
Value range 0 - 4,294,967,295
Task available ? Yes
Component restart required ? Yes
Relay All
_BESGather_Download_DynamicThrottlePercentage
Specify a target percentage from 1 to 100 (0 is treated the same as 100).

Bandwidth throttling

Dynamic throttling

Default value 0
Setting type Numeric
Value range 0 - 100
Task available ? Yes
Component restart required ? Yes
Relay All

Top

Airgap Mode

Name/Description References Values Component(s) affected Version(s) applicable
_BESServer_AirgapMode_Enabled

With this setting, you specify if your server will access the Internet for updating the license and gathering the sites or not.

This setting does not have an impact on the actions containing prefetch or download instructions.

Set to 1 to prevent your server from accessing the Internet for updating its license and gathering new sites. In this case, the log files will not display any errors.

Set to 0 to allow your server to connect to the Internet to verify if some license updates are available and if new sites versions can be gathered. In this case, if the server does not have Internet connectivity, the log files will display some errors.

Default value 0
Setting type Boolean
Value range 0 (disabled) and 1 (enabled)
Component restart required ? Yes
Server 9.5.11 and later

Top

HTTP server

Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_HTTPServer_MaxConnections
The maximum number of connections the Relay or RootServer HTTP Server can handle. It can be used as throttling parameter.
Default value 2,048 (Windows)

512 (Linux)

Setting type Numeric (number of threads)
Value range 1 - 65,536
Task available ? No
Relay, Root Server All
_HTTPServer_Referrer_CheckEnabled
Enable or disable the check on an optional header of the HTTP protocol. It identifies the address of the web page (that is the URI or IRI) that linked to the resource being requested. If the referrer check is enabled, BigFix checks if the referrer does not exist or, if it exists, if it contains the hostname that originated the request. If neither of these two conditions is satisfied, the requested is rejected due to an "Invalid Referrer". If SAML is enabled, BigFix automatically does not check the referrer when running Web Reports because, otherwise, the requests coming from the SAML backend would be rejected.
Assumptions and requirements
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)

Setting type Boolean
Relay, Root server, Web Reports 9.5.2 and later
_HTTPServer_HostHeader_CheckEnabled
Enable or disable the check on the host header of the HTTP protocol. When enabled, the host header is compared against the value of _WebReports_HTTPServer_HostName or localhost or the server IP. This helps prevent any possible attempts to manipulate the mapping between an IP address and a DNS host name (FQDN) in WebReports. When SAML is enabled, BigFix does not automatically check the referrer while running WebReports; otherwise, the requests coming from the SAML backend are rejected.
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)

Setting type Boolean
Relay, Root server, Web Reports 9.5.15 and later

Top

HTTPS
Name/Description References Values Component(s) affected Version(s) applicable
_WebReports_HTTPServer_UseSSLFlag
If enabled, this setting enforces the use of HTTPS with 443 as the default port number when building the host URL.
Customizing HTTPS on Web Reports
Default value 0 (disabled)
Setting type Boolean
Value range 0 (disabled) and 1 (enabled)
Component restart required ? Yes
Web Reports All
_WebReports_HTTPServer_SSLCertificateFilePath
This setting indicates the Web Reports SSL certificate file location.
Customizing HTTPS on Web Reports
Default value Empty
Setting type String
Task available ? No
Web Reports All
_WebReports_HTTPServer_SSLPrivateKeyFilePath
This setting indicates the Web Reports SSL private key file location.
Customizing HTTPS on Web Reports
Default value Empty
Setting type String
Task available ? No
Web Reports All
_WebReports_HTTPServer_PortNumber
This setting indicates the Web Reports HTTP port.
Customizing HTTPS on Web Reports
Value range The value is 443 if _WebReports_HTTPServer_UseSSLFlag is enabled, or 80 otherwise.
Setting type Numeric
Web Reports All
_WebReports_HTTPRedirect_Enabled
This setting indicates whether HTTP redirect is enabled for Web Reports.
Customizing HTTPS on Web Reports
Default value 1 (enabled)
Value range 0 (disabled)

1 (enabled)

Setting type Boolean
Component restart required ? Yes
Web Reports All
_WebReports_HTTPRedirect_PortNumber
This setting indicates the HTTP port number for Web Reports.
Customizing HTTPS on Web Reports
Default value 80
Setting type Numeric
Web Reports All
_WebReports_HTTPServer_RequireTLS12
This setting enables or disables the use of TLS 1.2.
Customizing HTTPS on Web Reports
Default value 0 (disabled)
Value range 0 (disabled)

1 (enabled)

Setting type Boolean
Component restart required ? Yes
Web Reports All
_BESRelay_HTTPServer_UseSSLFlag
Customizing HTTPS on REST API
Default value 0 (disabled)
Setting type Boolean
Component restart required ? Yes
Relay, Root server All
_BESRelay_HTTPServer_SSLCertificateFilePath
This setting indicates the path to the SSL certificate file.

The .pem file might contain both the certificate and private key for the Relay or Root Server, or only the certificate. The file is not included in Relay Diagnostics for security reasons.

Customizing HTTPS on REST API
Default value
  • Windows: \\certfile.pem
  • Linux: /var/opt/BESRelay/certfile.pem
Setting type String
Task available ? No
Relay, Root server All
_BESRelay_HTTPServer_SSLPrivateKeyFilePath
This setting indicates the path of the Relay or Root server SSL private key file.
Customizing HTTPS on REST API
Default value
  • Windows: \\private.key
  • Linux: /var/opt/BESRelay/private.key
Setting type String
Task available ? No
Relay, Root server All
_BESRelay_HTTPServer_RequireTLS12
Customizing HTTPS on REST API
Default value 0 (disabled)
Setting type Boolean
Component restart required ? Yes
Relay, Root server All

Top

Logging
Name/Description References Values Component(s) affected Version(s) applicable
_BESRelay_HTTPServer_LogFilePath
The path to the log file.
Get Computer
Default value
  • Server
    • <BES Relay Installtion Path>/BESRelay.log (Windows)
    • /var/log/BESRelay.log (Linux)
    Relay
    • <BES Relay Installtion Path>/logfile.txt (Windows)
    • /var/log/BESRelay.log