Managing Profiles
A profile contains the CipherTrust Manager logging criteria for CTE clients, Syslog server configuration, default logging level, server settings, Multifactor Authentication (MFA) settings, and additional settings that can be used for several CTE clients.
Note
CTE UserSpace does not support LDT Quality of Service (QoS) configurations.
A default profile, DefaultClientProfile, is created automatically when either of the following happens:
- On successful registration of the first client if no profile is specified during registration. 
- On creation of the first client group. A new client group is automatically linked to - DefaultClientProfile.
When registering a CTE client, the installer prompts to specify a profile for the client. If not specified, DefaultClientProfile is automatically linked to the client on successful registration. The linked profile can be modified later. It is recommended to not delete or modify DefaultClientProfile.
Creating a Profile
To create a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Click Create Profile. 
- Specify a unique Name for the profile. This is a mandatory field. 
- Provide a Description for the profile. 
- Click Create. 
The newly created profile appears in the profiles list.

After you have created a profile, you can define client logging criteria, Syslog configurations, QoS configurations, and MFA configurations. These configurations apply to the clients and client groups linked to this profile. Refer to the subsequent sections for details.
Setting Client Log Configuration
Client log configuration includes basic information such as the level of logs to capture, whether to enable the Syslog server, settings to upload logs to the CipherTrust Manager, and settings to store logs on clients.
To define client log configurations for a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Under Name, click the desired profile. The edit view of the profile is displayed. Profile settings are divided into three categories, as shown below:  
- Click CLIENT LOGGING CONFIGURATION to expand it. The client log configuration settings are categorized into basic, log upload to key manager, and log to the file on the clients.  - Basic Settings 
- Specify the basic settings: - Field - Description - Log Level - Level of logs to generate. It defines the detail and extent of information to be logged by the linked agents. In sequence, the options are: 
 • DEBUG: Fine-grained informational events that are targeted towards support engineers and developers.
 • INFO: Informational messages that highlight the progress of the application at coarse- grained level.
 • WARN: Potentially harmful situations.
 • ERROR: Error events that might still allow the application to continue running. This is the default log level.
 • FATAL: Severe error events that will presumably lead the application to abort.
 Log levels are cumulative. The level that you select not only generates log entries for events that occur at that level, but all the levels below. For example, the- WARNlevel also includes events that occur on the- ERRORand- FATALlevels.- Duplicates - Treatment for duplicate logs. The options are: 
 • SUPPRESS: Messages follow the configured Threshold as to how many times duplicate messages are sent to the CipherTrust Manager during the given Interval.
 • ALLOW: All duplicate messages are captured and displayed in the log.- Threshold (1-100) - (Used when the Duplicates field is set to - SUPPRESS.) Maximum number of duplicate messages the CTE Agent can send to the CipherTrust Manager within the time specified by- Suppress Interval(see below). The default value is- 5messages.- Suppress Interval (sec) 1-1000 - (Used when the Duplicates field is set to - SUPPRESS.) Time in which the number of duplicate messages, specified by Threshold, can be uploaded to the CipherTrust Manager. When Suppress Interval exceeds, the count specified by Threshold starts again. The default interval is- 600seconds (10 minutes).- Enable Concise Logging - Whether to enable Concise Logging for the linked clients. Select to enable, clear to disable. By default, Concise Logging is disabled. 
 When enabled, a reduced number of audit log messages are captured. Refer to Concise Logging for details.- Syslog Enabled - Whether the Syslog server is enabled. Select to enable, clear to disable. When you select Syslog Enabled, make sure that client Syslog configurations are defined. Refer to Setting Client Syslog Configuration for details. 
 When the Syslog server is disabled, the logs are sent to the client messages file such as- /var/adm/messages. On a Windows client, the messages are sent to the Event Viewer (Application events).- Log Upload Settings 
- Configure settings to upload logs to the CipherTrust Manager: - Field - Description - Log Upload to Key Manager - Whether to enable log upload to the CipherTrust Manager. Select to enable, clear to disable. When this option is selected, you can configure the settings listed below. 
 The logs are displayed under the Client Records page of the CipherTrust Manager GUI.- Upload Log Level - Level of logs to upload. In sequence, the options are: 
 • DEBUG: Fine-grained informational events that are targeted towards support engineers and developers.
 • INFO: Informational messages that highlight the progress of the application at coarse- grained level.
 • WARN: Potentially harmful situations.
 • ERROR: Error events that might still allow the application to continue running. This is the default log level.
 • FATAL: Severe error events that will presumably lead the application to abort.
 Log levels are cumulative. The level that you select not only generates log entries for events that occur at that level, but all the levels below. For example, the- WARNlevel also includes events that occur on the- ERRORand- FATALlevels.- Connection Timeout (sec) 1-60 - Interval after which the connection attempt to the key manager expires. The default value is - 59seconds.- Drop if Busy - Whether to slow log generation and drop log files during periods of extreme logging (that is, when the server is busy). Select to drop, clear to keep trying. This setting is clear by default. - Upload Timeout (sec) 1-900 - Interval after which the log upload attempt expires. The default period is - 600seconds (10 minutes).- Max Interval (sec) 1-1000 - Maximum interval to wait before the CTE Agent can upload messages to the CipherTrust Manager. Use this option to update the log viewer even when the Message Upload Range has not been reached. Lower the interval if there is little CTE Agent activity. 
 The default maximum interval is- 20seconds.- Min Interval (sec) 1-30 - Minimum interval to wait before the CTE Agent can upload messages to the CipherTrust Manager. Increase the interval if there is considerable CTE Agent activity, so the agents do not flood the network with log messages. 
 The minimum interval is- 10seconds.- Message Upload Range (100-1000) - Maximum number of logs to upload at one time. When the specified number of logs is reached, they are uploaded to the CipherTrust Manager. The default number is - 1000.- Cache Settings - Settings to cache logs. The options are: 
 • Max Files: Maximum number of log files to cache. The default number is 200.
 • Max Space (MB): Maximum log size to cache. The default value is- 100MB.- Log to File Settings 
- Configure settings to gather logs in files on clients: - Field - Description - Log to File - Whether to write logs to files on clients. This option is selected by default. This means that, by default, the logs are written to files on clients. 
 The logs are sent to the- /var/log/vormetric/vorvmd_root.logfile.
 When the Log to File option is selected, you can configure the settings listed below.- File Log Level - Level of logs to capture in the log file. In sequence, the options are: 
 • DEBUG: Fine-grained informational events that are targeted towards support engineers and developers.
 • INFO: Informational messages that highlight the progress of the application at coarse- grained level.
 • WARN: Potentially harmful situations.
 • ERROR: Error events that might still allow the application to continue running. This is the default log level.
 • FATAL: Severe error events that will presumably lead the application to abort.
 Log levels are cumulative. The level that you select not only generates log entries for events that occur at that level, but all the levels below. For example, the- WARNlevel also includes events that occur on the- ERRORand- FATALlevels.- Max File Size (1-1000 MB) - Maximum size of a log file. The CTE Agent starts a new, empty log file when the specified limit is exceeded. The default maximum file size is - 1000MB.- Max Old Files (1-100) - The maximum number of old log files to keep. The default number is - 100.- Allow Purge - Whether to allow purging the old log files. Select to allow purge, clear to disallow. This option works in conjunction with the Max Old Files option (see above). 
 For example, set Max Old Files to- 3and select the Allow Purge check box. After 3 log files are generated, the first log file,- log1, is deleted and a new log file,- log4, is created.- If the Allow Purge check box is clear, log files continue to accumulate in the server database and you have to remove them manually. 
- Click Update. 
The changes are effective immediately and apply to the clients linked with the profile.
The CTE client logs can be seen on the Records > Client Records page of the CipherTrust Manager GUI. Filter the records by Client Type and look for the CTE records, as shown below.

Refer to Records for details.
Setting Client Syslog Configuration
When you have Syslog servers up and running in your environment, you can redirect your client logs to them. A CipherTrust Manager administrator can configure profiles to redirect client logs to Syslog servers.
To configure Syslog settings in a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Under Name, click the desired profile. 
- Expand CLIENT SYSLOG CONFIGURATION.  
- Specify the following details: - Note - You can configure up to four servers, labeled as Server 1, Server 2, Server 3, and Server 4. By default, Server 1 and Server 2 are visible. To view Server 3 and Server 4, click Show Additional Servers. 
- This document describes steps to configure one server, Server 1. Extend the steps to suit your setup requirements. 
 - Field - Description - Log Level - Level of logs to redirect. In sequence, the options are: 
 • DEBUG: Fine-grained informational events that are targeted towards support engineers and developers.
 • INFO: Informational messages that highlight the progress of the application at coarse- grained level.
 • WARN: Potentially harmful situations.
 • ERROR: Error events that might still allow the application to continue running. This is the default log level.
 • FATAL: Severe error events that will presumably lead the application to abort.
 Log levels are cumulative. The level that you select not only generates log entries for events that occur at that level, but all the levels below. For example, the- WARNlevel also includes events that occur on the- ERRORand- FATALlevels.- Local - Whether logs are sent to the client. If selected, the logs are saved on the client at - /var/log/messages. By default, the option is clear.- Server 1 - Hostname or IP - Hostname or IP address of the Syslog server. - Port - Port of the Syslog server. - Message Format - Format in which the log messages are transferred to the Syslog server. The options are: 
 • Plain Message
 • CEF
 • RFC5424
 • LEEF
 The default log format is- RFC5424. This format adheres to the Syslog Protocol RFC 5424 guidelines.- Protocol - Transport protocol for the Syslog connection. The options are - UDP,- TCP, and- TLS. The default protocol is- TCP.
 When you select- TLS, the following fields appear:
 • CA Certificate: Click Browse to select the CA certificate.
 • Certificate: Click Browse to select the certificate.
 • Private Key: Click Browse to select the private key.
- Click Update. 
The Syslog server settings are configured.
Setting MFA Configuration
Common MFA configuration for clients and client groups is configured in profiles. When the security configuration for a client is built, the MFA configuration is fetched from the associated profile.
To set up MFA configuration, specify an OIDC connection and the set of exempted users. MFA will not be enforced for users in the exempted user set. By default, MFA is enforced for all users of the associated clients.
To configure MFA settings in a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Under Name, click the desired profile. 
- Expand MULTIFACTOR AUTHENTICATION.  
- Specify the MFA configuration. - Select OIDC Connection from the drop-down list. This is the OIDC connection over which MFA configurations will be enforced. OIDC connections are created on the CipherTrust Manager. Refer to Connection Manager for details. 
- Select MFA Exempted User Set from the drop-down list. This user set will be exempted from MFA. MFA will not be enforced on the users of this set. - Note - A CipherTrust Manager administrator with sufficient privileges can delete an OIDC connection being used by a profile. When an in-use OIDC connection is deleted, the security configuration for the associated clients cannot be built and pushed to the clients. The errors are logged in audit records. The CTE Agent continues working with the current configuration until the connection is restored. 
- You can delete the existing OIDC connection and MFA Exempted User set by clicking Delete (X). 
 
 
- Click Update. 
Configuring Server Settings
A CTE administrator can configure preferred nodes of a CipherTrust Manager cluster for sending status updates from CTE clients. The administrator assigns a priority to every node of the cluster.
The cluster nodes can be categorized into tiers on the CipherTrust Manager GUI, with every tier assigned a priority. For example, Tier 1 is assigned higher priority than Tier 2. All tiers (for example, Tier 1 + Tier 2) can have a total of 20 nodes. This preference is configured through server settings in profiles. If not configured, the CipherTrust Manager continues working with the default settings. Refer to Communication with CipherTrust Manager for the default behavior.
After the server settings are configured, the CTE clients associated with the profile first try to send status updates to the top tier. If none of the nodes in the tier is reachable, the CTE clients try to send updates to the next tier.
To configure the cluster node preference in a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Under Name, click the desired profile. 
- Expand SERVER SETTINGS. 
- Click Configure Settings. - Before proceeding, make sure the CipherTrust Manager is part of a cluster. Refer to Clusters and Nodes for information on CipherTrust Manager clusters and nodes. - When the CipherTrust Manager is part of a cluster, the Server Settings section displays cluster nodes grouped into tiers. 
- Add/modify cluster node preference as appropriate. - To add/modify the priority of a cluster node, drag it from one tier and drop to another. Alternatively, click the add button (  ) in the target tier and select the node from the displayed list. ) in the target tier and select the node from the displayed list.
- To remove a node from a tier: - Click the delete icon (  ) in the node name. A message box appears prompting to confirm the action. ) in the node name. A message box appears prompting to confirm the action.
- Click Yes to confirm. 
 - The change will be effective only after you click Update in the SERVER SETTINGS section of the Profiles page. 
- To add a new tier, click Add Another Tier. By default, one tier is visible. You can set preference for all nodes of a CipherTrust Manager cluster. - A maximum of 20 tiers can be added. 
- To delete a tier, click the delete button (  ). Tier 1 cannot be deleted. ). Tier 1 cannot be deleted.
 
- Click Update. The server settings are saved successfully. - The Update button is enabled only when the tier list is modified and every tier has at least one node. 
Concise Logging
CTE's standard operational logging sends audit messages for every file system operation. An audit message is sent every time a file is opened, read, updated, or written. Standard logging can generate high volumes of log data. Security administrators might not need most of these logs to monitor file system activities on the protected clients.
A CipherTrust Manager administrator can enable or disable Concise Logging for a profile. After Concise Logging is enabled or disabled, CTE Agent generates a log message to record that event:
"[CGA] [INFO] [CGA3201I] [08/07/2020 10:57:18] Concise logging enabled"
"[CGA] [INFO] [CGA3202I] [08/07/2020 10:57:27] Concise logging disabled"
Advantages
Concise Logging:
- Helps security administrators to focus on relevant audit messages and important actionable messages such as errors and warnings. 
- Can eliminate repetitive and unimportant audit messages generated by read and write activities on a file, read and write directory attributes, and other file system activities. 
- Eliminates audit messages: - For each block read by a user or an application. Only one audit message is sent for every read/write activity. 
- That read the attributes, basic information of file set attributes, and other event-based messages. 
- For directory open, read directory attributes, and directory close. 
 
Considerations
Concise Logging:
- Changes the set of messages that are sent to Security Information and Event Management (SIEM) software systems. If this results in loss of data required for customer reports, then disable Concise Logging. 
- Applies to all GuardPoints and for all users of the clients linked with a profile. There is no fine-grained control such as per GuardPoint, user, or message type. 
- Applies to the existing clients and the new clients to be linked with the profile subsequently. 
- Is supported by CTE - secfsonly.
- Should not be used with Learn Mode. 
Modifying Profiles
To modify a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Under Name, click the desired profile. - Alternatively, click the overflow icon (  ) corresponding to the desired profile and click Edit. ) corresponding to the desired profile and click Edit.
- Expand CLIENT LOGGING CONFIGURATION. - Modify the settings, as appropriate. Refer to Setting Client Log Configuration for details. 
- Click Update. 
 
- Expand CLIENT SYSLOG CONFIGURATION. - Modify the settings, as appropriate. Refer to Setting Client Syslog Configuration for details. 
- Click Update. 
 
- Expand MULTIFACTOR AUTHENTICATION. - Modify the settings, as appropriate. Refer to Setting MFA Configuration for details. 
- Click Update. 
 
- Expand SERVER SETTINGS. - Modify the settings, as appropriate. Refer to Configuring Server Settings for details. 
- Click Update. 
 
The profile settings are updated.
Deleting Profiles
Single or multiple profiles can be deleted from the CipherTrust Manager GUI in one go. Before deleting a profile make sure that no clients or client groups are linked to it.
Deleting Individual Profiles
To delete a profile:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Click the overflow icon (  ) corresponding to the desired profile. ) corresponding to the desired profile.- Alternatively, select the desired profile and click the delete icon (  ). ).
- Click Delete. 
The selected profile is removed from the profiles list.
Deleting Multiple Profiles
To delete multiple profiles:
- Open the Transparent Encryption application. 
- In the left pane, click Settings > Profiles. 
- Select the check boxes corresponding the desired profiles. - To select all profiles visible on the page for deletion, select the top check box to the left of the Name heading. 
- Click the delete icon (  ). A dialog box appears prompting to confirm the action. ). A dialog box appears prompting to confirm the action.
- Click Delete.