This article applies to:

• Security Reporting Center 2.0c
• Security Reporting Center 2.1

Question:

Procedure:

There are two configurable options for the LEA service that control the lag time when retrieving log files via OPSEC LEA.

The first value you can modify is the lag time from when the initial connection is created to when the application starts to retrieve log data.  The default value for this option is 50 minutes.  To modify this setting, please follow the instructions below:

1. Stop the NetiQ – Lea Service.
   
2. Open the lea_service.ini file located in the following directory:

   .\modules\leaservice

3. Find the following line within the file: 

   LagWindowSec=

4. At the end of the line add the amount of seconds you would like to wait before the LEA log data is collected.  For example:

   LagWindowSec=3000

   1. Minimum value is 30 seconds.
   2. Maximum value is 86400 seconds.

5. Save and close the file.

6. Start the NetiQ – Lea Service.

The second value you can modify is the lag time between LEA sessions that update the log file with any new information.  The default value for this option is 5 minutes.  If you would like to modify this setting, please follow the instructions below:

1. Stop the NetiQ – Lea Service.

2. Open the lea_service.ini file located in the following directory:

   .\modules\leaservice

3. Find the following line:

   SessionSuspendTimeSec=

4. At the end of the line add the amount of seconds you would like to wait before the new lea log data is collected.  For example: 

   SessionSuspendTimeSec=300

   1. Minimum value is 30 seconds.
   2. Maximum value is 86400 seconds.

5. Save and close the file.

6. Start the NetiQ – Lea Service.

Notes:

For more information on how the OPSEC LEA service works please see the following knowledge base article:

:10552 How does OPSEC LEA work?

This article was previously published as:

NETIQKB37513