<?xml version="1.0" encoding="utf-8" standalone="yes"?><rss version="2.0" xmlns:atom="http://www.w3.org/2005/Atom"><channel><title>Managing Configuration Files in DSG on</title><link>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/</link><description>Recent content in Managing Configuration Files in DSG on</description><generator>Hugo</generator><language>en</language><atom:link href="https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/index.xml" rel="self" type="application/rss+xml"/><item><title>Configuring the gateway.json file</title><link>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_gateway_config_file/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_gateway_config_file/</guid><description>&lt;p>This section describes global configuration settings that apply across all DSG nodes in a cluster. These settings extend the options available in the &lt;strong>Global Settings&lt;/strong> tab by providing additional system‑level controls.&lt;/p>
&lt;p>The &lt;code>gateway.json&lt;/code> file includes configurations, such as, setting the log levels, enabling learn mode, and so on.&lt;/p>
&lt;blockquote>
&lt;p>&lt;strong>Note&lt;/strong>: It is recommended that configuration changes are made on the ESA and then deployed to the DSG nodes in the cluster&lt;/p></description></item><item><title>Configuring the features.json file</title><link>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_feature_config_file/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_feature_config_file/</guid><description>&lt;p>The &lt;em>features.json&lt;/em> file is one of the files in the Protegrity Data Security Gateway (DSG) configuration. By adding or removing flags to this file, users can enable or disable specific behavior in the product.&lt;/p>
&lt;h2 id="sample-featuresjson-file">Sample features.json file&lt;/h2>
&lt;p>The following snippet shows the default parameters configured in the features.json file.&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-fallback" data-lang="fallback">&lt;span style="display:flex;">&lt;span>{
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &amp;#34;features&amp;#34;: [
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &amp;#34;enhanced-http-transaction-metrics&amp;#34;,
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &amp;#34;disable-sftp-client-key-check&amp;#34;,
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &amp;#34;normalize-time-labels&amp;#34;,
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> &amp;#34;enhanced-lock-filename&amp;#34;
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span> ]
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>}
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>The following table provides descriptions of the feature flags that can be configured in the features.json file.&lt;/p></description></item><item><title>Configuring the pycore.ini file</title><link>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_pycore_config_file/</link><pubDate>Mon, 01 Jan 0001 00:00:00 +0000</pubDate><guid>https://docs.protegrity.com/dsg/4.0.0.0/docs/dsg_configurations/dsg_pycore_config_file/</guid><description>&lt;h2 id="accessing-the-pycoreini-file">Accessing the pycore.ini File&lt;/h2>
&lt;ol>
&lt;li>Login to the DSG Web UI.&lt;/li>
&lt;li>Navigate to &lt;strong>Settings&lt;/strong> &amp;gt; &lt;strong>System&lt;/strong> &amp;gt; &lt;strong>Files&lt;/strong>.&lt;/li>
&lt;li>Open the &lt;strong>pycore.ini&lt;/strong> file.&lt;/li>
&lt;/ol>
&lt;h2 id="sample-pycoreini-file">Sample pycore.ini file&lt;/h2>
&lt;p>The following represents a sample &lt;code>pycore.ini&lt;/code> file.&lt;/p>
&lt;div class="highlight">&lt;pre tabindex="0" style="background-color:#f8f8f8;-moz-tab-size:4;-o-tab-size:4;tab-size:4;">&lt;code class="language-fallback" data-lang="fallback">&lt;span style="display:flex;">&lt;span>###############################################################################
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Resilient Package Sync Config
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># -----------------------------
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Protector configuration
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># ----------------------------- 
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>[protector]
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Cadence determines how often the protector connects with ESA / proxy to fetch the policy updates in background.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Default is 60 seconds. So by default, every 60 seconds protector tries to fetch the policy updates.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># If the cadence is set to &amp;#34;0&amp;#34;, then the protector will get the policy only once.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>#
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Default 60.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>cadence = 60
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>###############################################################################
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>[sync]
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Protocol to use when communicating with the service providing Resilient Packages.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Use &amp;#39;https&amp;#39; for ESA or &amp;#39;shmem&amp;#39; for local shared memory.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>protocol = https
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Host/IP to the service providing Resilient Packages
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>host = &amp;lt;hostname&amp;gt;
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Path to CA certificate
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>ca = /mnt/ramdisk/certificates/mng/CA.pem
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Path to client certificate
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>cert = /mnt/ramdisk/certificates/mng/client.pem
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Path to client certificate key
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>key = /mnt/ramdisk/certificates/mng/client.key
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Path to a secret file that is used to decrypt the client certificate key.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># When using a custom certificate bundle, the &amp;#39;secretcommand&amp;#39; can instead be 
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># used to execute an external command that obtains the secret.
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>#secretfile = REPLACE_SYNC_SECRET_FILE
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>###############################################################################
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Log Provider Config
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>###############################################################################
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>[log]
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># In case that connection to fluent-bit is lost, set how audits/logs are handled
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># 
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># drop : (default) Protector throws logs away if connection to the fluentbit is lost
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># error : Protector returns error without protecting/unprotecting 
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># data if connection to the fluentbit is lost
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>mode = drop
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Host/IP to fluent-bit where audits/logs will be forwarded from the protector
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>#
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span># Default localhost
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>host = localhost
&lt;/span>&lt;/span>&lt;span style="display:flex;">&lt;span>port = 15780
&lt;/span>&lt;/span>&lt;/code>&lt;/pre>&lt;/div>&lt;p>The following table helps you to understand the usage of the parameters listed in the &lt;strong>pycore.ini&lt;/strong> configuration file for DSG.&lt;/p></description></item></channel></rss>