Configuration Parameters for Protector
Update the mandatory and optional parameters to configure the protectors.
The protectors can be configured by specifying the parameters in a configuration file or by specifying the parameters as environment variables. The parameters specified as environment variables have a higher priority than the parameters specified in the configuration file. The value specified in the environment varibles overrides the value specified in the configuration file for the same parameter.
The configuration parameters can be categorized as follows:
- Core - Responsible for performing URP operations and generating the logs.
- Resilient Package Sync - Responsible for retrieving the package from the ESA, RPP, or the shared memory at regular intervals.
- Resilient Package Status - Responsible for sending the status of the resilient package to Insight at regular intervals.
- Forwarding Audits and Logs - Responsible for forwarding the audits and logs to the Log Forwarder or other outputs.
The configuration parameters can be mandatory and optional. Mandatory parameters are the ones where users are expected to modify the values as per their requirement. Optional parameters are the ones where users are recommended to retain the default values. Users should exercise extreme caution while updating the values for any optional parameter.
Core Configuration Parameter
The following is the Core configuration parameter.
| Parameter in Configuration File | Environment Variable | Description | Mandatory or Optional |
|---|---|---|---|
| flushinterval | PTY_CORE_FLUSHINTERVAL | Specify the time interval in seconds after which the audits are flushed from the cache. The default value is 1. The maximum value is 86400. 0 is an invalid value. Caution: If you change the default value, then the timestamp on the protection audits will not be accurate. For example, if you set this value to 60, then the flush audits will happen once a minute. Every audit that is flushed will have the timestamp of when the flushing occurred, even if the protection happened 59 seconds ago. This caution is not applicable to short-lived nodes and short-lived protectors. In these instances, the flushing always happens when the process is shut down correctly. | Optional |
In the configuration file, specify this parameter under the section [core].
For example:
[core]
flushinterval = <value>
Resilient Package Sync Configuration Parameters
The following are the configuration parameters for Resilient Package Sync.
| Parameter in Configuration File | Environment Variable | Description | Mandatory or Optional |
|---|---|---|---|
| interval | PTY_SYNC_INTERVAL | Specifies the time interval in seconds after which the protector retrieves a new package from the ESA, RPP, or shared memory. The default value is 60. The maximum value is 86400. 0 is an invalid value. | Optional |
| protocol | PTY_SYNC_PROTOCOL | Specify the protocol used by the protector to retrieve the resilient packages. Specify one of the following options: The default value is https. | Optional |
| host | PTY_SYNC_HOST | Specify the host name or IP address of the upstream server that is providing the resilient packages. | Mandatory if protocol is set to https. |
| port | PTY_SYNC_PORT | Specify the port number of the upstream server that is providing the resilient packages. The default value is 25400. | Mandatory if protocol is set to https. |
| ca | PTY_SYNC_CA | Specify the path of the CA certificate that is used to authenticate the ESA. For more information about certificates, refer to Certificate Management in ESA | Mandatory if protocol is set to https. |
| cert | PTY_SYNC_CERT | Specify the path of the client certificate for the protector. It is used for mutual TLS communication between the upstream server and the protector. | Mandatory if protocol is set to https. |
| key | PTY_SYNC_KEY | Specify the path to the client certificate key. This parameter is required if you are using a client certificate. | Mandatory if protocol is set to https. |
| secretfile | PTY_SYNC_SECRET_FILE | Specify the path to the file that contains the secret. This secret is used to decrypt the client certificate key. | Mandatory if protocol is set to https. |
| requesttimeout | PTY_SYNC_REQUESTTIMEOUT | Timeout of the RP sync request in seconds. The default value is 0, which means that the timeout is never triggered. The maximum value is 86400. Caution: If you specify a timeout value and the network is slow, then it is possible that the request continuously times out before retrieving any package. | Optional |
| verify | PTY_SYNC_VERIFY | Verify whether the common name mentioned on the server certificate is the same one as specified in the company DNS. The default value is false. This parameter is not applicable if you are using self-signed certificates. | Optional |
| setlocalip | PTY_SYNC_SET_LOCAL_IP | Automatically add the local IP address of the protector, from where the sync request has originated, to the X-Forwarded-For header. The default value is true. | Optional |
| channel | PTY_SYNC_CHANNEL | Specify a communication channel to the shared memory. This parameter is required if you want to run multiple RPAs with different package versions on the same node. The default value is 0. The range of the value is from 0 to 255. | Optional |
In the configuration file, specify this parameter under the section [sync].
For example:
[sync]
interval = <value>
protocol = <value>
host = <value>
port = <value>
ca = <value>
cert = <value>
key = <value>
secretfile = <value>
requesttimeout = <value>
verify = <value>
setlocalip = <value>
channel = <value>
Resilient Package Status Configuration Parameter
The following is the configuration parameter for Resilient Package Status.
| Parameter in Configuration File | Environment Variable | Description | Mandatory or Optional |
|---|---|---|---|
| interval | PTY_STATUS_INTERVAL | Specifies the time interval in seconds after which the protectors send the status of the resilient package to Insight. The default value is 60. The maximum value is 86400. 0 is an invalid value. Caution: If you change the default value, then it might result in a mismatch in the status appearing on the Protector Status Dashboard. For example, if you change the interval to 3800, that is more than one hour, then the Connectivity status will show the status as error. This caution is not applicable to short-lived nodes and short-lived protectors. | Optional |
In the configuration file, specify this parameter under the section [status].
For example:
[status]
interval = <value>
Configuration Parameters for Forwarding Audits and Logs
The following are the configuration parameters for forwarding the audits and logs.
| Parameter in Configuration File | Environment Variable | Description | Mandatory or Optional |
|---|---|---|---|
| output | PTY_LOG_OUTPUT | Specify the output type for protection logs. Specify one of the following values:
| Optional |
| mode | PTY_LOG_MODE | Specify how the logs are handled in case the connection to the Log Forwarder is lost. Specify one of the following options:
This setting is only applicable for the protector logs sent from the protector, and not for the application logs available in the ESA. | Optional |
| host | PTY_LOG_HOST | Specify the host name or IP address of the machine where the Log Forwarder is installed. The logs will be forwarded from the protector to this host name or IP address. The default value is set to localhost. | Optional |
| port | PTY_LOG_PORT | Specify the port number of the machine where the Log Forwarder is installed. The logs will be forwarded from the protector to this port. The default value is 15780. | Optional |
In the configuration file, specify this parameter under the section [log].
For example:
[log]
output = <value>
mode = <value>
host = <value>
port = <value>
Feedback
Was this page helpful?