System Configuration

Purpose

The System Configuration allows you to easily view the settings made in the configuration file zeusafm.conf. In this configuration file the global settings for the interaction of the individual system components are specified.

Basic settings

CAUTION
The configuration file zeusafm.conf is managed by the Traffic Manager. In order to avoid conflicts with other components, we strongly recommend not to edit this file manually. If you need to change any of the settings, please do so via the Traffic Manager Admin UI on the page System > Application Firewall.

Advanced settings

Some more advanced settings can’t be made via the Traffic Manager Admin UI. In these cases you need to edit the configuration file zeusafm.conf manually. You can find the file under $ZEUSHOME/stingrayafm/<version>/etc/zeusafm.conf.

After modifying the configuration file manually on one machine in the cluster, you must replicate it across the cluster from the Diagnose page on the Traffic Manager Admin UI.

After doing that, you must restart vWAF from the System > Traffic Managers of the Traffic Manager Admin UI.

The new settings apply to every machine in the cluster.

Opening

To open System Configuration, select the menu item Administration > System Configuration.

Attributes

Attribute	Meaning
AdminAuthAutoAddUserGroup	Determines the user group to which new users are assigned when AdminAuthAutoAddUsers is true.
AdminAuthAutoAddUsers	When this option is set to true, users of the Traffic Manager who access vWAF for the first time are automatically added as vWAF users. In this case you don't need to add these users manually via User Management By default, the added users are assigned to the user group "zeusafm Administrator". You can change this by setting the attribute AdminAuthAutoAddUserGroup.
AdminAuthLogoutRedirectUrl	URL to which users are redirected after manual or automatic logout.
AdminAuthMethod	Usually, vWAF uses external authentication via the Traffic Manager. If you change the default setting to "internal", vWAF uses a separate authentication mechanism and login page. Users then have to log in using the username and password specified in User Management.
adminMasterXMLIP	Default IP address of the Admin Master Server.
adminMasterXMLPort	Default port number of the Admin Master Server.
adminMasterXMLuseMultiCPU	With large installations, the administration master can be a performance bottleneck for user interface operations. Tasks like fetching statistical data or doing statistic precomputations can take up a lot of CPU resources. This can make the user interface act slow, or it might even delay other important tasks. To increase performance, you can enable multi-CPU mode. The downside of multi-CPU mode, however, is that it needs more memory. So the decision is a tradeoff between performance and memory usage.
adminServerIP	IP address of the administration server.
adminServerPort	Port number of the administration server.
adminServerSessionTimeout	Timeout of the administration server, given in minutes. The value must be in the interval of 5 up to 720 minutes (= 12 hours).
adminServerSSLCertFile	SSL cert file if SSL is used to access the administration interface. If no key and cert files are specified, vWAF uses default values.)
adminServerSSLKeyFile	SSL key file if SSL is used to access the administration interface. (If no key and cert files are specified, vWAF uses default values.)
adminServerUseSSL	When enabled, SSL is used to access the vWAF administration interface.
adminSlaveXMLIP	Default IP address of the Admin Slave Server. If vWAF isn't installed in a cluster, the Admin Master Server and Admin Slave Server run on the same computer.
adminSlaveXMLPort	Default port number of the Admin Slave Server.
clusterPwd	Cluster password.
decisionServerIP	IP address of the decider.
decisionServerPort	Port number of the decider. This entry must match the port configured in the web server (entry AODbackend.
docDir	Directory where the online documentation is stored. The default is doc.
enableBaselineDownload	Determines whether vWAF automatically downloads definition files for baseline protection (see Baseline Protection).
enable-default-admin-account	You can set this option to true temporarily if you've forgotten your username or password. You can then use the default username "admin" and password "admin" to log in and then change your password. For security reasons, comment the option back out again as soon as possible, or set the value to "false".
hotStandbyBackendIP	IP address of the decider that's used as hot standby node.
hotStandbyBackendPort	Port number of the decider that's used as hot standby node.
hotStandbyNode	Only when installed in an cluster: Determines whether a slave node is configured for hot standby mode. In hot standby mode this decider is used if other deciders aren't available.
logDir	Specifies where the system log files are stored. To specify where the application specific log files, are stored, use the attributes "slaveLogBackend" and "masterLogBackend". Usually, we recommend using the same directory for "logDir" as for "slaveLogBackend".
masterLogBackend	see slaveLogBackend
maxBlacklistedIPs	Maximum number of IP addresses for which temporary blacklisting may be activated (see Global IP Blacklisting ).
nodeID	Unique ID for each slave.
numberOfCPUs	Number of CPUs if multi-CPU support has been enabled (see Installation).
purgeSlaveLogs	Determines whether log files are automatically removed from slaves after successful synchronization (default is False).
restServerIP	Only needed if you use the REST-based API. IP address of the used REST server.
restServerPort	Only needed if you use the REST-based API. Port number of the used REST server.
restServerSSLCertFile	SSL cert file if SSL is used to access the REST server. If no key and cert files are specified, vWAF uses default values.)
restServerSSLKeyFile	SSL key file if SSL is used to access the REST server. (If no key and cert files are specified, vWAF uses default values.)
restServerUseSSL	Only needed if you use the REST-based API. True if the used REST server uses SSL.
slaveLogBackend masterLogBackend	Back-ends for the log files: slaveLogBackend determines the back-ends for the decider and for the administration slave(s). masterLogBackend determines the back-ends for the administration master. For masterLogBackend to become effective, the option useMasterLogs must be enabled. At least one back-end is required. You can also specify multiple log back-ends at a time, separated by commas. When you specify multiple back-ends, vWAF uses the first back-end (the entry before the first comma) when it reads and displays log data for monitoring. Possible back-ends and the required definition syntax are: file:<path> db:<type>://[<user>[:<password>]@][<host>[:<port>]]/<database name> (available database types are: mssql, postgres) syslog:[tcp: \| udp:][facility:]<destination IP>[:<port>][/<source IP>[:<port>]]> syslog-cef:[tcp: \| udp:][facility:]<destination IP>[:<port>][/<source IP>[:<port>]]> syslog-csv:[tcp: \| udp:][facility:]<destination IP>[:<port>][/<source IP>[:<port>]]> syslog-rfc5424:[tcp: \| udp:][facility:]<destination IP>[:<port>][/<source IP>[:<port>]]> (logs in the format specified in http://tools.ietf.org/html/rfc5424) "facility" can be a number (0-23) or one of the following strings: USER, DAEMON, LOCAL0...LOCAL7. The variable elements must not contain commas or any of the special characters used to define a log backend. A typical scenario is logging to a file on the slaves, and to a database on the master. Example: slaveLogBackend = file:../generic/logs, syslog:10.100.1.1 masterLogBackend = db:postgres://stingrayaf@localhost//stingrayaf_master_log If you want to use a database as a log back-end, make sure that you have the appropriate know-how of how to configure and tune the performance of that database. We can't provide any support, here. If you aren't sure of how to configure a database, we strongly recommend using a file log back-end instead.
snmpAgentIP	IP address of the SNMP agent.
snmpAgentPort	Port number of the SNMP agent.
storageDir	Directory where the configuration databases and statistics are stored. The default is "conf".
useMasterLogs	vWAF saves log files on all slaves. If you want to be able to back up and analyze log files centrally, vWAF can additionally save copies of the log files on the master. To achieve this, you must set useMasterLogs to True on the master. Saving copies on the master may take up a lot of disk space. Therefore this feature is disabled by default (Value False).
useMasterLogs ExternalSync	If useMasterLogs is enabled, this needs a lot of CPU resources and might thus slow down your system. Should this happen, you can set useMasterLogsExternalSync to True on the master and provide some external synchronizing algorithm for the master logs-for example, via a shell script.