Back | Next | Contents Cams Administrator's Guide

Configuring Cams Server

Cams is highly configurable by editing the CAMS_HOME/conf/cams.conf file. Many configuration options are provided, and, you are also empowered to extend some behaviors by implementing custom code. This chapter provides instructions on how to configure existing options and extend others.

Cams Server Name

The Cams server name is defined by cams.conf property:

This value is used for logging and to distinguish Cams server installations and their corresponding user sessions from each other. It does not need to correspond to the host's DNS name. You should change it's value to something unique for your company or department, etc. For example: myhost_domain. Alphanumeric and underscore ("_") characters are valid.

Connections

The Cams server listens for agent connections on a specified TCP/IP port specified by property:

The default server port is 9191, but you may also configure Cams to use any other port. Cams also accepts SSL connections when used in conjunction with some agents. The default port for SSL connections to the Cams server is 9393. See Securing Cams Network Connections with SSL for more details.

NOTE: If a Cams agent connects with the Cams server through your firewall, you must ensure that the port you use for the Cams connection is allowed to pass through your firewall.

To limit the number of agents that can connect simultaneously, use property:

The default maximum is 200. Remember that each agent may have many connections. For example, the Cams Apache web agent uses one connection for each Apache process.

Cams also provides a shutdown service on a different port. This is for security purposes to allow you to further refine access to only allow connections to the Cams shutdown service from administrative systems. Furthermore, a password you specify must be supplied by the client to activate shutdown. The properties for the Cams shutdown service are:

The default shutdown port is 9292. The shutdown.bat (Windows) and shutdown.sh (Unix) scripts execute a client program that is setup to use these properties from ${cams.home}/cams.conf. So, if these scripts are executed from the system that started the Cams server, the shutdown program will automatically connect to the correct Cams shutdown port and provide the right password.

NOTE: You should change this password for your site.

Email Notification

Cams server may occasionally use SMTP-based email messages to notify administrators of various configuration or administrative issues. The properties used to configure this service are:

These values must be updated for compatibility with your installation environment. The value of cams.server.smtp.host must be the hostname or IP address of the mail exchange server registered for your Internet domain. The value of cams.server.smtp.from must be an email identity permitted to send messages to the configured SMTP server. In general, an email alias or fictitious name associated with the Cams server should be used. The value of cams.server.smtp.to is the address of the administrator to which messages are sent. If this value is omitted, the value registered in your Cams product license contact attribute is used.

NOTE: Don't hand-edit your Cams product license to change the administrators email address as this will corrupt the license-keys file. Instead, set cams.server.smtp.to to the desired email address.

Secret Key Encryption

Default Cams server connections use selective encryption of data transported between agents and the Cams server. This is facilitated by use of public encryption algorithms like Blowfish, DES, and DESede (triple DES) along with secret key parameters configured by the Cams server and participating Cams agents. You use the following properties to set the options:

Detailed information on configuring the values for these options is provided in Securing Cams Communications using Secret Keys.

Logger

Cams configures it's own centralized trace logger, which logs information about the startup, shutdown, warnings, and errors of it's services. If Cams is not configured correctly, fails to load, detects a runtime error, or experiences any other anomaly, a message will be written by this logger.

Table 1 shows properties that can be used to customize a trace logger's behavior.

Property Req/Opt Description
logger.class Req The fully qualified name of the Logger class that will be instantiated.
logger.file.path Req The fully qualified log file path.
logger.file.append Opt If true new log messages will be appended to the current log file. If false the current log file will be deleted and a new log file will be created. The default value is true.
logger.file.bufferedIO Opt If true the logger will buffer log messages before writing them to the log file. This can significantly improve logging performance. The default value is true.
logger.file.bufferSize Opt Indicates the size of the buffer to fill before writing to the log file. The default value is "4096".
logger.file.maxSize Opt

The maximum size the logfile is allowed to grow before creating a new logfile. Suffixes KB, MB, and GB are recognized. When log files are rolled over, the file name is appended with an numeric digit: 1, 2, 3, etc. The default maxSize value is "4MB".

logger.file.maxBackupIndex Opt The maximum rollover file index. When log files are rolled over, a numeric index is appended to the name, starting with 1 and proceeding to this value. The default maxBackupIndex is 100.
logger.enableConsole Opt If true all log statements that are sent to the log file are also sent to the console. The default value is false.
logger.enableDebugFilter Opt If true all log statements that have the level "DEBUG" will not be logged. The default value is false.
logger.verbose Opt If true all DEBUG, INFO, WARN, ERROR, and FATAL messages logged will contain the following format:

[INFO ] Sample log message
Class Name: com.cafesoft.cams.log.CamsTraceLogger
Method Name: info()
Line Number: 121
Timestamp: 25 Jul 2002 11:02:36,339

If false ONLY WARNING, ERROR, and FATAL message level will use the verbose format, while DEBUG and INFO level messages will use the following format:

[INFO ] Sample Log Message

The default value is false.
logger.debug Opt If true the logger will output diagnostic debug statements to the System.err stream. The default value is false.

Table 1 - Properties for configuring a Cams trace logger

Debug

Cams debug can be turned on or offer at various levels. The cams.conf file enables you to toggle global or service-level debug on/off using the following properties:

The default value is false. Generally, you should only need to enable these values if instructed to do so by Cafésoft support.

Security Domain Registry

A Cams security domain registry factory is a Java class that loads information about the security domains known to Cams from the security-domain-registry.xml file. This factory is configured with the values shown in Example 1.

#
#---	The factory class used to create the SecurityDomainRegistry
#---	and it's configuration parameter(s)
#
security.domain.registry.factory=\
	com.cafesoft.security.engine.domain.XmlSecurityDomainRegistryFactory
security.domain.registry.factory.params=\
	${cams.home}/conf/domains/security-domain-registry.xml
Example 1 - The default Cams server security domain registry factory configuration

The default Cams security domain registry factory (XmlSecurityDomainRegistryFactory), loads an XML registry file located in the directory specified by the parameter. The parameter's ${cams.home} substitution value is specified by the CAMS_HOME environment variable to the Cams server via the startup script.

Normally, you will only need to change this configuration if you move the security-domain-registry.xml file to another directory. The use of a factory provides the flexibility to store the Cams security domain registry in other document formats or databases should it be required.

Resource Types

Cams resource types provide an extensible mechanism to configure agent connections. Configurations are supplied with Cams to enable http resource requests and the native cams resource type to provide connection management messages.

Example 2 shows the http resource type configuration.

#
#--- Configure the "http" Resource type
#

resource.type.permissionFactoryClass.http=\
com.cafesoft.security.engine.access.http.HttpPermissionFactory
resource.type.resourceRequestFactoryClass.http=\
com.cafesoft.cams.access.http.HttpResourceRequestFactory
Example 2 - The default Cams server "http" resource type

Example 3 shows the cams resource type configuration.

#
#--- Configure the "cams" (service) Resource type
#
resource.type.permissionFactoryClass.cams=\
com.cafesoft.security.engine.access.cams.CamsServicePermissionFactory
resource.type.resourceRequestFactoryClass.cams=\
com.cafesoft.security.common.access.cams.CamsServiceResourceRequestFactory
Example 3 - The default Cams server "cams" resource type

In most case, you will not need to change these values. However, should you need to create custom resource types to support messaging protocols additional to those supplied, these configuration values provide the flexibility to do so.

Server Sockets

Cams server sockets provide an extensible mechanism to configure socket connections. The default configuration supports non-SSL sockets. Example 4 shows the non-SSL server socket configuration.

#
#---	Non-SSL ServerSocketFactory and configuration parameters
#
cams.server.socket.factory.class=\
	com.cafesoft.core.message.DefaultServerSocketFactory
cams.server.socket.factory.params=
Example 4 - The default Cams non-SSL server socket configuration

Additional values to support SSL server sockets are supplied but commented out. See Securing Cams Network Connections with SSL for more details.

Back | Next | Contents

© Copyright 1996-2003 Cafésoft LLC. All rights reserved.