|
|
When you install CiscoSecure GRS, a grs.ini file is created that contains a list of the options you chose during installation. You can modify the grs.ini file by rerunning the installation program or by using any text editor. contains a description of the grs.ini file parameters; the table is followed by a complete example grs.ini file.
| Section | Parameter | Explanation |
|---|---|---|
| [Superd] | Section listing the parameters for the daemon grs_d. | |
| Kill Child When Quit = 1 | Indicates whether to kill monitored program(s) when quitting CiscoSecure GRS. 1=kill, 0=do not kill. | |
| [ToBeMonitored] | Section containing a list of programs to be monitored, 1=yes, 0=no. | |
| GRS = 1 | CiscoSecure GRS is monitored, so this section listing monitoring parameters is required. | |
| [GRS] | Monitoring parameters for monitored programs. | |
| Auto Restart = 5 | Number of restarts after unexpected termination. The default is 5. | |
| Work Directory = /opt/CSCOgrs Program Name = /opt/CSCOgrs/bin/grs -x | Work and Program Name subdirectories. If a full path is not specified, CiscoSecure GRS assumes that Program Name is a subdirectory of the Work directory. | |
| Email Recipient = mary@corporation.com | A message is sent to the specified recipient after an unexpected shutdown. If no recipient is specified, no e-mail is sent. | |
| Fatal Error Code = -2, -3, -4 | List of exit codes after which grs_d will not auto-restart the program.
| |
| [General] | Section for keys that are globally applicable. | |
| WebMonitorAccessList | Section is for specifying the IP address or host name of the systems that are allowed to access the dynamic information of the application; for example: WebMonitorAccessList= systemname, 111.11.1.1, mysystem.cisco.com | |
| RadiusAuthenMonitorPort = 2045 | The port that CiscoSecure GRS monitors for RADIUS authentication.
Note: CiscoSecure GRS monitors several sets of ports for communication: one for TACACS+, two for RADIUS, and one for dynamic statistics. The keys are set in the [General] section of the grs.ini file. | |
| RadiusAcctMonitorPort=2046 | The port that CiscoSecure GRS monitors for RADIUS accounting. | |
| TacacsMonitorPort=1024 | The port that CiscoSecure GRS monitors for TACACS+ AAA. | |
| WebMonitorPort=1025 EnableWeb=y | The port that CiscoSecure GRS monitors for dynamic statistics and whether monitoring via web browser is enabled. The default is y. | |
| PartialDomainMatch=1 | Enables partial domain matching. 0=disabled; 1=enabled. The default is 1. | |
| SuffixDelimiters=-@ | Characters used to indicate suffixes. | |
| PrefixDelimiters=\/! | Characters used to indicate prefixes. | |
| SubDomainDelimiters=% | Characters used to indicate subdomains. | |
| DebugLevel=None | Amount of information to provide for debugging and troubleshooting. See the section "Properties General Tab" in the chapter "Configuring CiscoSecure GRS" for more information. The default is None. | |
| [Database] | The section heading for the data store keys. | |
| dbServer = oracle
or dbServer = NONE | The name of the data store: Oracle if you are using the RDBMS client connection, or NONE if you are using the flatfile data store.
| |
| dbUserName = secret | The name of the data store account that CiscoSecure GRS connects with. This user needs read permission to run CiscoSecure GRS and write permission to run the data store utilities. For flatfile, use N/A. | |
| dbPassword = secret | Password for dbUserName. For flatfile, use N/A. | |
| ORACLE_HOME = /export/home/oracle/7.3.2 | The directory in which Oracle software is installed. | |
| dbReloadIntervalMinutes = 10 | Interval used by CiscoSecure GRS to automatically reload updated data store records. The default is 10. | |
| dbTimeOut = 10 | Specifies the length of time (in seconds) that the data store utilities wait for a data store client/server operation. The default is 10. | |
| [GUI] | The heading for the GUI information section. | |
| GuiPrintCmd=lp | The command used to print from the GUI. | |
| GuiBrowserCmd=netscape | The command used to invoke the web browser, if browser access is enabled. |
The following is an example of a grs.ini file:
# Please make sure that all comments start on a FRESH line using a # character. # The # character should be the first character in the line. # # CiscoSecure Global Roaming Service - Configuration File # [Superd] #whether to kill monitored program if being killed KillChildWhenQuit = 1 # List of programs to be monitored, 1 if yes, 0 if no. # Must be the name of sections [ToBeMonitored] GRS = 1 [GRS] AutoRestart=5 WorkDirectory = /opt/CSCOgrs ProgramName = /opt/CSCOgrs/bin/grs -x EmailRecipient=mary@corporation.com FatalErrorCode = -2, -3, -4 [General] WebMonitorAccessList=sparc1, sparc2, 10.2.1.1
# # These are the ports that grs monitors for incoming # connections. # RadiusAuthenMonitorPort=2045 RadiusAcctMonitorPort=2046 TacacsMonitorPort=1024 # This is the port used by GRS to report runtime statistics WebMonitorPort=1025 EnableWeb=y PartialDomainMatch=1 SuffixDelimiters=-@ PrefixDelimiters=\/! SubDomainDelimiters=% # DebugLevel=None [Database] dbServer = oracle1 dbUserName = secret dbPassword = secret ORACLE_HOME = /export/home/oracle/7.3.2 dbReloadIntervalMinutes=10 dbTimeOut = 10 [GUI] GuiPrintCmd=lp GuiBrowserCmd=netscape
To enable partial domain matching, enter the following line in the grs.ini file:
PartialDomainMatch = 1
To disable partial domain matching, enter the following line in the grs.ini file:
PartialDomainMatch = 0
|
|