Sophie

Sophie

distrib > Mandriva > 2010.1 > x86_64 > media > contrib-release > by-pkgid > aa0a0c745bf74bd0c70c4944117a40d3 > files > 167

gnugk-2.3.1-1mdv2010.1.x86_64.rpm

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 3.2 Final//EN">
<HTML>
<HEAD>
 <META NAME="GENERATOR" CONTENT="LinuxDoc-Tools 0.9.21">
 <TITLE>The GNU Gatekeeper: Basic Gatekeeper Configuration</TITLE>
 <LINK HREF="manual-5.html" REL=next>
 <LINK HREF="manual-3.html" REL=previous>
 <LINK HREF="manual.html#toc4" REL=contents>
</HEAD>
<BODY>
<A HREF="manual-5.html">Next</A>
<A HREF="manual-3.html">Previous</A>
<A HREF="manual.html#toc4">Contents</A>
<HR>
<H2><A NAME="s4">4.</A> <A HREF="manual.html#toc4">Basic Gatekeeper Configuration</A></H2>

<P>The behavior of the gatekeeper is completely determined by the command line
options and configuration file. Some command line options may override
a setting from the configuration file.
For example, the option <CODE>-l</CODE> overrides the setting <CODE>TimeToLive</CODE>
in the configuration file.</P>

<H2><A NAME="commandline"></A> <A NAME="ss4.1">4.1</A> <A HREF="manual.html#toc4.1">Command Line Options</A>
</H2>

<P>Almost every option has a short and a long format, e.g.,
<CODE>-c</CODE> is the same as <CODE>--config</CODE>.</P>

<H3>Basic</H3>

<P>
<DL>
<DT><B><CODE>-h  --help</CODE></B><DD><P>Show all available options and quit the program.</P>
<DT><B><CODE>-c  --config filename</CODE></B><DD><P>Specify the configuration file to use.</P>
<DT><B><CODE>-s  --section section</CODE></B><DD><P>Specify which main section to use in the configuration file. The default is [Gatekeeper::Main].</P>
<DT><B><CODE>-i  --interface IP</CODE></B><DD><P>Specify the IP address that the gatekeeper listens to.
By default, the gatekeeper will automatically determine which IP address(es) it should use.  This
option will override the auto provisioning.</P>
<DT><B><CODE>-l  --timetolive n</CODE></B><DD><P>Specify the time-to-live timer (in seconds) for endpoint registration.
Overrides the setting <CODE>TimeToLive</CODE> in the configuration file.
See 
<A HREF="#ttl">there</A> for detailed explanations.</P>
<DT><B><CODE>-b  --bandwidth n</CODE></B><DD><P>Specify the total bandwidth available for the gatekeeper.
Without this option, bandwidth management
is disabled.</P>
<DT><B><CODE>--pid filename</CODE></B><DD><P>Specify the pid file. Only valid for Unix version.</P>
<DT><B><CODE>-u  --user name</CODE></B><DD><P>Run the gatekeeper process as this user. Only valid for Unix version.</P>
<DT><B><CODE>--core n</CODE></B><DD><P>Enable writing core dump files when the application crashes. A core
dump file will not exceed n bytes in size. A special constant "unlimited"
may be used to not enforce any particular limit.  Only valid for Unix version.</P>
</DL>
</P>

<H3>Gatekeeper Mode</H3>

<P>The options in this subsection override the settings in the
<A HREF="manual-5.html#routed">[RoutedMode] section</A> of the configuration file.
<DL>
<DT><B><CODE>-d  --direct</CODE></B><DD><P>Use direct endpoint call signaling.</P>
<DT><B><CODE>-r  --routed</CODE></B><DD><P>Use gatekeeper routed call signaling.</P>
<DT><B><CODE>-rr  --h245routed</CODE></B><DD><P>Use gatekeeper routed call signaling and H.245 control channel.</P>
</DL>
</P>

<H3>Debug Information</H3>

<P>
<DL>
<DT><B><CODE>-o  --output filename</CODE></B><DD><P>Write trace log to the specified file.</P>
<DT><B><CODE>-t  --trace</CODE></B><DD><P>Set trace verbosity. Each additional <CODE>-t</CODE> adds additional verbosity to the output.
For example, use <CODE>-ttttt</CODE> to set the trace level to 5.</P>
</DL>
</P>

<H2><A NAME="config"></A> <A NAME="ss4.2">4.2</A> <A HREF="manual.html#toc4.2">Configuration File</A>
</H2>

<P>The configuration file is a standard text file. The basic format is:</P>
<P>
<BLOCKQUOTE><CODE>
<PRE>
[Section String]
Key Name=Value String
</PRE>
</CODE></BLOCKQUOTE>
</P>
<P>Comments are marked with a hash (<CODE>#</CODE>) or a semicolon (<CODE>;</CODE>)
at the beginning of a line.</P>
<P>The file
<CODE>complete.ini</CODE>
contains all available sections for GnuGk.
In most cases it doesn't make sense to use them all at once.
The file is just meant as a collection of examples for many settings.</P>
<P>The configuration file can be changed at run time.
Once you modify the configuration file, you may issue the <CODE>reload</CODE> command
via the status port, or send the <CODE>HUP</CODE> signal to the gatekeeper process:
<BLOCKQUOTE><CODE>
<PRE>
kill -HUP `cat /var/run/gnugk.pid`
</PRE>
</CODE></BLOCKQUOTE>
</P>

<H2><A NAME="gkmain"></A> <A NAME="ss4.3">4.3</A> <A HREF="manual.html#toc4.3">Section [Gatekeeper::Main]</A>
</H2>

<P>
<UL>
<LI><CODE>Fortytwo=42</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>This setting is used to test for the presence of the config file. If it
is not found, a warning is issued.
Make sure it's in all your config files.</P>

</LI>
<LI><CODE>Name=GnuGk</CODE><BR>
Default: <CODE>OpenH323GK</CODE><BR>
<P>Gatekeeper identifier of this gatekeeper. The gatekeeper will only respond to
GRQs for this ID and will use it in a number of messages to its endpoints.</P>

</LI>
<LI><CODE>Home=192.168.1.1</CODE><BR>
Default: <CODE>0.0.0.0</CODE><BR>
<P>The gatekeeper will listen for requests on this IP address.
If set to <CODE>0.0.0.0</CODE> the gatekeeper will listen on all interfaces of your host.
Multiple Home addresses can be used
and must be separated with a semicolon (;) or comma (,).</P>

</LI>
<LI><CODE>NetworkInterfaces=192.168.1.1/24,10.0.0.1/0</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>Specify the network interfaces of the gatekeeper. By default the gatekeeper
will automatically detect the interfaces of your host, so this setting is not 
usually required, but is available if automatic detection fails. 
If you are using GnuGk behind a NAT box then you should use the ExternalIP
setting (described below) which will automatically configure GnuGk to operate as if it was
on the NAT box.  The ExternalIP setting will take precedence and will override this value.</P>
<P><B>NOTE:</B> If this setting is changed, you must restart the gatekeeper.  A reload from the status port
will not cause this value to be re-read.</P>

</LI>
<LI><CODE>Bind=192.168.1.1</CODE><BR>
Default: <CODE>0.0.0.0</CODE><BR>
<P>Specify the IP address for default routing. If there is only one interface then
this setting is ignored. Use this to specify which default IP address to use in a multihomed
virtual environment where there may be many virtual interfaces on one host.</P>

</LI>
<LI><CODE>EndpointIDSuffix=_gk1</CODE><BR>
Default: <CODE>_endp</CODE><BR>
<P>The gatekeeper will assign a unique identifier to each registered endpoint.
This option can be used to specify a suffix to append to the endpoint identifier. This is only useful when using more than one gatekeeper.
<B>This setting doesn't change when the config is reloaded!</B></P>

</LI>
<LI>
<A NAME="ttl"></A> <CODE>TimeToLive=300</CODE><BR>
Default: <CODE>-1</CODE><BR>
<P>An endpoint's registration with a gatekeeper may have a limited life span.
The gatekeeper specifies the registration duration for an endpoint
by including a <B>timeToLive</B> field in the RCF message.
After the specified length of time, the registration is considered expired.
The endpoint must periodically send a RRQ having the <B>keepAlive</B>
bit set prior to the expiration time. Such a message may include a
minimum amount of information as described in H.225.0 and is known as a lightweight RRQ.</P>
<P>The endpoint may request a shorter <B>timeToLive</B> in the RRQ message
to the gatekeeper.</P>
<P>To avoid an overload of RRQ messages,
the gatekeeper automatically resets this timer
to 60 seconds if you specify a lower value.</P>
<P>After the expiration time,
the gatekeeper will make two attempts using IRQ messages to determine
if the endpoint is still alive. If the endpoint responds with an IRR,
the registration will be extended. If not, the gatekeeper will send
a URQ with reason <B>ttlExpired</B> to the endpoint.
The endpoint must then re-register with the gatekeeper using a full RRQ message.</P>
<P>To disable this feature, set it to <CODE>-1</CODE>.</P>

</LI>
<LI><CODE>CompareAliasType=0</CODE><BR>
Default: <CODE>1</CODE><BR>
<P>By default, a H323ID of '1234' won't match E164 number '1234' when comparing aliases. This parameter allows you 
to ignore the alias type when performing comparisons.</P>

</LI>
<LI><CODE>CompareAliasCase=0</CODE><BR>
Default: <CODE>1</CODE><BR>
<P>By default, alias 'jan' won't match alias 'Jan'.  If set to false, the comparison will not be case sensitive.</P>

</LI>
<LI><CODE>TraceLevel=2</CODE><BR>
Default: <CODE>0</CODE><BR>
<P>Set trace level (same as -t on the command line).</P>
<P><B>This setting doesn't change when the config is reloaded!</B></P>

</LI>
<LI><CODE>TotalBandwidth=100000</CODE><BR>
Default: <CODE>-1</CODE><BR>
<P>Total bandwidth available to be given to endpoints.
By default this feature is off.</P>
<P><B>NOTE:</B>  At this time, the GnuGk only checks calls from registered endpoints and
many endpoints supply incorrect bandwidth values.</P>

</LI>
<LI><CODE>RedirectGK=Endpoints > 100 | Calls > 50</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>This option allow you to redirect endpoints to alternate gatekeepers
if the gatekeeper becomes overloaded.
In the example above, the gatekeeper will
reject a RRQ if the number of registered endpoints would exceed 100,
or reject an ARQ if concurrent calls exceed 50.</P>
<P>Furthermore, you may explicitly redirect all endpoints by
setting this option to <CODE>temporary</CODE> or <CODE>permanent</CODE>.
The gatekeeper will send a RAS rejection message with a list of
alternate gatekeepers defined in <CODE>AlternateGKs</CODE>.
Note that a <CODE>permanent</CODE> redirection means that the redirected endpoints
will not register with this gatekeeper again.
<B>NOTE:</B>  The redirect capability will only function with H.323 version 4
compliant endpoints.</P>

</LI>
<LI><CODE>AlternateGKs=1.2.3.4:1719:false:120:GnuGk</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>If the endpoint loses connectivity with GnuGk it should automatically try 
to register with the alternate gatekeeper specified here.</P>
<P><B>NOTE:</B>  Depending on the endpoint, it may not attempt to re-establish a 
connection to its original gatekeeper.  Support for "Assigned Gatekeepers" was added
in H.323v6.  See 
<A HREF="http://www.packetizer.com/ipmc/h323/whatsnew_v6.html">http://www.packetizer.com/ipmc/h323/whatsnew_v6.html</A> for additional information.</P>
<P>The primary gatekeeper includes a field in the RCF to inform endpoints which alternate
IP and gatekeeper identifier to use.</P>
<P>The alternate gatekeeper needs to be aware of all 
registrations on the primary gatekeeper or else it would reject calls.
Our gatekeeper can forward every RRQ to an alternate IP address.</P>
<P>The AlternateGKs config option specifies the fields contained in
the primary gatekeeper's RCF. The first and second fields of this string define
where (IP, port) to forward to.
The third tells endpoints whether they need to register with the alternate gatekeeper
before placing calls. They usually don't because we forward their RRQs, so they
are automatically known to the alternate gatekeeper.
The fourth field specifies the priority for this gatekeeper.
Lower is better; usually the primary gatekeeper is considered to have priority 1.
The last field specifies the alternate gatekeeper's identifier.</P>
<P>You may specify multiple alternate gatekeepers as a comma separated list.</P>

</LI>
<LI><CODE>SendTo=1.2.3.4:1719</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>Although this information is contained in AlternateGKs, you must still
specify which address to forward RRQs to. This might differ from AlternateGK's
address due to multihomed systems, so it's a separate config option.</P>
<P>You can specify multiple gatekeepers in a comma separated list.</P>

</LI>
<LI><CODE>SkipForwards=1.2.3.4,5.6.7.8</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>To avoid circular forwarding, you shouldn't forward RRQs you get from the
other gatekeeper (this statement is true for both primary and alternate gatekeeper).
Two mechanisms are used to identify whether a request should be forwarded.
The first one looks for a flag in the RRQ. Since few endpoints implement this,
we can increase the overall reliability of the system by specifying it here.</P>
<P>Specify the other gatekeeper's IP in this list.</P>

</LI>
<LI><CODE>StatusPort=7000</CODE><BR>
Default: <CODE>7000</CODE><BR>
<P>Status port to monitor the gatekeeper.
See 
<A HREF="manual-13.html#monitor">this section</A> for details.</P>

</LI>
<LI><CODE>StatusTraceLevel=2</CODE><BR>
Default: <CODE>2</CODE><BR>
<P>Default output trace level for new status interface clients.
See 
<A HREF="manual-13.html#monitor">this section</A> for details.</P>

</LI>
<LI><CODE>TimestampFormat=ISO8601</CODE><BR>
Default: <CODE>Cisco</CODE><BR>
<P>This setting configures the default format of timestamp strings generated by the gatekeeper.
This option affects 
<A HREF="manual-9.html#sqlacct">[SqlAcct]</A>, 
<A HREF="manual-9.html#radacct">[RadAcct]</A>, 
<A HREF="manual-9.html#fileacct">[FileAcct]</A>
and other modules, but not 
<A HREF="manual-12.html#calltable">[CallTable]</A>.
You can further customize timestamp formatting per module by configuring the
<CODE>TimestampFormat</CODE> setting in the module-specific configuration portion of the config file.</P>
<P>There are four predefined formats:
<UL>
<LI><CODE>RFC822</CODE> - a default format used by the gatekeeper (example: Wed, 10 Nov 2004 16:02:01 +0100)</LI>
<LI><CODE>ISO8601</CODE> - standard ISO format (example: 2004-11-10 T 16:02:01 +0100)</LI>
<LI><CODE>Cisco</CODE> - format used by Cisco equipment (example: 16:02:01.534 CET Wed Nov 10 2004)</LI>
<LI><CODE>MySQL</CODE> - simple format that MySQL can understand (example: 2004-11-10 16:02:01)</LI>
</UL>
</P>
<P>If none of the predefined options is suitable, you can build your own format string using
rules from the <CODE>strftime</CODE> C function (see man strftime or search MSDN for strftime).
In general, the format string consists of regular character and format codes, preceded
by a percent sign. Example: "%Y-%m-%d and percent %%" will result in "2004-11-10 and percent %".
Some common format codes:
<UL>
<LI><CODE>%a</CODE> - abbreviated weekday name</LI>
<LI><CODE>%A</CODE> - full weekday name</LI>
<LI><CODE>%b</CODE> - abbreviated month name</LI>
<LI><CODE>%B</CODE> - full month name</LI>
<LI><CODE>%d</CODE> - day of month as decimal number</LI>
<LI><CODE>%H</CODE> - hour in 24-hour format</LI>
<LI><CODE>%I</CODE> - hour in 12-hour format</LI>
<LI><CODE>%m</CODE> - month as decimal number</LI>
<LI><CODE>%M</CODE> - minute as decimal number</LI>
<LI><CODE>%S</CODE> - second as decimal number</LI>
<LI><CODE>%y</CODE> - year without century</LI>
<LI><CODE>%Y</CODE> - year with century</LI>
<LI><CODE>%u</CODE> - microseconds as decimal number (<B>this is a GnuGk extension</B>)</LI>
<LI><CODE>%z</CODE> - time zone abbreviation (+0100)</LI>
<LI><CODE>%Z</CODE> - time zone name</LI>
<LI><CODE>%%</CODE> - percent sign</LI>
</UL>
</P>

</LI>
<LI><CODE>EncryptAllPasswords=1</CODE><BR>
Default: <CODE>0</CODE><BR>
<P>Enable encryption of all passwords in the config (SQL passwords, RADIUS
passwords, [Password] passwords, [GkStatus::Auth] passwords). If enabled,
all passwords must be encrypted using the <CODE>addpasswd</CODE> utility. Otherwise
only [Password] and [GkStatus::Auth] passwords are encrypted (old behavior).</P>

</LI>
<LI><CODE>KeyFilled=0</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>Define a global padding byte to be used during password encryption/decryption. 
It can be overridden by setting <CODE>KeyFilled</CODE> within a particular config section.
Usually, you do not need to change this option.</P>

</LI>
</UL>
</P>
<P>Most users will never need to change any of the following values.
They are mainly used for testing or very sophisticated applications.</P>
<P>
<UL>
<LI><CODE>UseBroadcastListener=0</CODE><BR>
Default: <CODE>1</CODE><BR>
<P>Defines whether to listen to broadcast RAS requests. This requires
binding to all interfaces on a machine, so if you want to run multiple
gatekeepers on the same machine you should turn this off.</P>

</LI>
<LI><CODE>UnicastRasPort=1719</CODE><BR>
Default: <CODE>1719</CODE><BR>
<P>The RAS channel TSAP identifier for unicast.</P>

</LI>
<LI><CODE>UseMulticastListener=0</CODE><BR>
Default: <CODE>1</CODE><BR>
<P>Enable or disable gatekeeper discovery using multicast. By default it is enabled.</P>

</LI>
<LI><CODE>MulticastPort=1718</CODE><BR>
Default: <CODE>1718</CODE><BR>
<P>The RAS channel TSAP identifier for multicast.</P>

</LI>
<LI><CODE>MulticastGroup=224.0.1.41</CODE><BR>
Default: <CODE>224.0.1.41</CODE><BR>
<P>The multicast group for the RAS channel.</P>

</LI>
<LI><CODE>EndpointSignalPort=1720</CODE><BR>
Default: <CODE>1720</CODE><BR>
<P>Default port for call signaling channel of endpoints.</P>

</LI>
<LI><CODE>ListenQueueLength=1024</CODE><BR>
Default: <CODE>1024</CODE><BR>
<P>Queue length for incoming TCP connection.</P>

</LI>
<LI><CODE>SignalReadTimeout=1000</CODE><BR>
Default: <CODE>1000</CODE><BR>
<P>Time in milliseconds for read timeout on call signaling channels (Q931).</P>

</LI>
<LI><CODE>StatusReadTimeout=3000</CODE><BR>
Default: <CODE>3000</CODE><BR>
<P>Time in milliseconds for read timeout on status channel.</P>

</LI>
<LI><CODE>StatusWriteTimeout=5000</CODE><BR>
Default: <CODE>5000</CODE><BR>
<P>Time in milliseconds for write timeout on status channel.</P>

</LI>
<LI><CODE>ExternalIP=myip.no-ip.com</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>When using GnuGk behind a NAT you can set the external IP address 
that you wish the gatekeeper to masquerade as. This will allow external endpoints
and other gatekeepers to contact the NATed gatekeeper. To work you must port
forward the required ports to the gatekeeper IP or put the gatekeeper in the NAT box
DMZ. This is different than the bind setting, which specifies a physical IP
address on the GnuGk box.  </P>
<P>You may specify an IP address or a fully-qualified domain name (FQDN).  If
you use a FQDN and <CODE>ExternalIsDynamic</CODE> is set to false, it will be
resolved to an IP address on startup or configuration reload.  If
<CODE>ExternalIsDynamic</CODE> is set to true, the name will be stored and
resolved when needed.</P>

</LI>
<LI><CODE>ExternalIsDynamic=1</CODE><BR>
Default: <CODE>0</CODE><BR>
<P>Configures the GnuGk to support an external dynamic address.  If enabled,
GnuGk will ensure that the Dynamic DNS (DDNS) service receives keep-alive
messages to maintain your DDNS name lease.  You must also configure the
<CODE>ExternalIP</CODE> setting with a DNS address maintained by a DDNS service
such as www.dyndns.com or www.no-ip.com.</P>

</LI>
<LI><CODE>DefaultDomain=gnugk.org</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>If the GnuGk receives a request for an address in the format
<B>user@domain.com</B>, this option will strip the domain from the address
if it matches the <CODE>DefaultDomain</CODE> setting and will then process the
request using just the "<B>user</B>" field.  This is useful when receiving
interdomain calls placed via SRV routing policy where the full URI is
received.  It can also be used in conjunction with the
[RasSrv::RewriteAlias] section to convert the received URI into a E164
number for further processing and routing.</P>

</LI>
<LI><CODE>Authenticators=H.235.1,CAT</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>Selects the specific authenticators to use when authenticating endpoints. 
The default options are: H.235.1 (HMAC SHA1 /  old H235AnnexD), MD5 (Digest Authentication) and CAT (Cisco Access Tokens ie RADIUS). 
If this setting is omitted, all authenticators are loaded by default. 
If you are using plugin authenticators, then you may want to disable the default authenticators to provide optimum security.
Note: H.235.1 requires OpenSSL support compiled into GnuGk.
<B>This switch is only available if GnuGk is compiled with H323Plus.</B></P>

</LI>
<LI><CODE>DisconnectCallsOnShutdown=0</CODE><BR>
Default: <CODE>1</CODE><BR>
<P>GnuGk will disconnect all ongoing calls when it shuts down and
will send an unregistration request to all endpoints.
To override this default, set this parameter to "0".
This switch is intended mainly for gatekeepers running in direct mode;
in routed mode and proxy mode calls will still get disrupted when the gatekeeper shuts down.</P>

</LI>
</UL>
</P>


<H2><A NAME="gkstatusauth"></A> <A NAME="ss4.4">4.4</A> <A HREF="manual.html#toc4.4">Section [GkStatus::Auth]</A>
</H2>

<P>Defines a number of rules regarding who is allowed to connect to the status port.
Access to the status port provides full control over your gatekeeper. Ensure that this is set correctly.
<UL>
<LI><CODE>rule=allow</CODE><BR>
Default: <CODE>forbid</CODE><BR>
<P>Possible values are
<UL>
<LI><CODE>forbid</CODE> - disallow any connection.</LI>
<LI><CODE>allow</CODE> - allow any connection</LI>
<LI><CODE>explicit</CODE> - reads the parameter <CODE>ip=value</CODE>
where <CODE>ip</CODE> is the IP address of the client,
<CODE>value</CODE> is <CODE>1,0</CODE> or <CODE>allow,forbid</CODE> or <CODE>yes,no</CODE>.
If <CODE>ip</CODE> is not listed the parameter <CODE>default</CODE> is used.</LI>
<LI><CODE>regex</CODE> - the IP of the client is matched against the given regular expression.
<P>
<DL>
<DT><B>Example:</B><DD><P>To allow client from 195.71.129.0/24 and 195.71.131.0/24:
<BLOCKQUOTE>
<CODE>regex=^195\.71\.(129|131)\.[0-9]+$</CODE>
</BLOCKQUOTE>
</P>
</DL>
</P>
</LI>
<LI><CODE>password</CODE> - the user must provide an appropriate username and password to login. The format of username/password is the same as 
<A HREF="manual-8.html#password">[SimplePasswordAuth]</A> section.
</LI>
</UL>
</P>
<P>These rules may be combined with "|" (to specify a logical "OR") or "&amp;" (for logical "AND"). For example,
<UL>
<LI><CODE>rule=explicit | regex</CODE><BR>
The IP of the client must match <CODE>explicit</CODE> <B>or</B> <CODE>regex</CODE> rule.

</LI>
<LI><CODE>rule=regex &amp; password</CODE><BR>
The IP of the client must match <CODE>regex</CODE> rule, <B>and</B> the user has to login by username and password.</LI>
</UL>
</P>

</LI>
<LI><CODE>default=allow</CODE><BR>
Default: <CODE>forbid</CODE><BR>
<P>Only used when <CODE>rule=explicit</CODE>.</P>

</LI>
<LI><CODE>Shutdown=forbid</CODE><BR>
Default: <CODE>allow</CODE><BR>
<P>To allow the gatekeeper to be shutdown via status port.</P>

</LI>
<LI><CODE>DelayReject=5</CODE><BR>
Default: <CODE>0</CODE><BR>
<P>Time (in seconds) to wait before rejecting an invalid username/password.  Useful to insert
a delay in brute-force attacks.</P>
</LI>
</UL>
</P>

<H2><A NAME="gkstatusfilteringsect"></A> <A NAME="ss4.5">4.5</A> <A HREF="manual.html#toc4.5">Section [GkStatus::Filtering]</A>
</H2>

<P>See 
<A HREF="manual-13.html#statusportfiltering">Status Port Filtering</A>.</P>

<H2><A NAME="logfile"></A> <A NAME="ss4.6">4.6</A> <A HREF="manual.html#toc4.6">Section [LogFile]</A>
</H2>

<P>This section defines log file related parameters. Currently, it allows
users to specify log file rotation options.</P>
<P>
<UL>
<LI><CODE>Filename=/var/log/gk_trace.log</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>Set the output filename for the log file (same as -o on the command line).
<B>This setting doesn't change when the config is reloaded!</B></P>

</LI>
<LI><CODE>Rotate=Hourly | Daily | Weekly | Monthly</CODE><BR>
Default: <CODE>N/A</CODE><BR>
<P>If set, the log file will be rotated based on this setting. Hourly rotation
enables rotation once per hour, daily - once per day, weekly - once per week
and monthly - once per month. An exact rotation moment is determined by a combination
of <CODE>RotateDay</CODE> and <CODE>RotateTime</CODE> variables. During rotation, an existing 
file is renamed to CURRENT_FILENAME.YYYYMMDD-HHMMSS, where YYYYMMDD-HHMMSS 
is replaced with the current timestamp, and new lines are logged to an empty 
file. To disable rotation, do not configure the <CODE>Rotate</CODE> parameter or set it to 0.</P>
<P>
<DL>
<DT><B>Example 1 - rotate every hour (00:45, 01:45, ..., 23:45):</B><DD><P><CODE>[LogFile]</CODE><BR>
<CODE>Rotate=Hourly</CODE><BR>
<CODE>RotateTime=45</CODE><BR></P>
</DL>
</P>
<P>
<DL>
<DT><B>Example 2 - rotate every day at 23:00 (11PM):</B><DD><P><CODE>[LogFile]</CODE><BR>
<CODE>Rotate=Daily</CODE><BR>
<CODE>RotateTime=23:00</CODE><BR></P>
</DL>
</P>
<P>
<DL>
<DT><B>Example 3 - rotate every Sunday at 00:59:</B><DD><P><CODE>[LogFile]</CODE><BR>
<CODE>Rotate=Weekly</CODE><BR>
<CODE>RotateDay=Sun</CODE><BR>
<CODE>RotateTime=00:59</CODE><BR></P>
</DL>
</P>
<P>
<DL>
<DT><B>Example 4 - rotate on the last day of each month:</B><DD><P><CODE>[LogFile]</CODE><BR>
<CODE>Rotate=Monthly</CODE><BR>
<CODE>RotateDay=31</CODE><BR>
<CODE>RotateTime=23:00</CODE><BR></P>
</DL>
</P>
</LI>
</UL>
</P>

<HR>
<A HREF="manual-5.html">Next</A>
<A HREF="manual-3.html">Previous</A>
<A HREF="manual.html#toc4">Contents</A>
</BODY>
</HTML>

Perl :: Catalyst :: PostgreSQL :: RPM Valid HTML 4.01 Transitional