Difference between revisions of "Settings"

From HSYCO
Jump to navigation Jump to search
Line 162: Line 162:
  
 
When set to 0 or not defined, log files are not deleted automatically.
 
When set to 0 or not defined, log files are not deleted automatically.
 +
 +
=== Access Control ===
 +
 +
 +
'''trustedNet'''
 +
 +
'''Default:''' local
 +
 +
'''Format:''' local, or nn.nn.nn.nn-nn.nn.nn.nn
 +
 +
 +
IP addresses that define the group of network addresses belonging to the secure local network.
 +
 +
It is possible to enter multiple, comma-separated IP ranges or individual IP addresses, or simply enter “local”, so that HSYCO will assume all IP addresses in the LAN as trusted.
 +
 +
The Web clients connecting to HSYCO from these addresses are subject to the time-out defined in KeysTrustedValidityHours, which is usually longer than the one used for all the other IP addresses, defined in KeysNotTrustedValidityHours.
 +
 +
 +
'''KeysTrustedValidityHours'''
 +
 +
'''Default:''' 24
 +
 +
'''Format:''' integer > 0 or hh:mm
 +
 +
 +
Login time-out in hours for the connections from trusted IP addresses.
 +
 +
Set on a very high value, e.g. 100000, to practically avoid the time-out of sessions.
 +
 +
It can also be set using the hh:mm hours and minutes format.
 +
 +
 +
'''KeysNotTrustedValidityHours'''
 +
 +
'''Default:''' 1
 +
 +
'''Format:''' integer > 0 or hh:mm
 +
 +
 +
Login time-out in hours for not trusted IP addresses.
 +
 +
It can also be set using the hh:mm hours and minutes format.
 +
 +
 +
'''KeysInactivityHours'''
 +
 +
'''Default:''' 1
 +
 +
'''Format:''' integer > 0 or hh:mm
 +
 +
 +
Inactivity time-out in hours.
 +
 +
This is an optional parameter; if not set there will be no inactivity time-out and the user session will be automatically logged out based on the login time-out only.
 +
 +
It can also be set using the hh:mm hours and minutes format.
 +
 +
 +
'''KeysInactivityMode'''
 +
 +
'''Default:''' browser
 +
 +
'''Format:''' browser | cameras | commands
 +
 +
 +
Inactivity time-out mode.
 +
 +
This is an optional parameter.
 +
 +
It is significant only when KeysInactivityHours is also defined.
 +
 +
In browser mode, having the Web browser open on the HSYCO page will keep the session alive.
 +
 +
In cameras mode the session will remain alive only when sending commands or watching cameras.
 +
 +
In commands mode the session will stay alive only if commands are sent before the inactivity timer expires.
 +
 +
 +
'''HTTPServerPublicDirectory'''
 +
 +
'''Default:''' browser
 +
 +
'''Format:''' directory name
 +
 +
 +
If defined, enables a simple Web server that serves files, without any parsing, via HTTP and HTTPS, only to clients in the trusted range of IP addresses.
 +
 +
This parameter sets the name of the directory, under the www root Web directory, used for the public files.
 +
 +
If, for example, you have HTTPServerPublicDirectory=public, and an HTML file named home.html in the public directory, then the https://192.168.0.50/public/home.html URL will point to that file.
 +
 +
As you see, you shouldn’t add the URLKey in public URLs.
 +
 +
 +
'''HTTPServerLowSecurityEnabled'''
 +
 +
'''Default:''' false
 +
 +
'''Format:''' true | false
 +
 +
 +
Usually, the HTTP server is only active to let cameras and PBX systems send motion detection and calls notifications.
 +
 +
To avoid the authentication keys, PIN and PUK codes and all traffic to be transmitted in the clear, the HTTP protocol is not normally used for Web access to HSYCO.
 +
 +
Set the parameter to true only when you want to enable the not-secure HTTP protocol for Web access to HSYCO.
 +
 +
 +
'''WebAdminNetConfigLock'''
 +
 +
'''Default:''' false
 +
 +
'''Format:''' true | false
 +
 +
 +
If true, the Web network settings functions are disabled.
 +
 +
This parameter should be set to true once you expect no changes in the network configuration of HSYCO Server.

Revision as of 15:39, 24 February 2014

HSYCO can be configured using the Settings application in the Manager.

Manager menu.png

Settings stores all configuration parameters in the hsyco.ini file.


Note You can copy this file to save the current configuration, or manually change it. In this case, be sure to reopen the Settings application after the changes have been saved.


The configuration is read at start-up, so any changes become effective only after restarting the HSYCO process.

HSYCO is factory configured to automatically restart when hsyco.ini is saved.

Manager settings menu.png

When you make changes using Settings, the hsyco.ini file will be overwritten when you press the Save button.

You can’t return to the previous configuration once it is saved.

The Revert button allows you to reload the current configuration if you have made changes in Setting that have not yet been saved.

Settings parameters are grouped in several sections.

You can make changes to any parameter, even in different sections, and then save all changes together.

System

The Systems section contains all general configuration parameters, including vital parameters affecting system’s security and reliability.

These parameters are further split in several sub-sections.

General

Manager settings general.png


URLKey

Default: hsycoserver

Format: string of at least 8 characters


To protect against malicious service discovery robots, HSYCO does not answer to Web requests where only the server address is defined, for example https://192.168.0.50, but requires an extended URL, which must include an access key, called URLKey.

Note The URLKey must be at least 8 characters long.

It is possible to specify more than one URLKEY, separated by a comma; in this case all the specified URLKEYs will be valid for the web access to HSYCO.

The factory default URLKey is hsycoserver.

The URLKey is not a secret password, but only an additional protection feature.


Language

Default: en

Format: cn | en | fr | it


Some I/O Servers and other core services use localized text messages. This parameter defines the default system language for these services.


AutoKillFiles

Default:

Format: list of file names separated by commas


This parameter is usually set as: "hsyco.ini,hsyco.jar,com/hsyco/user.class" forcing the automatic restart after the changes of the three files listed.


DatabaseBackup

Default: false

Format: false | true


When set to true, a hot backup of the core database is automatically executed on a daily basis, saving data in the data_backup directory, and overwriting the previous backup files.


StartupDelay

Default: 0

Format: 0 or positive integer number of seconds


When set to a positive number, the HSYCO server will wait for the specified number of seconds at start-up before becoming active.

This start-up delay could be useful to prevent HSYCO from starting before other peripherals or devices, like external storage systems, are completely initialized.


ExceptionWatchdog

Default: 5

Format: positive integer number


After N uncaught Java execution exceptions, the HSYCO server will be killed and restarted.

Set to 0 to disable the exception watchdog.


userLog

Default: false

Format: false | true


Set to true to enable the log of the Java methods called in user.java or of the commands defined in the EVENTS programming environment.


eventsLog

Default: false

Format: false | true


If true, the log of events received from field devices is enabled, for example the events related to the IO Servers.


verboseLog

Default: false

Format: false | true


If true, the extended log is enabled.

It is useful for debugging, or during the advanced customization phase or the development of Java code.

If silent, only the most serious errors will be written on the file and all the other messages will be disabled, including the events received from field devices.


securityLogDailyFiles

Default: false

Format: false | true


When set to true, the security logs are written in daily files named MMDD-security.log.


LogMaxAge

Default: 0

Format: 0, or positive integer number


Log files are automatically deleted when older than the number of days defined with this parameter.

When set to 0 or not defined, log files are not deleted automatically.

Access Control

trustedNet

Default: local

Format: local, or nn.nn.nn.nn-nn.nn.nn.nn


IP addresses that define the group of network addresses belonging to the secure local network.

It is possible to enter multiple, comma-separated IP ranges or individual IP addresses, or simply enter “local”, so that HSYCO will assume all IP addresses in the LAN as trusted.

The Web clients connecting to HSYCO from these addresses are subject to the time-out defined in KeysTrustedValidityHours, which is usually longer than the one used for all the other IP addresses, defined in KeysNotTrustedValidityHours.


KeysTrustedValidityHours

Default: 24

Format: integer > 0 or hh:mm


Login time-out in hours for the connections from trusted IP addresses.

Set on a very high value, e.g. 100000, to practically avoid the time-out of sessions.

It can also be set using the hh:mm hours and minutes format.


KeysNotTrustedValidityHours

Default: 1

Format: integer > 0 or hh:mm


Login time-out in hours for not trusted IP addresses.

It can also be set using the hh:mm hours and minutes format.


KeysInactivityHours

Default: 1

Format: integer > 0 or hh:mm


Inactivity time-out in hours.

This is an optional parameter; if not set there will be no inactivity time-out and the user session will be automatically logged out based on the login time-out only.

It can also be set using the hh:mm hours and minutes format.


KeysInactivityMode

Default: browser

Format: browser | cameras | commands


Inactivity time-out mode.

This is an optional parameter.

It is significant only when KeysInactivityHours is also defined.

In browser mode, having the Web browser open on the HSYCO page will keep the session alive.

In cameras mode the session will remain alive only when sending commands or watching cameras.

In commands mode the session will stay alive only if commands are sent before the inactivity timer expires.


HTTPServerPublicDirectory

Default: browser

Format: directory name


If defined, enables a simple Web server that serves files, without any parsing, via HTTP and HTTPS, only to clients in the trusted range of IP addresses.

This parameter sets the name of the directory, under the www root Web directory, used for the public files.

If, for example, you have HTTPServerPublicDirectory=public, and an HTML file named home.html in the public directory, then the https://192.168.0.50/public/home.html URL will point to that file.

As you see, you shouldn’t add the URLKey in public URLs.


HTTPServerLowSecurityEnabled

Default: false

Format: true | false


Usually, the HTTP server is only active to let cameras and PBX systems send motion detection and calls notifications.

To avoid the authentication keys, PIN and PUK codes and all traffic to be transmitted in the clear, the HTTP protocol is not normally used for Web access to HSYCO.

Set the parameter to true only when you want to enable the not-secure HTTP protocol for Web access to HSYCO.


WebAdminNetConfigLock

Default: false

Format: true | false


If true, the Web network settings functions are disabled.

This parameter should be set to true once you expect no changes in the network configuration of HSYCO Server.