Difference between revisions of "Settings"
| Line 162: | Line 162: | ||
When set to 0 or not defined, log files are not deleted automatically. | When set to 0 or not defined, log files are not deleted automatically. | ||
| + | |||
| + | === Access Control === | ||
| + | |||
| + | |||
| + | '''trustedNet''' | ||
| + | |||
| + | '''Default:''' local | ||
| + | |||
| + | '''Format:''' local, or nn.nn.nn.nn-nn.nn.nn.nn | ||
| + | |||
| + | |||
| + | IP addresses that define the group of network addresses belonging to the secure local network. | ||
| + | |||
| + | It is possible to enter multiple, comma-separated IP ranges or individual IP addresses, or simply enter “local”, so that HSYCO will assume all IP addresses in the LAN as trusted. | ||
| + | |||
| + | The Web clients connecting to HSYCO from these addresses are subject to the time-out defined in KeysTrustedValidityHours, which is usually longer than the one used for all the other IP addresses, defined in KeysNotTrustedValidityHours. | ||
| + | |||
| + | |||
| + | '''KeysTrustedValidityHours''' | ||
| + | |||
| + | '''Default:''' 24 | ||
| + | |||
| + | '''Format:''' integer > 0 or hh:mm | ||
| + | |||
| + | |||
| + | Login time-out in hours for the connections from trusted IP addresses. | ||
| + | |||
| + | Set on a very high value, e.g. 100000, to practically avoid the time-out of sessions. | ||
| + | |||
| + | It can also be set using the hh:mm hours and minutes format. | ||
| + | |||
| + | |||
| + | '''KeysNotTrustedValidityHours''' | ||
| + | |||
| + | '''Default:''' 1 | ||
| + | |||
| + | '''Format:''' integer > 0 or hh:mm | ||
| + | |||
| + | |||
| + | Login time-out in hours for not trusted IP addresses. | ||
| + | |||
| + | It can also be set using the hh:mm hours and minutes format. | ||
| + | |||
| + | |||
| + | '''KeysInactivityHours''' | ||
| + | |||
| + | '''Default:''' 1 | ||
| + | |||
| + | '''Format:''' integer > 0 or hh:mm | ||
| + | |||
| + | |||
| + | Inactivity time-out in hours. | ||
| + | |||
| + | This is an optional parameter; if not set there will be no inactivity time-out and the user session will be automatically logged out based on the login time-out only. | ||
| + | |||
| + | It can also be set using the hh:mm hours and minutes format. | ||
| + | |||
| + | |||
| + | '''KeysInactivityMode''' | ||
| + | |||
| + | '''Default:''' browser | ||
| + | |||
| + | '''Format:''' browser | cameras | commands | ||
| + | |||
| + | |||
| + | Inactivity time-out mode. | ||
| + | |||
| + | This is an optional parameter. | ||
| + | |||
| + | It is significant only when KeysInactivityHours is also defined. | ||
| + | |||
| + | In browser mode, having the Web browser open on the HSYCO page will keep the session alive. | ||
| + | |||
| + | In cameras mode the session will remain alive only when sending commands or watching cameras. | ||
| + | |||
| + | In commands mode the session will stay alive only if commands are sent before the inactivity timer expires. | ||
| + | |||
| + | |||
| + | '''HTTPServerPublicDirectory''' | ||
| + | |||
| + | '''Default:''' browser | ||
| + | |||
| + | '''Format:''' directory name | ||
| + | |||
| + | |||
| + | If defined, enables a simple Web server that serves files, without any parsing, via HTTP and HTTPS, only to clients in the trusted range of IP addresses. | ||
| + | |||
| + | This parameter sets the name of the directory, under the www root Web directory, used for the public files. | ||
| + | |||
| + | If, for example, you have HTTPServerPublicDirectory=public, and an HTML file named home.html in the public directory, then the https://192.168.0.50/public/home.html URL will point to that file. | ||
| + | |||
| + | As you see, you shouldn’t add the URLKey in public URLs. | ||
| + | |||
| + | |||
| + | '''HTTPServerLowSecurityEnabled''' | ||
| + | |||
| + | '''Default:''' false | ||
| + | |||
| + | '''Format:''' true | false | ||
| + | |||
| + | |||
| + | Usually, the HTTP server is only active to let cameras and PBX systems send motion detection and calls notifications. | ||
| + | |||
| + | To avoid the authentication keys, PIN and PUK codes and all traffic to be transmitted in the clear, the HTTP protocol is not normally used for Web access to HSYCO. | ||
| + | |||
| + | Set the parameter to true only when you want to enable the not-secure HTTP protocol for Web access to HSYCO. | ||
| + | |||
| + | |||
| + | '''WebAdminNetConfigLock''' | ||
| + | |||
| + | '''Default:''' false | ||
| + | |||
| + | '''Format:''' true | false | ||
| + | |||
| + | |||
| + | If true, the Web network settings functions are disabled. | ||
| + | |||
| + | This parameter should be set to true once you expect no changes in the network configuration of HSYCO Server. | ||
Revision as of 16:39, 24 February 2014
HSYCO can be configured using the Settings application in the Manager.
Settings stores all configuration parameters in the hsyco.ini file.
You can copy this file to save the current configuration, or manually change it. In this case, be sure to reopen the Settings application after the changes have been saved.
The configuration is read at start-up, so any changes become effective only after restarting the HSYCO process.
HSYCO is factory configured to automatically restart when hsyco.ini is saved.
When you make changes using Settings, the hsyco.ini file will be overwritten when you press the Save button.
You can’t return to the previous configuration once it is saved.
The Revert button allows you to reload the current configuration if you have made changes in Setting that have not yet been saved.
Settings parameters are grouped in several sections.
You can make changes to any parameter, even in different sections, and then save all changes together.
System
The Systems section contains all general configuration parameters, including vital parameters affecting system’s security and reliability.
These parameters are further split in several sub-sections.
General
URLKey
Default: hsycoserver
Format: string of at least 8 characters
To protect against malicious service discovery robots, HSYCO does not answer to Web requests where only the server address is defined, for example https://192.168.0.50, but requires an extended URL, which must include an access key, called URLKey.
The URLKey must be at least 8 characters long.
It is possible to specify more than one URLKEY, separated by a comma; in this case all the specified URLKEYs will be valid for the web access to HSYCO.
The factory default URLKey is hsycoserver.
The URLKey is not a secret password, but only an additional protection feature.
Language
Default: en
Format: cn | en | fr | it
Some I/O Servers and other core services use localized text messages. This parameter defines the default system language for these services.
AutoKillFiles
Default:
Format: list of file names separated by commas
This parameter is usually set as: "hsyco.ini,hsyco.jar,com/hsyco/user.class" forcing the automatic restart after the changes of the three files listed.
DatabaseBackup
Default: false
Format: false | true
When set to true, a hot backup of the core database is automatically executed on a daily basis, saving data in the data_backup directory, and overwriting the previous backup files.
StartupDelay
Default: 0
Format: 0 or positive integer number of seconds
When set to a positive number, the HSYCO server will wait for the specified number of seconds at start-up before becoming active.
This start-up delay could be useful to prevent HSYCO from starting before other peripherals or devices, like external storage systems, are completely initialized.
ExceptionWatchdog
Default: 5
Format: positive integer number
After N uncaught Java execution exceptions, the HSYCO server will be killed and restarted.
Set to 0 to disable the exception watchdog.
userLog
Default: false
Format: false | true
Set to true to enable the log of the Java methods called in user.java or of the commands defined in the EVENTS programming environment.
eventsLog
Default: false
Format: false | true
If true, the log of events received from field devices is enabled, for example the events related to the IO Servers.
verboseLog
Default: false
Format: false | true
If true, the extended log is enabled.
It is useful for debugging, or during the advanced customization phase or the development of Java code.
If silent, only the most serious errors will be written on the file and all the other messages will be disabled, including the events received from field devices.
securityLogDailyFiles
Default: false
Format: false | true
When set to true, the security logs are written in daily files named MMDD-security.log.
LogMaxAge
Default: 0
Format: 0, or positive integer number
Log files are automatically deleted when older than the number of days defined with this parameter.
When set to 0 or not defined, log files are not deleted automatically.
Access Control
trustedNet
Default: local
Format: local, or nn.nn.nn.nn-nn.nn.nn.nn
IP addresses that define the group of network addresses belonging to the secure local network.
It is possible to enter multiple, comma-separated IP ranges or individual IP addresses, or simply enter “local”, so that HSYCO will assume all IP addresses in the LAN as trusted.
The Web clients connecting to HSYCO from these addresses are subject to the time-out defined in KeysTrustedValidityHours, which is usually longer than the one used for all the other IP addresses, defined in KeysNotTrustedValidityHours.
KeysTrustedValidityHours
Default: 24
Format: integer > 0 or hh:mm
Login time-out in hours for the connections from trusted IP addresses.
Set on a very high value, e.g. 100000, to practically avoid the time-out of sessions.
It can also be set using the hh:mm hours and minutes format.
KeysNotTrustedValidityHours
Default: 1
Format: integer > 0 or hh:mm
Login time-out in hours for not trusted IP addresses.
It can also be set using the hh:mm hours and minutes format.
KeysInactivityHours
Default: 1
Format: integer > 0 or hh:mm
Inactivity time-out in hours.
This is an optional parameter; if not set there will be no inactivity time-out and the user session will be automatically logged out based on the login time-out only.
It can also be set using the hh:mm hours and minutes format.
KeysInactivityMode
Default: browser
Format: browser | cameras | commands
Inactivity time-out mode.
This is an optional parameter.
It is significant only when KeysInactivityHours is also defined.
In browser mode, having the Web browser open on the HSYCO page will keep the session alive.
In cameras mode the session will remain alive only when sending commands or watching cameras.
In commands mode the session will stay alive only if commands are sent before the inactivity timer expires.
HTTPServerPublicDirectory
Default: browser
Format: directory name
If defined, enables a simple Web server that serves files, without any parsing, via HTTP and HTTPS, only to clients in the trusted range of IP addresses.
This parameter sets the name of the directory, under the www root Web directory, used for the public files.
If, for example, you have HTTPServerPublicDirectory=public, and an HTML file named home.html in the public directory, then the https://192.168.0.50/public/home.html URL will point to that file.
As you see, you shouldn’t add the URLKey in public URLs.
HTTPServerLowSecurityEnabled
Default: false
Format: true | false
Usually, the HTTP server is only active to let cameras and PBX systems send motion detection and calls notifications.
To avoid the authentication keys, PIN and PUK codes and all traffic to be transmitted in the clear, the HTTP protocol is not normally used for Web access to HSYCO.
Set the parameter to true only when you want to enable the not-secure HTTP protocol for Web access to HSYCO.
WebAdminNetConfigLock
Default: false
Format: true | false
If true, the Web network settings functions are disabled.
This parameter should be set to true once you expect no changes in the network configuration of HSYCO Server.
