instances.conf(5) [debian man page]
INSTANCES.CONF(5) [FIXME: manual] INSTANCES.CONF(5) NAME
instances.conf_ - zorp(8) instances database DESCRIPTION
The instances.conf file describes the zorp(8) instances to be run on the system. It is processed by zorpctl(8) line by line, each line having the structure described below. Empty lines and lines beginning with '#' are comments ignored by zorpctl. STRUCTURE
instance-name parameters [-- zorpctl-options] instance-name is the name of the Zorp instance to be started; it is passed to zorp with its --as parameter. Instance names may consist of the characters [a-zA-Z0-9_] and must begin with a letter. parameters are space separated parameters entered into the zorp command-line. For details on these command-line parameters see zorp(8). zorpctl-options are space separated parameters control startup specific options. They are processed by zorpctl itself. The following zorpctl options are available: --auto-restart or -A Enable the automatic restart feature of zorpctl. When an instance is in auto-restart mode, it is restarted automatically in case the instance exits. --no-auto-restart or -a Disable automatic restart for this instance. --fd-limit <number> or -f <number> Set the file descriptor limit to <number>. The file descriptor limit defaults to the number of threads (specified by the --threads parameter of zorp(8)) multiplied by 4. --process-limit <number> or -p <number> Set the process limit to <number>. The process limit defaults to the number of threads (specified by the --threads parameter of zorp(8)) multiplied by 2. --enable-core Explicitly enable core dumps for Zorp processes. The core limit is inherited from the local starting environment (e.g.: starting shell) if not specified. --parallel-instances <number> or -P <number> Run <number> of processes for the instance. zorpctl starts exactly one Zorp process in master mode and <number> of slave Zorp processes. This mode of operation is incompatible with old-style dispatchers, you must use the new rule-based policy with this option. EXAMPLES
zorp_ftp --policy /etc/zorp/policy.py --verbose 5 The line above describes a Zorp instance named zorp_ftp using policy file /etc/zorp/policy.py, and having verbosity level 5. zorp_intra -v4 -p /etc/zorp/policy.py --threads 500 --no-auto-restart --fd-limit 1024 --process-limit 512 This line describes a zorp instance named zorp_intra using the policy file /etc/zorp/policy.py, verbosity level 4. The maximum number of threads is set to 500, file descriptor limit to 1024, process limit to 512. FILES
The default location of instances.conf is /etc/zorp/instances.conf. Defaults for zorpctl tunables can be specified in /etc/zorp/zorpctl. AUTHOR
This manual page was written by the BalaBit Documentation Team <documentation@balabit.com>. COPYRIGHT
Copyright (C) 2006 BalaBit IT Security Ltd. All rights reserved. For more information about the legal status of this document please read: http://www.balabit.com/products/zorp/docs/legal_notice.bbq [FIXME: source] 03/06/2012 INSTANCES.CONF(5)
Check Out this Related Man Page
ZORP(8) [FIXME: manual] ZORP(8) NAME
zorp_ - Zorp Firewall Suite SYNOPSIS
zorp [options] DESCRIPTION
The zorp command is the main entry point for a Zorp instance, and as such it is generally called by zorpctl(8) with command line parameters specified in instances.conf(5). OPTIONS
--version or -V Display version number and compilation information. --as <name> or -a <name> Set instance name to <name>. Instance names may consist of the characters [a-zA-Z0-9_] and must begin with a letter. Log messages of this instance are prefixed with this name. --also-as <name> or -A <name> Add a secondary instance named <name>. Secondary instances share the same Zorp process but they have a separate section in the configuration file. --policy <name> or -p <name> Use the file called <name> as policy. This file must be a valid policy file. --verbose <verbosity> or -v <verbosity> Set verbosity level to <verbosity>, or if <verbosity> is omitted increment it by one. Default the verbosity level is 3; possible values are 0-10. --pidfile <pidfile> or -P <pidfile> Set path to the PID file where the pid of the main process is stored. --foreground or -F Do not daemonize, run in the foreground. --process-mode <mode> Set processing mode to one of background, safe-background or foreground. --no-syslog or -l Send log messages to the standard output instead of syslog. --log-tags or -T Prepend log category and log level to each message. --log-escape Escape non-printable characters to avoid binary log files. Each character less than 0x20 and greater than 0x7F are escaped in the form <XX>. --log-spec <spec> or -s <spec> Set verbosity mask on a per category basis. Each log message has an assigned multi-level category, where levels are separated by a dot. For example, HTTP requests are logged under http.request. <spec> is a comma separated list of log specifications. A single log specification consists of a wildcard matching log category, a colon, and a number specifying the verbosity level of that given category. Categories match from left to right. E.g.: --logspec 'http.*:5,core:3'. The last matching entry will be used as the verbosity of the given category. If no match is found the default verbosity specified with --verbose is used. --threads <num> or -t <num> Set the maximum number of threads that can be used in parallel by this Zorp instance. --idle-threads <num> or -I Set the maximum number of idle threads; this option has effect only if threadpools are enabled (see the option --threadpools). --threadpools or -O Enable the use of threadpools, which means that threads associated with sessions are not automatically freed, only if the maximum number of idle threads is exceeded. --user <user> or -u <user> Switch to the supplied user after starting up. --group <group> or -g <group> Switch to the supplied group after starting up. --chroot <dir> or -R <dir> Change root to the specified directory before reading the configuration file. The directory must be set up accordingly. --caps <caps> or -C <caps> Switch to the supplied set of capabilities after starting up. This should contain the required capabilities in the permitted set. For the syntax of capability description see the man page cap_from_text(3). --no-caps or -N Do not change capabilities at all. --crypto-engine <engine> or -E <engine> Set the OpenSSL crypto engine to be used for hardware accelerated crypto support. --stack-size <size> or -S <size> Set the maximum stack size used by threads. Note that the maximum number of parallel threads is influenced by the size specified here. The default stack size is 512 KB, the maximum you can set is 8192 KB. FILES
/etc/zorp/ /etc/zorp/policy.py /etc/zorp/instances.conf AUTHOR
This manual page was written by the BalaBit Documentation Team <documentation@balabit.com>. COPYRIGHT
Copyright (C) 2006 BalaBit IT Security Ltd. All rights reserved. For more information about the legal status of this document please read: http://www.balabit.com/products/zorp/docs/legal_notice.bbq [FIXME: source] 03/06/2012 ZORP(8)