APPENDIX 1: System Config Manager Parameters
1 min
parameter name description sample parameter value restart required configuration location sql proxy bind port this parameter defines the port range for auto assigning sql proxy bind port parameter 1025 2000 no system config manager sql proxy node auto register enabled enables automatic registration of oracle rac nodes in sql proxy true no system config manager dam ddm mfa enabled enables multi factor authentication for sql proxy connections true no system config manager dam ddm mfa delimiter defines the delimiter separating the mfa code from the username # no system config manager sql proxy metadata sync period sets the interval (in ms) for synchronizing database metadata 30000 yes /pam/sql/config/application properties (linux) dam ddm server clone enforce user role forces read only access for users connecting via the cloned port readonly no device properties dam ddm server enforce user groups defines user groups required to connect via the main sql proxy port ug1, ug2 no device group properties dam ddm server clone bind port specifies the port for read only sql proxy access 1000 4000 no device properties dam ddm server clone enforce user groups defines user groups required to connect via the read only port ug3,ug4 no device group properties sql proxy user swap enabled enables user identity swapping for sso in sql proxy connections true no system config manager aioc second password ttl defines ttl for the second password in sso (in days) 30 yes system config manager sdd thread count default sets the default number of parallel connections for sensitive data discovery 10 no system config manager dam ddm buffer overflow\ attack protection turns on the proxy’s buffer overflow guard when enabled, every incoming sql packet is measured and—if it exceeds the size limit below—immediately dropped and logged true yes system config manager dam ddm buffer overflow\ limit maximum statement size (bytes) queries larger than this are blocked choose a value that covers normal traffic (e g , 1048576 = 1 mib) 1048576 (1 mib) yes system config manager dam ddm connection rate limit per client ip maximum allowed number of concurrent connection attempts per client ip 20 yes system config manager dam ddm packet client rate limit per database maximum allowed number of client packets (queries, pings, etc ) per database within the session period 20 yes system config manager dam ddm packet client rate limit per user maximum allowed number of client packets generated by an individual user 20 yes system config manager dam ddm dos attack protection activates dos / query flood detection and throttling uses the two rate limit thresholds that follow true yes system config manager dam ddm query rate limit from single ip per client threshold—max queries per second allowed from one source ip before it is temporarily black listed 100 yes system config manager dam ddm query rate limit from all network global threshold—aggregate queries per second across the proxy exceeding it rejects new sessions until the rate falls 5000 yes system config manager sql proxy oracle local bind port tenant aioc this parameter defines port number of oracle devices all oracle database connections are made through this port for multitenant environments, the tenant’s name should be entered instead of the aioc 5000 no system config manager device database source this parameter defines the external device database ip addresses multiple values must be separated by “;” the parameter is used to add/discover devices from external device databases e g 10 10 10 10;20 20 20 20 no device database url n jdbc url address for database connection the parameter is used to add/discover devices from external device databases e g device database url 0 = jdbc\ postgresql //10 10 10 10 5432/databasename yes device database user n external database username the parameter is used to add/discover devices from external device databases e g db 1 yes device database password n external database password the parameter is used to add/discover devices from external device databases must be set as "yes" yes device database sql n sql query to import devices ip address, hostname, element type specifier, and one of the tag values are mandatory the parameter is used to add/discover devices from external device databases e g device database sql 0 = select "dynname" as ip address, server as hostname, os as element type specifier , id as port, os as tag os, site as tag site from devicedatabase yes device database driver n database driver for external database connection the parameter is used to add/discover devices from external device databases e g device database driver 0 = org postgresql driverdev yes sdd query oracle column excluded types defines excluded column data types for sensitive data discovery in oracle clob;blob;nclob;bfile no system config manager sdd query postgresql column excluded types defines excluded column data types for sensitive data discovery in postgresql bytea no system config manager sdd query teradata column excluded types defines excluded column data types for sensitive data discovery in teradata clob;blob no system config manager sdd query sqlserver column excluded types defines excluded column data types for sensitive data discovery in sql server image;text;ntext;varbinary(max) no system config manager sdd query mysql column excluded types types defines excluded column data types for sensitive data discovery in mysql blob;text;mediumblob;longblob no system config manager sql proxy masking enabled enables masking; true adds performance cost, false disables true no system config manager block procedural sensitive queries enables or disables blocking of procedural sensitive queries; set to false to allow connections from tools such as toad false no system config manager dam ddm metadata connection timeout dam/ddm – sql proxy timeout duration in millisecondsmust be increased for dealing with databases with a high number of schemas/tables/functions/processes (metadata) in ddm modules like sql proxy in order to avoid timeouts 5000 (default value) no system config manager dam portal web client timeout seconds web client timeout duration in seconds for dam must be increased for dealing with large databases in modules like dam object explorer in order to avoid timeouts 60 (default value) no system config manager