On This Page
Configuring TOS
Overview
Various TOS Aurora settings can be configured using the TOS CLI. This topic covers some of the more common settings you can make to suit the needs of your organization that can be configured using tos config.
All commands must be run on the primary data node as a user with root privileges.
Avoid New Lines in TOS Aurora Logs
A way to avoid a new line for each entry in TOS Aurora logs.
-
Values:
false - write a new line for each log entry
true - do not write a new line for each log entry
-
Default: false.
Get the Current Value for Avoid New Lines in Logs
A value will only be returned if you have previously used tos config set to set this parameter.
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set Avoid New Lines in Logs
[<ADMIN> ~]# tos config set -p logging.avoidNewLines=<TRUE-FALSE>
where <TRUE-FALSE>
is true or false.
Example
# tos config set -p logging.avoidNewLines=true
Certificate Countdown to Expiry
Set the number of day ahead of central/remote collector cluster certificate expiry, to renew the certificate.
-
Values: 32-394 (days)
-
Default: 32 (days)
Get the Current Value
A value will only be returned if you have previously used tos config set to set this parameter.
[<ADMIN> ~]# tos config get -p secure.channel.certificate.renew.expiryIsLessThanInDays
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set a New Value
[<ADMIN> ~]# tos config set -p secure.channel.certificate.renew.expiryIsLessThanInDays=<DAYS>
where <DAYS>
is the number of days ahead of the certificate expiry date that the certificate will automatically be renewed.
Example
# tos config set -p secure.channel.certificate.renew.expiryIsLessThanInDays=45
Certificate Expiry Check Time
Set the time at which to check central/remote collector cluster certificate expiry.
-
Values: Any valid spring-based cron format
-
Default: 0 30 04 ? * SAT
Get the Current Value
A value will only be returned if you have previously used tos config set to set this parameter.
[<ADMIN> ~]# tos config get -p secure.channel.certificate.cron
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set a New Value
[<ADMIN> ~]# tos config set -p secure.channel.certificate.cron=<SPRINGCRON>
where <SPRINGCRON>
is any valid spring-based cron format e.g. 0 0 9-17 * * MON-FRI (on the hour nine-to-five weekdays).
Example
# tos config set -p secure.channel.certificate.cron= 0 0 9-17 * * MON-FRI
Certificate Validity Period
Set the period for which automatically renewed central/remote collector cluster certificates will be valid.
-
Values: 31-395 (days)
-
Default: 395 (days)
Get the Current Value
A value will only be returned if you have previously used tos config set to set this parameter.
[<ADMIN> ~]# tos config get -p secure.channel.certificate.renew.expiry
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set a New Value
[<ADMIN> ~]# tos config set -p secure.channel.certificate.renew.expiry=<DAYS>
where <DAYS>
is the number of days that the certificate will remain valid.
Example
# tos config set -p secure.channel.certificate.renew.expiry=60
SNMP Inbound Monitoring
SNMPv2 get/walk receives requests via port 161. Listening at this port is disabled by default.
-
Values:
false - do not listen at port 161
true - listen at port 161
-
Default: false
Get the Current Value for SNMP Inbound Monitoring
A value will only be returned if you have previously used tos config set to set this parameter.
[<ADMIN> ~]# tos config get -p snmp.inboundMonitoringEnabled
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set SNMP Inbound Monitoring
[<ADMIN> ~]# tos config set -p snmp.inboundMonitoringEnabled=<TRUE-FALSE> -s monitor-tower
where <TRUE-FALSE>
is true or false.
Example
# tos config set -p snmp.inboundMonitoringEnabled=true -s monitor-tower
The TOS Aurora Time Zone
TOS Aurora has its own timezone and it is independent of your host server timezone.
-
Values: Area only, area/location and some abbreviations as they appear in the tz database. For the complete list, see column 'TZ identifier' in the Wikipedia list of tz zones.
-
Default: Taken from the server at installation time.
Get the Current TOS Aurora Time Zone
A value will only be returned if you have previously used tos config set to set this parameter.
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set the TOS Aurora Time Zone
[<ADMIN> ~]# tos config set -p server.timezone=<TIMEZONE>
where <TIMEZONE>
is the appropriate time zone.
Example
# tos config set -p server.timezone=Europe/Berlin
If you want to change the date or time, see Changing the Time and Date.
VMC on AWS Private URLs
By default TOS uses a public URL to monitor VMC on AWS. Starting from R24-2 PHF1.0.0, you can change this to a private URL. This URL is used for all devices monitored by TOS.
Private URL example:
https://demo-environment.vmwarevmc.com/policy/api/v1/
Public URL example:
https://demo-environment.vmwarevmc.com/vmc/reverse-proxy/api/orgs/eaec1ad1-dbc2-4495-86d1-30aaaef62faf/sddcs/9ccfbb09-48f4-4480-9753-e6389b84cbf1/sks-nsxt-manager/policy/api/v1/
Set Private URL
-
Run the following command:
Set Public URL
-
Run the following command:
Web Session Inactivity Timeout
The period of inactivity that will cause a user session to expire and force the user to log in again.
-
Values: Integer + m/h/d; e.g. 90m, 24h, 2d
-
Default: 30m
Get the Current Maximum Inactivity Timeout
A value will only be returned if you have previously used tos config set to set this parameter.
[<ADMIN> ~]# tos config get -p web.session.inactivityTimeout
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set the Maximum Inactivity Timeout
[<ADMIN> ~]# tos config set -p web.session.inactivityTimeout=<INT><PERIOD>
where
-
<INT>
is an integer. -
<PERIOD>
is the time period - m, h or d for minutes, hours or days respectively.
Example
# tos config set -p web.session.inactivityTimeout=90m
Maximum Web Session Duration
The time after which the user will be prompted to log in again, even if active.
-
Values: Integer + m/h/d; e.g. 90m, 24h, 2d
-
Default: 12h
Get the Maximum Duration
A value will only be returned if you have previously used tos config set to set this parameter.
If you have previously set this parameter using tos config set, the output will list its value. If the parameter exists in more than one TOS Aurora service, all will appear.
Set the Maximum Duration
[<ADMIN> ~]# tos config set -p web.session.maxDuration=<INT><PERIOD>
where
-
<INT>
is an integer. -
<PERIOD>
is the time period - m, h or d for minutes, hours or days respectively.
Example
# tos config set -p web.session.maxDuration=8h
Configure Sending TOS Monitoring Data to Tufin
Disable Sending TOS Monitoring Events
Enable Sending TOS Monitoring Events
Set Frequency for Sending TOS Monitoring Data
The default frequency is once every 30 seconds. To change the frequency, use the following command:
tos config set -s tos-ui -p tos.mailbox.poll.next.interval=<INTERVAL>
where <INTERVAL>
must be a Duration value between 10 seconds and 10 minutes. For example 15s or 5m.
Was this helpful?
Thank you!
We’d love your feedback
We really appreciate your feedback
Send this page to a colleague