This chapter provides a complete listing of the cman.ora file configuration parameters.
This chapter contains these topics:
Oracle Connection Manager configuration information, stored in the cman.ora file, consists of the following elements:
Protocol address of the Oracle Connection Manager listener
Access control parameters
Performance parameters
By default, the cman.ora file is located in the $ORACLE_HOME/network/admin directory on UNIX operating systems and in the %ORACLE_HOME%\network\admin directory on Windows. cman.ora can also be stored the following locations:
The directory specified by the TNS_ADMIN environment variable or registry value
On UNIX operating systems, the global configuration directory. For example, on the Solaris Operating System, this directory is /var/opt/oracle.
|
See Also: Oracle operating system-specific documentation |
Example 8-1 shows an example cman.ora file.
Example 8-1 Example cman.ora File
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=206.62.226.32/27)(DST=sales-server)(SRV=*)(ACT=accept))
(ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
(RULE=(SRC=foo)(DST=foobar)(SRV=cmon)(ACT=accept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PRCESSSES=3)
(REMOTE_ADMIN=YES)))
This section lists and describes the cman.ora file parameters. Configuration parameters fall into the following categories:
Purpose
Use the parameter RULE to specify an access control rule list to filter incoming connections. A rule list specifies which connections are accepted, rejected, or dropped.
Syntax
(RULE_LIST=
(RULE=
(SRC=host)
(DST=host)
(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT=on|off
((CONN_STATS=yes|no)(MCT=time)(MIT=time)(MOCT=time)))
(RULE= ...))
Subparameters
The RULE parameter filters a connection or group of connections using the following subparameters:
SRC: Specify the source host name or IP address in dot notation of the client.
DST: Specify the destination server host name or IP address in dot notation of the database server.
SRV: Specify database service name of the Oracle Database 10g, Oracle9i, or Oracle8 database (obtained from the SERVICE_NAME parameter in the initialization parameter file).
ACT: Specify accept to accept incoming requests or reject to reject incoming requests.
ACTION_LIST: Specify rule-level parameter settings for some parameters. These parameters are as follows:
AUT—Oracle Advanced Security authentication on client side
CONN_STATS—log input and output statistics
MCT—maximum connect time
MIT—maximum idle timeout
MOCT—maximum outbound connect time
Rule-level parameters override their global counterparts.
Usage Notes
If no rules are specified, all connections are rejected.
The source and destination can be a host name, IP address, or subnet mask.
You must enter at least one rule for client connections and one rule for CMCTL connections. Omitting one or the other results in the rejection of all connections for the rule type omitted. The last rule in the example that follows is a CMCTL rule.
If the CMCTL connection is remote, the REMOTE_ADMIN parameter in cman.ora must be set to on, regardless of the rules specified.
Oracle Connection Manager does not support wildcards for partial IP addresses. If you use a wildcard, use it in place of a full IP address. The IP address of the client may, for example, be (SRC=*).
Oracle Connection Manager supports only the /nn notation for subnet addresses. In the first rule in the example, /27 represents a subnet mask that comprises 27 left-most bits.
Example
(RULE_LIST=
(RULE=
(SRC=client1-pc)
(DST=sales-server)
(SRV=sales.us.acme.com)
(ACT=reject))
(RULE=
(SRC=144.25.23.45)
(DST=144.25.187.200)
(SRV=db1)
(ACT=accept))
(RULE=
(SRC=foo)
(DST=foobar)
(SRV=cmon)
(ACT=accept)))
Purpose
The PARAMETER_LIST parameter specifies the attributes for an Oracle Connection Manager. To override the default setting for a parameter, enter the parameter and its nondefault value.
ASO_AUTHENTICATION_FILTER=OFF
CONNECTION_STATISTICS=NO
EVENT_GROUP=none
IDLE_TIMEOUT=0
INBOUND_CONNECT_TIMEOUT=60
LOG_DIRECTORY=The $ORACLE_HOME/network/log directory on UNIX operating systems and the ORACLE_HOME\network\log directory on Windows
LOG_LEVEL=SUPPORT
MAX_CMCTL_SESSIONS=4
MAX_CONNECTIONS=256
MAX_GATEWAY_PROCESSES=16
MIN_GATEWAY_PROCESSES=2
OUTBOUND_CONNECT_TIMEOUT=0
PASSWORD_instance_name=Value is the encrypted instance password, if one has been set. Default is no value.
REMOTE_ADMIN=NO
SESSION_TIMEOUT=0
TRACE_DIRECTORY=The $ORACLE_HOME/network/trace directory on UNIX operating systems and the ORACLE_HOME\network\trace directory on Windows
TRACE_FILELEN=0
TRACE_FILENO=0
TRACE_LEVEL=OFF
TRACE_TIMESTAMP=OFF
Allowed Values of Parameters
ASO_AUTHENTICATION_FILTER=[off | on]
CONNECTION_STATISTICS=[no | yes]
EVENT_GROUP=[init_and_term | memory_ops | conn_hdlg | proc_mgmt | reg_and_load | wake_up | timer | cmd_proc | relay
IDLE_TIMEOUT=0 or greater
INBOUND_CONNECT_TIMEOUT=0 or greater
LOG_DIRECTORY=log_directory
LOG_LEVEL=[off | user | admin | support]
MAX_CMCTL_SESSIONS=Any positive number
MAX_CONNECTIONS=[1 to 1024]
MAX_GATEWAY_PROCESSES=Any number greater than the minimum number of gateway processes up to 64
MIN_GATEWAY_PROCESSES=Any positive number less than or equal to 64. Must be less than or equal to the maximum number of gateway processes.
OUTBOUND_CONNECT_TIMEOUT=0 or greater
REMOTE_ADMIN=[no | yes]
SESSION_TIMEOUT=0 or greater
TRACE_DIRECTORY=trace_directory
TRACE_FILELEN=Any positive number
TRACE_FILENO=Any positive number
TRACE_LEVEL=[off | user | admin | support]
TRACE_TIMESTAMP=[off | on]
|
Note: The event groupALERT cannot be turned off. |
Example
(PARAMETER_LIST=
(ASO_AUTHENTICATION_FILTER=ON)
(CONNECTION_STATISTICS=NO)
(EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=30)
(INBOUND_CONNECT_TIMEOUT=30)
(LOG_DIRECTORY=/home/user/network/admin/log)
(LOG_LEVEL=SUPPORT)
(MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=512)
(MAX_GATEWAY_PROCESSES=10)
(MIN_GATEWAY_PROCESSES=4)
(OUTBOUND_CONNECT_TIMEOUT=30)
(REMOTE_ADMIN=YES)
(SESSION_TIMEOUT=60)
(TRACE_DIRECTORY=/home/user/network/admin/trace)
(TRACE_FILELEN=100)
(TRACE_FILENO=2)
(TRACE_LEVEL=SUPPORT)
(TRACE_TIMESTAMP=ON))
|
Note: You cannot add the parameterPASSWORD_instance_name directly to cman.ora. The parameter is added when you issue the command SAVE_PASSWD. |
Use the ASO_AUTHENTICATION_LEVEL parameter to specify whether Oracle Advanced Security authentication settings must be used by the client. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
on to instruct Oracle Connection Manager to reject connect requests that are not using Secure Network Services (SNS). SNS is part of the Oracle Advanced Security.
off (default) to instruct Oracle Connection Manager not to check for SNS between the client and server
Use the CONNECTION_STATISTICS parameter to specify whether the SHOW_CONNECTIONS command displays connection statistics. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
yes to display statistics
no (default) to not display statistics
Use the EVENT_GROUP parameter to specify which event groups are logged. Multiple events may be designated using a comma-separated list. This parameter accepts the following values:
INIT_AND_TERM—initialization and termination
MEMORY_OPS—memory operations
CONN_HDLG—connection handling
PROC_MGMT—process management
REG_AND_LOAD—Registration and load update
WAKE_UP—events related to CMADMIN wakeup queue
TIMER—gateway timeouts
CMD_PROC—command processing
RELAY—events associated with connection control blocks
Use the IDLE_TIMEOUT parameter to specify the amount of time that an established connection can remain active without transmitting data. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
0 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the INBOUND_CONNECT_TIMEOUT parameter to specify how long the Oracle Connection Manager listener waits for a valid connection from a client or another instance of Oracle Connection Manager. This parameter accepts the following values:
60 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the LOG_DIRECTORY parameter to specify the location of Oracle Connection Manager log files.
Use the LOG_LEVEL parameter to specify the level of logging performed by Oracle Connection Manager. This parameter accepts four log levels:
off (default) for no logging
user for user log information
admin for administrative log information
support for Oracle Support Services information
There are three kinds of log files: instance-name_pid.log for the listener, instance-name_cmadmin_pid.log for CMADMIN, and instance-name_cmgw_pid.log for the gateway processes. The log files are located in the $ORACLE_HOME/network/log directory on UNIX operating systems and the %ORACLE_HOME%\network\log directory on Windows.
Use the MAX_CMCTL_SESSIONS parameter to specify the maximum number of concurrent local or remote sessions of the Oracle Connection Manager control utility allowable for a given instance. One of these sessions must be a local session. Any number of sessions can be designated.
Use the MAX_CONNECTIONS parameter to specify the maximum number of connections that a gateway process can handle.
This parameter accepts a range of:
1 to 1024
Use the MAX_GATEWAY_PROCESSES parameter to specify the maximum number of gateway processes that an instance of Oracle Connection Manager supports. The maximum is 64. The number designated must be greater than the minimum number of gateway processes.
Use the MIN_GATEWAY_PROCESSES parameter to specify the minimum number of gateway processes that an instance of Oracle Connection Manager must support. Any number of sessions can be designated up to 64.
Use the OUTBOUND_CONNECT_TIMEOUT parameter to specify the length of time that the Oracle Connection Manager instance waits for a valid connection to be established with the database server or with another Oracle Connection Manager instance. This parameter accepts the following values:
60 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the PASSWORD_instance_name parameter to specify the encrypted instance password, if one has been set.
Use the parameter REMOTE_ADMIN to specify whether or not remote access to an Oracle Connection Manager is allowed. This parameter accepts the following values:
yes to allow access from a remote Oracle Connection Manager Control utility session to Oracle Connection Manager
no to allow only access to the local Oracle Connection Manager. This value prevents a user running a remote Oracle Connection Manager Control utility from accessing Oracle Connection Manager.
Use the SESSION_TIMEOUT parameter to specify the maximum time allowed for a user session. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
0 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the parameter TRACE_DIRECTORY to specify the location of the Oracle Connection Manager trace files.
Use the parameter TRACE_FILELEN to specify the size, in kilobytes, of the trace file. When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO parameter. Any size can be designated.
Use the parameter TRACE_FILENO to specify the number of trace files for Oracle Connection Manager tracing. When this parameter is set along with the TRACE_FILELEN parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is reused, and so on. Any number of files can be designated.
The trace file names are distinguished from one another by their sequence number. For example, if this parameter is set to 3, the gateway trace files would be named instance-name_cmgw1_pid.trc, instance_name_cmgw2_pid.trc and instance_name_cmgw3_pid.trc.
In addition, trace events in the trace files are preceded by the sequence number of the file.
Use the parameter TRACE_LEVEL to specify the trace level for the Oracle Connection Manager instance. This parameter accepts four trace levels:
off (default) for no logging
user for user log information
admin for administrative log information
support for Oracle Support Services information
There are three kinds of trace files: instance-name_pid.trc for the listener, instance-name_cmadmin_pid.trc for CMADMIN, and instance-name_cmgw_pid.trc for the gateway processes. The log files are located in the $ORACLE_HOME/network/trace directory on UNIX operating systems and the %ORACLE_HOME%\network\trace directory on Windows.