| Oracle® Database Net Services Reference 11g Release 1 (11.1) Part Number B28317-01 |
|
|
View PDF |
| Oracle® Database Net Services Reference 11g Release 1 (11.1) Part Number B28317-01 |
|
|
View PDF |
This chapter provides a complete listing of the cman.ora file configuration parameters.
This chapter contains these topics:
Oracle Connection Manager configuration information, stored in the cman.ora file, consists of the following elements:
Protocol address of the Oracle Connection Manager listener
Access control parameters
Performance parameters
By default, the cman.ora file is located in the $ORACLE_HOME/network/admin directory on UNIX operating systems and in the %ORACLE_HOME%\network\admin directory on Windows. cman.ora can also be stored the following locations:
The directory specified by the TNS_ADMIN environment variable or registry value
On UNIX operating systems, the global configuration directory. For example, on the Solaris Operating System, this directory is /var/opt/oracle.
See Also:
Oracle operating system-specific documentationExample 8-1 shows an example cman.ora file.
Example 8-1 Example cman.ora File
CMAN=
(CONFIGURATION=
(ADDRESS=(PROTOCOL=tcp)(HOST=proxysvr)(PORT=1521))
(RULE_LIST=
(RULE=(SRC=206.62.226.32/27)(DST=sales-server)(SRV=*)(ACT=accept))
(ACTION_LIST=(AUT=on)(MCT=120)(MIT=30)))
(RULE=(SRC=foo)(DST=foobar)(SRV=cmon)(ACT=accept)))
(PARAMETER_LIST=
(MAX_GATEWAY_PROCESSES=8)
(MIN_GATEWAY_PRCESSSES=3)
(REMOTE_ADMIN=YES)
(DIAG_ADR_ENABLED=ON)
(ADR_BASE=/oracle/log)))
The cman.ora configuration file consists of three distinct sections. The first section is the listening address section, is preceded by ADDRESS=, and contains information pertinent to the listener. The second section is the rule list section, is preceded by RULE_LIST=, and contains rule information. The RULE parameter is listed in the rule list section of the file.
The third section is the parameter list section, is preceded by PARAMETER_LIST=, and contains all of the other parameters—including those listed in "Diagnostic Parameters for Oracle Connection Manager"—you might include in the cman.ora file.
Following is a further discussion of the parameter list section.
Purpose
The parameter list section specifies the attributes for Oracle Connection Manager. To override the default setting for a parameter, enter the parameter and its nondefault value.
ASO_AUTHENTICATION_FILTER=OFF
CONNECTION_STATISTICS=NO
EVENT_GROUP=none
IDLE_TIMEOUT=0
INBOUND_CONNECT_TIMEOUT=60
LOG_DIRECTORY= The $ORACLE_HOME/network/log directory on UNIX operating systems and the %ORACLE_HOME%\network\log directory on Windows
LOG_LEVEL=SUPPORT
MAX_CMCTL_SESSIONS=4
MAX_CONNECTIONS=256
MAX_GATEWAY_PROCESSES=16
MIN_GATEWAY_PROCESSES=2
OUTBOUND_CONNECT_TIMEOUT=0
PASSWORD_instance_name= Value is the encrypted instance password, if one has been set. Default is no value.
REMOTE_ADMIN=NO
SESSION_TIMEOUT=0
TRACE_DIRECTORY= The $ORACLE_HOME/network/trace directory on UNIX operating systems and the %ORACLE_HOME%\network\trace directory on Windows
TRACE_FILELEN=0
TRACE_FILENO=0
TRACE_LEVEL=OFF
TRACE_TIMESTAMP=OFF
Allowed Values of Parameters
ASO_AUTHENTICATION_FILTER={off | on}
CONNECTION_STATISTICS={no | yes}
EVENT_GROUP={init_and_term | memory_ops | conn_hdlg | proc_mgmt | reg_and_load | wake_up | timer | cmd_proc | relay}
IDLE_TIMEOUT=0 or greater
INBOUND_CONNECT_TIMEOUT=0 or greater
LOG_DIRECTORY=log_directory
LOG_LEVEL={off | user | admin | support}
MAX_CMCTL_SESSIONS= Any positive number
MAX_CONNECTIONS=[1 to 1024]
MAX_GATEWAY_PROCESSES= Any number greater than the minimum number of gateway processes up to 64
MIN_GATEWAY_PROCESSES= Any positive number less than or equal to 64. Must be less than or equal to the maximum number of gateway processes.
OUTBOUND_CONNECT_TIMEOUT=0 or greater
REMOTE_ADMIN={no | yes}
SESSION_TIMEOUT=0 or greater
TRACE_DIRECTORY=trace_directory
TRACE_FILELEN= Any positive number
TRACE_FILENO= Any positive number
TRACE_LEVEL={off | user | admin | support}
TRACE_TIMESTAMP={off | on}
Note:
The event groupALERT cannot be turned off.Example
(PARAMETER_LIST=
(ASO_AUTHENTICATION_FILTER=ON)
(CONNECTION_STATISTICS=NO)
(EVENT_GROUP=INIT_AND_TERM,MEMORY_OPS,PROCESS_MGMT)
(IDLE_TIMEOUT=30)
(INBOUND_CONNECT_TIMEOUT=30)
(LOG_DIRECTORY=/home/user/network/admin/log)
(LOG_LEVEL=SUPPORT)
(MAX_CMCTL_SESSIONS=6)
(MAX_CONNECTIONS=512)
(MAX_GATEWAY_PROCESSES=10)
(MIN_GATEWAY_PROCESSES=4)
(OUTBOUND_CONNECT_TIMEOUT=30)
(REMOTE_ADMIN=YES)
(SESSION_TIMEOUT=60)
(TRACE_DIRECTORY=/home/user/network/admin/trace)
(TRACE_FILELEN=100)
(TRACE_FILENO=2)
(TRACE_LEVEL=SUPPORT)
(TRACE_TIMESTAMP=ON))
Note:
You cannot add the parameterPASSWORD_instance_name directly to cman.ora. The parameter is added when you issue the command SAVE_PASSWD.This section lists and describes the following cman.ora file parameters:
Purpose
Use the ADDRESS listening endpoint parameter to specify the protocol address of Oracle Connection Manager.
Syntax
(ADDRESS= ...)
Example (Default)
(ADDRESS=(PROTOCOL=tcp)(HOST=local_host)(PORT=1521))
Use the ASO_AUTHENTICATION_LEVEL parameter to specify whether Oracle Advanced Security authentication settings must be used by the client. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
on to instruct Oracle Connection Manager to reject connect requests that are not using Secure Network Services (SNS). SNS is part of the Oracle Advanced Security.
off (default) to instruct Oracle Connection Manager not to check for SNS between the client and server
Use the CONNECTION_STATISTICS parameter to specify whether the SHOW_CONNECTIONS command displays connection statistics. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
yes to display statistics
no (default) to not display statistics
Use the EVENT_GROUP parameter to specify which event groups are logged. Multiple events may be designated using a comma-separated list. This parameter accepts the following values:
INIT_AND_TERM—initialization and termination
MEMORY_OPS—memory operations
CONN_HDLG—connection handling
PROC_MGMT—process management
REG_AND_LOAD—Registration and load update
WAKE_UP—events related to CMADMIN wakeup queue
TIMER—gateway timeouts
CMD_PROC—command processing
RELAY—events associated with connection control blocks
Use the IDLE_TIMEOUT parameter to specify the amount of time that an established connection can remain active without transmitting data. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
0 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the INBOUND_CONNECT_TIMEOUT parameter to specify how long the Oracle Connection Manager listener waits for a valid connection from a client or another instance of Oracle Connection Manager. This parameter accepts the following values:
60 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the MAX_CMCTL_SESSIONS parameter to specify the maximum number of concurrent local or remote sessions of the Oracle Connection Manager control utility allowable for a given instance. One of these sessions must be a local session. Any number of sessions can be designated.
Use the MAX_CONNECTIONS parameter to specify the maximum number of connection slots that a gateway process can handle.
This parameter accepts a range of:
1 to 1024
Use the MAX_GATEWAY_PROCESSES parameter to specify the maximum number of gateway processes that an instance of Oracle Connection Manager supports. The maximum is 64. The number designated must be greater than the minimum number of gateway processes.
Use the MIN_GATEWAY_PROCESSES parameter to specify the minimum number of gateway processes that an instance of Oracle Connection Manager must support. Any number of sessions can be designated up to 64.
Use the OUTBOUND_CONNECT_TIMEOUT parameter to specify the length of time that the Oracle Connection Manager instance waits for a valid connection to be established with the database server or with another Oracle Connection Manager instance. This parameter accepts the following values:
60 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
Use the PASSWORD_instance_name parameter to specify the encrypted instance password, if one has been set.
Use the parameter REMOTE_ADMIN to specify whether or not remote access to an Oracle Connection Manager is allowed. This parameter accepts the following values:
yes to allow access from a remote Oracle Connection Manager Control utility session to Oracle Connection Manager
no to allow only access to the local Oracle Connection Manager. This value prevents a user running a remote Oracle Connection Manager Control utility from accessing Oracle Connection Manager.
See Also:
"Distributed Operations" for configuration detailsPurpose
Use the RULE rule list parameter to specify an access control rule list to filter incoming connections. A rule list specifies which connections are accepted, rejected, or dropped.
This parameter is listed in the rule list section of the cman.ora file preceded by RULE_LIST=.
Syntax
(RULE_LIST=
(RULE=
(SRC=host)
(DST=host)
(SRV=service_name)
(ACT={accept|reject|drop})
(ACTION_LIST=AUT={on|off}
((CONN_STATS={yes|no})(MCT=time)(MIT=time)(MOCT=time)))
(RULE= ...))
Subparameters
The RULE parameter filters a connection or group of connections using the following subparameters:
SRC: Specify the source host name or IP address in dot notation of the client.
DST: Specify the destination server host name or IP address in dot notation of the database server.
SRV: Specify database service name of the Oracle Database 10g, Oracle9i, or Oracle8 database (obtained from the SERVICE_NAME parameter in the initialization parameter file).
ACT: Specify accept to accept incoming requests or reject to reject incoming requests.
ACTION_LIST: Specify rule-level parameter settings for some parameters. These parameters are as follows:
AUT—Oracle Advanced Security authentication on client side
CONN_STATS—log input and output statistics
MCT—maximum connect time
MIT—maximum idle timeout
MOCT—maximum outbound connect time
Rule-level parameters override their global counterparts.
Usage Notes
If no rules are specified, all connections are rejected.
The source and destination can be a host name, IP address, or subnet mask.
You must enter at least one rule for client connections and one rule for CMCTL connections. Omitting one or the other results in the rejection of all connections for the rule type omitted. The last rule in the example that follows is a CMCTL rule.
If the CMCTL connection is remote, the REMOTE_ADMIN parameter in cman.ora must be set to on, regardless of the rules specified.
Oracle Connection Manager does not support wildcards for partial IP addresses. If you use a wildcard, use it in place of a full IP address. The IP address of the client may, for example, be (SRC=*).
Oracle Connection Manager supports only the /nn notation for subnet addresses. In the first rule in the example, /27 represents a subnet mask that comprises 27 left-most bits.
Example
(RULE_LIST=
(RULE=
(SRC=client1-pc)
(DST=sales-server)
(SRV=sales.us.acme.com)
(ACT=reject))
(RULE=
(SRC=144.25.23.45)
(DST=144.25.187.200)
(SRV=db1)
(ACT=accept))
(RULE=
(SRC=foo)
(DST=foobar)
(SRV=cmon)
(ACT=accept)))
Use the SESSION_TIMEOUT parameter to specify the maximum time allowed for a user session. The global setting can be overridden by a rule-level setting in ACTION_LIST. This parameter accepts the following values:
0 (default) to disable the timeout
n>0 to enable the timeout, where n equals the timeout period in seconds
This section is divided into those parameters used when ADR is enabled (when DIAG_ADR_ENABLED is set to on) and those used when ADR is disabled (when DIAG_ADR_ENABLED is set to off). Non-ADR parameters listed in the cman.ora file are ignored when ADR is enabled.
This section lists the parameters used when ADR is enabled (when DIAG_ADR_ENABLED is set to on):
Purpose
Use the ADR_BASE parameter to specify the base directory into which tracing and logging incidents are stored when ADR is enabled.
Default
The default is $ORACLE_BASE, or $ORACLE_HOME/log if $ORACLE_BASE is not defined.
Values
Any valid directory path to a directory with write permission.
Example
ADR_BASE=/oracle/network/trace
Purpose
The DIAG_ADR_ENABLED parameter indicates whether ADR tracing is enabled.
Usage
When the DIAG_ADR_ENABLED parameter is set to OFF, non-ADR file tracing is used.
Default
on or off
Example
DIAG_ADR_ENABLED=on
Purpose
Use the LOG_LEVEL parameter to specify the level of logging performed by Oracle Connection Manager. This parameter is also applicable when non-ADR tracing is used.
There are three kinds of log files: instance-name_pid.log for the listener, instance-name_cmadmin_pid.log for CMADMIN, and instance-name_cmgw_pid.log for the gateway processes. The log files are located in the $ORACLE_HOME/network/log directory on UNIX operating systems and the %ORACLE_HOME%\network\log directory on Windows.
Default
off or 0
Values
off or 0 for no trace output
user or 4 for user trace information
admin or 10 for administration trace information
support or 16 for Oracle Support Services trace information
Example
LOG_LEVEL=admin
Purpose
Use the TRACE_LEVEL parameter to specify the trace level for the Oracle Connection Manager instance. This parameter is also applicable when non-ADR tracing is used.
There are three kinds of trace files: instance-name_pid.trc for the listener, instance-name_cmadmin_pid.trc for CMADMIN, and instance-name_cmgw_pid.trc for the gateway processes. The log files are located in the $ORACLE_HOME/network/trace directory on UNIX operating systems and the %ORACLE_HOME%\network\trace directory on Windows.
Default
off
Values
off for no trace output
user for user trace information
admin for administration trace information
support for Oracle Support Services trace information
Example
TRACE_LEVEL=admin
Purpose
When the TRACE_LEVEL parameter is enabled, you can use the TRACE_TIMESTAMP parameter to add a time stamp in the form of dd-mon-yyyy hh:mi:ss:mil to every trace event in the trc files. This parameter is also applicable when non-ADR tracing is used.
Default
on
Values
on or true | off or false
Example
TRACE_TIMESTAMP=true
This section lists the parameters used when ADR is disabled (when DIAG_ADR_ENABLED is set to off):
Notes:
The following parameters are used whether ADR is enabled or not:
The default value of DIAG_ADR_ENABLED is on. Therefore, the DIAG_ADR_ENABLED parameter must explicitly be set to off in order for non-ADR tracing to be used.
Purpose
Use the LOG_DIRECTORY parameter to specify the location of Oracle Connection Manager log files. Use this parameter when ADR is not enabled.
Default
The $ORACLE_HOME/network/log directory on UNIX operating systems and the %ORACLE_HOME%\network\log directory on Windows operating systems.
Values
Any valid directory path to a directory with write permission.
Example
LOG_DIRECTORY=
Purpose
Use the TRACE_DIRECTORY parameter to specify the location of the Oracle Connection Manager trace files. Use this parameter when ADR is not enabled.
Default
The $ORACLE_HOME/network/trace directory on UNIX operating systems and the %ORACLE_HOME%\network\trace directory on Windows
Values
Any valid directory path to a directory with write permission.
Example
TRACE_DIRECTORY=/oracle/network/admin/trace
Purpose
Use the TRACE_FILELEN parameter to specify the size, in kilobytes, of the trace file. When the size is met, the trace information is written to the next file. The number of files is specified with the TRACE_FILENO parameter. Any size can be designated. Use this parameter when ADR is not enabled.
Default
Unlimited
Example
TRACE_FILELEN=100
Purpose
Use the TRACE_FILENO parameter to specify the number of trace files for Oracle Connection Manager tracing. When this parameter is set along with the TRACE_FILELEN parameter, trace files are used in a cyclical fashion. The first file is filled first, then the second file, and so on. When the last file has been filled, the first file is reused, and so on. Any number of files can be designated.
The trace file names are distinguished from one another by their sequence number. For example, if this parameter is set to 3, the gateway trace files would be named instance-name_cmgw1_pid.trc, instance_name_cmgw2_pid.trc and instance_name_cmgw3_pid.trc.
In addition, trace events in the trace files are preceded by the sequence number of the file. Use this parameter when ADR is not enabled.
Default
1
Example
TRACE_FILENO=3
