3.2.2. Startup Node Configuration

Linux

The configuration file for the node is located in /etc/ometascan-node/ometascan-node.conf

After modifying the node configuration file you must restart the Metadefender Core Node service in order for the changes to take effect. You should use the distribution-standard way to restart the service.

[global] section

parameter

default value

required

description

serveraddress

 

optional

Address of the computer to accept external scan node connections

serverport

 

optional

Designated port number to accept external scan node connections

tempdirectory

 

optional

Full path of a directory to use for storing temporary files (Node creates a subfolder called resources in this folder)

tempdirectory_create_timeout

 

optional

If node cannot create the resources folder, it will retry for the specified amount of milliseconds

In case the serveraddress and serverport are not provided, the scan node will try to connect the Metadefender Core server on the local machine. You should set both or none of them.

[logger] section

key

default value

required

description

logfile

/var/log/ometascan/ometascan-node.log

optional

Full path of a logfile to write log messages to

loglevel

info

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

optional

Switch on logging to a local ('local') or remote ('protocol://<hostname>:<port>') syslog server

(Multiple server can be specified separated with comma)

syslog_level

 

optional

Level of logging. Supported values are: debug, info, warning , error

local_timezone

false

optional

Set local timezone for events sending to local syslog server

override

 

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info"

cef

false

optional

If true, the log format is Common Event Format.

archive_debug

0

optional

When enabled (set to 1), verbose debug info will be written into the Core log file

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

For override a list of log message ids needed with optionally a level. If there is no level set for an id, it will be displayed on every occasion. e.g.: "1723,663:info" means id 1723 dump message will be displayed every time and id 663 warning message is reduced to info level.

[internal] section

key

default value

required

description

data_directory

/var/lib/ometascan-node

optional

Full path for Node’s data (engines, resources etc.)

E.g. /var/lib/ometascan-node/test

parallelcount

20

optional

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines except Archive engine (extraction, default = -1 unlimited) and Proactive DLP engine (default = 5)

parallelcount_<enginename>

 

optional

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

  • ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20

  • 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)

    • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)

    • 7z_compress (parallelcount_7z_compress): Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20

Windows

The configuration for the node is located in Windows Registry

After modifying the node configuration file you must restart the Metadefender Core Node service in order for the changes to take effect. You should use the distribution-standard way to restart the service.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan Node\global

parameter

default value

type

required

description

serveraddress

 

string value

optional

Address of the computer to accept external scan node connections

serverport

 

string value

optional

Designated port number to accept external scan node connections

In case the serveraddress and serverport are not provided, the scan node will try to connect the Metadefender Core server on the local machine.

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan Node\logger

key

default value

type

required

description

logfile

 

string value

optional

Location of a logfile to write log messages to.

loglevel

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

Must set value on this key when logfile key is also set accordingly.

log_rotation

1

string value

optional

This setting is only applicable MD Core version 4.17.3 or above, Windows OS only (on Linux, we use already-supported OS log rotation)

Should only set this key when logfile key is also set accordingly.

Supported values:

  • 0 (same behavior like Core 4.17.2 or older): Core logs are not rotated.

  • 1 (default mode), enable to rotate log:

    • Rotation process will be performed every day, regardless of file size.

    • Limit rotated log to be stored is 30 files, the oldest log will be deleted if file number reaches the limit.

    • Rotated log name format: <logname>-<yyyyMMdd>.gz (e.g.: core.log-20200330.gz), all saved in same location with what you set in logfile

    • All generated log packages included in Core support package,

wineventlog_level

info

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

syslog

 

string value

optional

Value can only by in form of 'udp://<hostname>:<port>'

(Multiple server can be specified separated with comma)

syslog_level

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error.

Only set this key when syslog key is also set accordingly.

override

 

string value

optional

override specific log ids to display them on another level e.g.: "1723:error,663:info".

cef

false

string value

optional

If true, the log format is Common Event Format.

archive_debug

0

string value

optional

When enabled (set to 1), verbose debug info will be written into the Core log file.

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

Please note, if a data entry to be used does not exist, it should be created first.

In versions older that v4.6.0 the location of the configuration option is HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan Agent\...

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\Metascan Node\internal

key

default value

type

required

description

data_directory

<MD Core installation folder>\data

string value

optional

Full path for MD Core’s data (database, updates etc.)

E.g. D:\custom_path

parallelcount

20

string value

optional

Set maximum number of threads (files) sending to engine at the same time, applicable to all engines except Archive engine (extraction, default = -1 unlimited) and Proactive DLP engine (default = 3)

parallelcount_<enginename>

 

string value

optional

<enginename> is the first part of engine id which all can be found in <MD Core folder>\data\updates\metadescriptor

For example:

engine id: symantec_1_windows → <enginename> = symantec

Some common use-cases:

  • ds (parallelcount_ds): Deep CDR engine. By default, parallelcount_ds = 20

  • 7z (parallelcount_7z): Archive engine, applicable to archive extraction only. By default, parallelcount_7z = -1 (unlimited threads)

    • 7z_extract (parallelcount_7z_extract): Archive engine, extraction only. By default, parallelcount_7z_extract = -1 (unlimited threads)

    • 7z_compress (parallelcount_7z_extract): Archive engine, compression only for archive sanitization. By default, parallelcount_7z_compress = 20