3.1.2 MetaDefender ICAP Server configuration file

Linux

The configuration file for the server is located in /etc/mdicapsrv/mdicapsrv.conf.

After modifying the server configuration file you must restart the MetaDefender ICAP Server service in order for the changes to take effect. You should use the distribution-standard way to restart the mdicapsrv service.

[global] section

parameter

default value

required

description

icapaddress

0.0.0.0

required

One of the IP addresses of the computer that runs the product to serve ICAP interface (0.0.0.0 means all interface)

icapport

1344

required

Designated port number for the ICAP interface

restaddress

0.0.0.0

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8048

required

Designated port number for the web and REST interface

tempdirectory

/var/tmp/mdicapsrv/temp

optional

Root directory for temporary files creation.

A /temp subdirectory is automatically created within a customized directory. For example:

  • If /tmp is configured as tempdirectory then

  • /tmp/temp will be used for creating temporary files

skip_multipart_without_filename

false

optional

When enabled the ICAP server won't send files from a multipart request for scanning when the given part does not have a filename key in it's own Content-Disposition header

[logger] section

key

default value

required

description

logfile

/var/log/mdicapsrv/mdicapsrv.log

optional

Full path of a logfile to write log messages to

loglevel

info

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

optional

Switch on logging to a local ('local') or remote ('protocol://hostname:port') syslog server. (Multiple server can be specified separated with comma)

syslog_level

 

optional

Level of logging. Supported values are: debug, info, warning, error

override

 

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info". Note: when displaying these log ids their original level will remain the same.

capture_traffic

 

optional

Capture raw TCP traffic in case of bad requests. See 3.5.4 Logging traffic of bad requests.

cef

false

optional

If true, the log format is Common Event Format

local_timezone

false

optional

If true, the times sent in syslog messages will be in the server's local timezone. This does not effect entries in the log file/Windows event log.

When syslog is used with cef and local_timezone enabled the timezone name can vary based on the underlying system and it's settings.

Examples

  • Syslog

    • UTC: 2018-09-19T13:07:36Z

    • Local: 2018-09-19T15:07:36+02:00

  • Syslog with CEF

    • UTC: Sep 19 13:12:47 UTC

    • Local 1: Sep 19 15:12:47 CEST

    • Local 2: Sep 19 15:12:47 Central Europe Daylight Time

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.

Windows

The configuration for the server is located in Windows Registry.

After modifying the server configuration file you must restart the MetaDefender ICAP Server service in order for the changes to take effect.

Default logging target is Windows event log with default level of info (see below).

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\global

parameter

default value

type

required

description

icapaddress

0.0.0.0

string value

required

One of the IP addresses of the computer that runs the product to serve ICAP interface (0.0.0.0 means all interface)

icapport

1344

string value

required

Designated port number for the ICAP interface

restaddress

0.0.0.0

string value

required

One of the IP addresses of the computer that runs the product to serve REST API and web user interface (0.0.0.0 means all interface)

restport

8048

string value

required

Designated port number for the web and REST interface

tempdirectory

C:\Program Files\OPSWAT\Metadefender ICAP Server\data\temp

string value

optional

Root directory for temporary files creation.

A \temp subdirectory is automatically created within a customized directory. For example:

  • If C:\Temp is configured as tempdirectory then

  • C:\Temp\temp will be used for creating temporary files

skip_multipart_without_filename

false

string value

optional

When enabled the ICAP server won't send files from a multipart request for scanning when the given part does not have a filename key in it's own Content-Disposition header

HKEY_LOCAL_MACHINE\SOFTWARE\OPSWAT\ICAP Server\logger

parameter

default value

type

required

description

logfile

 

string value

optional

Location of a logfile to write log messages to

loglevel

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error

wineventlog_level

info

string value

optional

Level of logging. Supported values are: debug, info, warning, error

syslog

 

string value

optional

Value can only by in form of 'udp://<hostname>:<port>'. (Multiple server can be specified separated with comma)

syslog_level

 

string value

optional

Level of logging. Supported values are: debug, info, warning, error

override

 

string value

optional

Override specific log ids to display them on another level e.g.: "1723:error,663:info" . Note: when displaying these log ids their original level will remain the same.

capture_traffic

 

DWORD

optional

Capture raw TCP traffic in case of bad requests. See 3.5.4 Logging traffic of bad requests.

cef

false

string value

optional

If true, the log format is Common Event Format

local_timezone

false

string value

optional

If true, the times sent in syslog messages will be in the server's local timezone. This does not effect entries in the log file/Windows event log.

When syslog is used with cef and local_timezone enabled the timezone name can vary based on the underlying system and it's settings.

Examples

  • Syslog

    • UTC: 2018-09-19T13:07:36Z

    • Local: 2018-09-19T15:07:36+02:00

  • Syslog with CEF

    • UTC: Sep 19 13:12:47 UTC

    • Local 1: Sep 19 15:12:47 CEST

    • Local 2: Sep 19 15:12:47 Central Europe Daylight Time

You should set both of syslog and syslog_level or none of them and you should set both of logfile and loglevel or none of them.