This guide details all configurations that are available within SurgeSuppressor. All configurations can be used in the application-prod.yml file located in the /etc/surge-suppressor/config.

YAML (YAML Ain't Markup Language)

All SurgeSuppressor configurations are in the YAML (.yml) format.

Basic Rules

  • YAML is case sensitive.
  • YAML does not allow the use of tabs. Spaces are used instead as tabs are not universally supported.
  • A dictionary is represented in a simple key: value form (the colon must be followed by a space):

       protocol: http

Full Documentation

Complete YAML documentation can be found here.

Spring Boot

SurgeSuppressor Configurations are built upon Spring Boot. Within Spring there is a wide variety of pre-defined configurations. The complete list of configuration options can be found here.

Example Configuration

This sample configuration is meant as a guide only. Do not copy and paste the entire content into your configuration.

      nickname: cluster1
      hostname: xsp1
      username: admin
      password: password
    min-length: 10
    restrict-min-digits: true
    min-digits: 2
    restrict-min-lower-case: true
    min-lower-case: 2
    restrict-min-upper-case: true
    min-upper-case: 2
    restrict-min-non-alpha: true
    min-non-alpha: 1
    num-attempts: 100
      - "password cannot contain this"
    protocol: http
    path: "/cgi/user.cgi"
    show: surge-suppressor.json
    admin-username: admin
    admin-password: password
    login-timeout-minutes: 60
    v2-community: public
    heartbeat-plugin: org.friendlysnmp.plugin.heartbeat.PluginHeartbeat
  email-management-mode: PRESCRIBED
  email-management-pattern: vm_%userid%
  email-domain: ""
  rename-accounts-as-delete: true
  valid-administrators: ".*"
  valid-users: ".*"
    - "/audit-log-path"

Broadworks (broadworks)

broadworks is the root header for Alpaca Library related configurations.

Server Configuration (server-config-list)

  • nickname: Unique name for the BroadWorks connection
  • hostname: The hostname of the OCI connection. This is typically the XSP.
  • username: The username of the admin user to login with.
  • password: The password of the admin user to login with.

SurgeSuppressor (surgesuppressor)

  • audit-log-paths : List of paths to the Application Server audit logs.
  • email-management-mode : {PRESCRIBED, PERMISSIVE}. See concepts for more information
  • email-management-pattern : The regex pattern to use for the PRESCRIBED email management mode.
  • email-domain : The domain name to use when creating and validating email addresses. In addition, whenever SurgeSuppressor creates an account in SurgeMail while in PRESCRIBED mode, it uses this domain.
  • rename-accounts-as-delete : This option allows accounts to be renamed and saved rather than being removed when removal has been triggered.
  • valid-administrators : (REGEX) Used to determine whether changes made by the administrator should be synchronized into SurgeSuppressor. The default does not restrict anyone.
  • valid-users : (REGEX) When an audit log is processed, if the modified User's id does not match the pattern, SurgeMail will not perform the action. The default does not restrict anyone.

Password Rules (password-rules)

  • min-lenth: The minimum allowed password length.
  • restrict-min-digits: Whether to require a minimum amount of digits.
  • min-digits: If restricting min digits, how many digits should be required.
  • restrict-min-lower-case: Whether to require a minimum amount of lower case characters.
  • min-lower-case: If restricting lower case, how many lower case characters should be required.
  • restrict-min-upper-case: Whether to require a minimum amount of upper case characters.
  • min-upper-case: If restricting upper case, how many upper case characters should be required.
  • restrict-min-non-alpha: Whether to require a minimum amount of non-alphanumeric characters.
  • min-non-alpha: If restricting non-alpha, how many non-alphanumeric characters should be required.
  • num-attempts: The number of generation attempts to be cycled to produce a password candidate.
  • cannot-contain: This is a list of items that the password cannot contain. For example, if the cannot-contain list had "asdf" then the password "asdf123" would be invalid.

SurgeMail Properties (surge-mail-properties)

  • protocol: The protocol used to access the SurgeMail server.
  • host: The address of SurgeMail sever.
  • path: The path element of the URI.
  • show: Controls the file template used by SurgeMail to return the REST responses.
  • admin-username: The SurgeMail admin Username.
  • admin-password: The SurgeMail admin Password.
  • login-timeout-minutes: The amount of time before timing out during a login attempt.

SMMP Properties (snmp-properties)

  • get-set-address : This is the port to watch for trap information and should be set to the local machine.
  • send-notifications : This is the location to send the trap information. This location needs to be setup to listen for incoming SNMP trap information.
  • v2-community : This is the community name for trap information. Typically this is “public”.
  • heartbeat-plugin : This is a library that listens to the application thread and alerts if the program has closed unexpectedly.