SETTINGS
[MANAGEMENT] > [SETTINGS]
Configure key system-wide settings for DeepFinder, including system information, system logs, authentication and sessions, backup/restore, log retention periods, and pattern updates. An audit log is created upon changing settings, and changes are reflected in the Manager Console immediately or after a restart.
| Item | Description |
|---|---|
| Version | Displays the current version of the Manager Console. When a new version is released, the [UPDATE] button becomes active, allowing you to update the server. (Requires external internet access, takes about 10 minutes) |
| LICENSE INFORMATION | Displays the license creation date, maximum number of agents allowed, and expiration date. You can renew the license via the [UPDATE] button. |
| SERVER RESTART | Restarts the Manager's Application Server process to apply setting changes, etc. |
| GEOIP Version | Updates GeoIP data to the latest version to improve the accuracy of country identification in detection logs. |
| CHANGE SERVER CONFIG | Changes the settings of the Agent Server Application. (e.g., SYSLOG settings, etc.) Changes are reflected only after restarting the server. |
| CHANGE API CONFIG | Changes the API operation settings of the Manager Console. |
| AI API KEY UPDATE | Registers a ChatGPT API key for detection log analysis (determining true/false positives, identifying attack techniques). |
| Server Log | Checks the operation and communication logs of the Agent Server. |
| API Log | Checks API calls and GUI operation logs. |
| SET LOGOUT TIME | Sets the wait time for automatic logout if there is no administrator activity. |
| SET LOGIN ATTEMPTS | Sets the number of allowed login failures for account protection. |
| DB BACKUP/RESTORE | Backs up or restores DB data. You can set up periodic backups and remote transfers via scheduling. |
| LOG STORAGE PERIOD (DB / Elastic) | Sets the log retention period for disk capacity management. |
| DELETE DATE (monthly) / DELETE HOUR | Sets the cycle and time to automatically delete data past its retention period. |
| DISK / CPU / MEMORY LIMIT | Sets resource (CPU, Memory, Disk) thresholds for the Manager server. If exceeded, notifications are sent to the administrator via E-Mail, Syslog, and Audit Log. |
| SMTP Host / Port ... | Sets SMTP server information for sending reports and system notification emails. |
| UPDATE PATTERN | Used to manually upload and update security pattern template files (XML). |
Note
Guide to Applying Major Changes
1. Manager Version Update
All components except the Agent Server will be restarted. Agent security functions and log collection are not interrupted during the update.
2. License Information Update
License renewals are reflected in the system after restarting the Agent Server.
3. Manager Server & API Configuration File Changes
Some settings, such as Syslog, are reflected after restarting the service.
Incorrect settings can cause service failures, so please change them with caution.
Version and License Information
Manager Console Update
[MANAGEMENT] > [SETTINGS] > Version [RELEASE NOTE]
Check and manage the version and license status of DeepFinder Manager.
* Update: When the latest version is distributed, the [UPDATE] button becomes active. (Internet connection required)
* License Renewal: You can update the license key to renew the maximum number of agents or the expiration date.
* Server Restart: Restart the Manager process to apply settings or troubleshoot issues.
GeoIP Version
Country DB Update
[MANAGEMENT] > [SETTINGS] > GEOIP Version [GEOIP UPDATE]
Update the country IP database to improve the accuracy of IP and country information displayed in detection logs. After the update is complete, you must restart the server process for the changed data to be reflected.
Configuration Files
Change Server Configuration
[MANAGEMENT] > [SETTINGS] > CHANGE SERVER CONFIG [OPEN]
Directly modify the core configuration files of the Manager Server and API Server. Used to change the server's operation method or environment configuration.
| Item | Description |
|---|---|
| server_id | A unique identifier to distinguish each server when operating multiple servers. |
| myIP | IP for Redirect handling. If blank, it reconnects to the Server IP known to the Agent. |
| myport | Specifies the port for communication with the Agent. (Default: 10012) |
| tcp_workers | Number of Worker processes for TCP processing. (Default: 4) |
| ssl_workers | Number of Worker processes for SSL processing. (Default: 4) |
| logformat | Defines the format of detection logs to be sent via Syslog. (Default: deepfinder: AlertLog|logDate:%T|Agent IP:%X|...) |
| detail_log_address | URL address for viewing detection log details. (Default: https://serverip/common/logdetailext?seqno=) |
| systemlogheader | Header for system logs sent via Syslog. (Default: deepfinder: SystemLog) |
| auditlogheader | Header for audit logs sent via Syslog. (Default: deepfinder: AuditLog) |
| agentlistheader | Header for the Agent list sent via Syslog. (Default: deepfinder250: AgentList) |
| ssl_pemfile | Certificate filename for SSL communication between Manager and Agent. (Default: deepfinder.pem)※ Caution: Arbitrary changes may cause Agent disconnection. |
| ssl_password | Password for the SSL certificate. (Default: isdwebconx)※ Caution: Arbitrary changes may cause Agent disconnection. |
| sysinfo_checktime | Period (seconds) to check Agent system status information. (Default: 15) |
| license_file | License filename. (Default: license.txt) |
| default_charset | Default character encoding for the Manager. (Default: EUC-KR) |
| debug | Whether to enable debug mode. If enabled, detailed logs are recorded. (Default: 0) |
| update_time | Sets the DB update cycle (seconds). (Default: 30) |
| logserver | Sets the IP and port (UDP) of the server to receive Syslog. (Max 5)  ※ You must restart the server for Log Server changes to take effect. |
| ProcessWatch | Sends a notification via Syslog when the resource usage of the Manager process reaches the set threshold. |
Change API Server Configuration
[MANAGEMENT] > [SETTINGS] > CHANGE API CONFIG [OPEN]
| Item | Description |
|---|---|
| auto_delete_db | Whether to use the DB data auto-delete function. (Detailed settings are performed in the 'Log Storage Period' menu) |
| elastic_yn | Sets whether to use Elasticsearch. |
| cloud_yn | Sets whether to display Agent usage time (for Cloud billing). |
| auto_delete_es | Whether to use the Elasticsearch data auto-delete function. (Detailed settings are performed in the 'Log Storage Period' menu) |
| report_server | Sets the address of the report generation server. |
| file_charset | Character encoding applied when downloading files from the Manager, such as CSV files. |
| Download | Temporary path where Manager upload files will be saved. (Default: /usr/local/dfserver/api/DeepFinderAPI/tmp/) |
| log_dir | Path to save API Server logs. (Default: /usr/local/dfserver/api/logs) |
| report_summary_time | Start time of the batch process for aggregating report data. (Default: 01:01) |
| thread_num | Number of threads to improve performance when generating report data. (Default: 10) |
| lang | Sets the default language for the Manager Server. |
| postgres_home | Path to the PostgreSQL database. (Default: /usr/local/dfserver/postgres) |
| scheduler_home | Path to the scheduler. (Default: /usr/local/dfserver/webapps) |
| debug | Whether to enable debug mode. (0: Disable, 1: Enable) |
Register AI API Key
[MANAGEMENT] > [SETTINGS] > AI API KEY UPDATE [OPEN]
Register your ChatGPT API key to activate the detection log analysis function. This allows you to check AI's analysis opinions on false/true positives and specific attack techniques.
After registering the key, an AI Comment icon is generated on the [LOG] > [SECURITY LOG] > [Log Details] screen.
Clicking the icon allows you to view the AI's analysis results (attack type, true/false positive opinion, etc.) for that log.
Manager Log
Check Manager Server / Console Log
[MANAGEMENT] > [SETTINGS] > Server Log / API Server Log [OPEN]
Check the detailed operation logs of the Manager. * Server Log: Backend process-related logs such as server startup, error occurrences, Agent communication, etc. * API Server Log: Logs related to GUI task execution and API calls.
Manager Login
Login Security Settings
[MANAGEMENT] > [SETTINGS] > SET LOGOUT TIME / SET LOGIN ATTEMPTS [SAVE]
Set session expiration time and allowed login failure attempts for administrator account security. * SET LOGOUT TIME: Automatically logs out if there is no input for a sustained period. * SET LOGIN ATTEMPTS: If login fails more than the set number of times, the account is switched to a Locked state. (Unlocking is performed by the Super Administrator in the 'User Management' menu)
Manager DB Backup/Restore
DB Backup and Restore
[MANAGEMENT] > [SETTINGS] > DB BACKUP/RESTORE
Back up the current DB state or restore the system with an existing backup file. * BACKUP: Backs up operational data such as policies and group settings, excluding detection logs. * RESTORE: Reverts settings to the data of the selected point in time.
Danger
Data Loss Warning
When restoring the DB, all current DB data in the Manager will be deleted and overwritten with the backup copy. Backing up the current state before restoration is recommended.
Schedule Backup
Sets an automatic backup cycle to back up data regularly. Backup files can be automatically transferred to a remote server via SCP, FTP, or SFTP protocols.
| Item | Description |
|---|---|
| BACKUP SCHEDULE | Sets the backup cycle (Daily, Monthly) and the retention period for backup files. |
| BACKUP SERVER | Sets the remote server information to transfer backup files to. (Supports SCP, FTP, SFTP) |
| BACKUP RESULT | Checks the success of the backup execution and the result of the remote transfer (RESULT). |
Backup File Management
You can download generated backup files or upload backup files brought from outside. Manual transfer to a remote server is also possible if needed.
Manager Log Retention Period and Thresholds
Log Retention Period Settings
[MANAGEMENT] > [SETTINGS] > LOG STORAGE PERIOD [SAVE]
Sets the log retention cycle for disk space management. Data older than the set period is automatically deleted at the specified 'DELETE DATE / DELETE HOUR'. You can also manually free up space via the [DELETE IMMEDIATELY] button.
System Threshold Settings
Sets thresholds for CPU, Memory, Disk usage of the Manager server. If resource usage exceeds the threshold, notifications are sent to the administrator via audit log recording and Syslog transmission.
Register SMTP Information
[MANAGEMENT] > [SETTINGS] > SMTP Host ... [SAVE]
Register SMTP server information for sending system notifications and report emails. (Host, Port, Protocol, ID, Password, etc.)
Manager Pattern Update
[MANAGEMENT] > [SETTINGS] > UPDATE PATTERN [UPDATE]
If automatic updates are not possible, such as in a closed network environment, you can manually upload and update the provided pattern file (XML).
After the update, you must restart the Server process in the [MANAGEMENT] > [SETTINGS] > SERVER RESTART menu for the new patterns to be applied to Agents.
