Long form

Short form

Argument(s)

Description / Example(s)

Default value

add-new-databases

D

Tries to add directories with OLAP database automatically and adds them to palo.csv.
On/off switch.

True

admin

a

<address> <port>

Http interface with server browser and online documentation. An address can be a server name, an internet address or “” for all server internet addresses.
Port is a number:
admin 192.168.1.2 7777
admin localhost 7770
admin “” 7780

amazon-id

O

False

audit

1

Disabled

audit-blocksize

{

auto-commit

B

Commits all changes on server shutdown.
On/off switch.

True

auto-load

A

Loads all databases on server start into memory which are defined in the palo.csv. On/off switch.

True

cache-barrier

b

<max number
of cells to store
in each cube cache>

Sets the max number of cells to store in each cube cache.
cache-barrier 150000000
cache-barrier 0 (sets cache-barrier to 0).

100000000

chdir

C

Only for the command line.
On/off switch.

True

cross-origin

g

<domain_name>

crypt

c

Turns on encrypting of the database files. Newly saved files are encrypted if this is set using the Blowfish algorithm. On/off switch.

Note: If “crypt” is enabled,
– it is not possible to set the log-level of OLAP Server to “trace” or “debug”. Both log levels could make the log file contain information about database contents, and since log files are always readable, this would conflict with the purpose of the “crypt” option.
– it is not possible to enable the “audit” option in palo.ini. The data storage for audit information currently cannot be encrypted, and so that storage would again contain readable data information which would conflict with the purpose of the “crypt” option.

For decryption, just remove crypt from palo.ini and on next “save” the database files will be decrypted, i.e. if a value is written to a cube, it will be decrypted (with all its files). It will not be automatically decrypted. Don’t remove crypt-key otherwise it won’t be possible to load encrypted files. Remove the crypt-key after you’re sure that everything was decrypted.

Procedure to decrypt all databases:
– remove crypt from palo.ini
– restart OLAP service
– use Jedox example (ETL-Tools) “Database Copy”
– copy all databases
– everything will be back to decrypted status

False

crypt-key

k

<passphrase for crypting csv files>

Sets pass phrase used for encrypting/decrypting of the database files.
It is used also for decrypting, so it has to be set if there are any encrypted files in the database (even when encrypting is off ). Blowfish algorithm supports keys of up to 448 bytes in length.

Empty string

data-directory

d

<directory>

Only for command line.

./Data

default-db-right

R

<right value>

Default value for database access rights.
Possible values: N, R, W, D.

D

device

j

<bus_id0>.<device_id0>
<bus_id1>.<device_id1> …

All available devices

Empty vector

dimension-file-format

Possible values:

-legacy
-binary
-compare

Legacy: dimensions are saved to database.csv

Binary: dimensions are saved to database_DIM_*.csv and database_DIM_*.bin (if available), similar to cube save/load.

Compare: used for testing and debugging. Dimensions are loaded from both database_DIM_*.bin and database_DIM_*.csv files and are compared to find identical content.

Note: dimensions that have been saved as binary files are not portable between Linux and Windows.

legacy

disable-request-logging

dump-upload

G

On/off switch.

Disabled

dump-upload-desc

3

<description>

“”

dump-upload-reporter

2

<email-address>

“”

enable-drillthrough

y

Enables cell drillthrough.
On/off switch.

False

enable-gpu

P

On/off switch.

False

enable-password-retrieval

enable-profiling

4

On/off switch.

False

encryption

X

<encryption-type>
possible values:
-none
-optional
-required

Sets the encryption type.
If optional is selected, then you can use HTTPS. If required is selected, then only /server/info will function unencrypted. All other functions require an HTTPS connection. If encryption is turned on, TLS 1.2 is used for communication.

None

engine-configuration

N

M – force engine to use Marker Driven Engine for rules with markers (5.1 algorithm)
S – force engine to use statically created markers
1 – single core calculation
E – suppress rule error propagation across consolidation

extensions

E

<directory>

../Modules

failed-login-threshold

<count>

Starts login delay when failed attempts count for username exceeds this value.

friendly-service-name

F

<service-name>

goalseek-limit

Z

<number_of_cells>

Goalseek algorithm can be executed on slices with maximum <number_of_cells>.

1000

goalseek-timeout

z

<milliseconds>

Algorithm must complete within <familliseconds>.

10000

gpu-frame-size

7

<number>

gzip

<level>

Level values: 0-9
0 – no compression
1 – fastest compression
9 – smallest gzip size

Disabled

help

?

Displays the parameters of palo.exe.
Only for the command line.
On/off switch.

False

http

h

<address> <port>

Examples for http interface:
http “” 7777
http “” 7779
http localhost 7779
See description of admin parameter above.

https

H

<port>

Sets https connection port:
https 7778

ignore-cell-data

U

On/off switch.

False

ignore-journal

I

Turns off recovery of data from journal files.
The option “ignore-journal” can imply loss of data in certain scenarios, and should not be used in a production system!

False

init-file

i

<init-file>

Only for command line.

palo.ini

key-files

K

<ca> <private> <dh>

Empty vector

load-init-file

n

Only for command line.
On/off switch.

True

log

o

ink=-

maximum-return-cells

l

<number>

Sets a maximum limit for cells return from an area call:
maximum-return-cells 10000

100000

no-archives

<

no-csv-save

J

Turns off saving of CSV files for cubes whenever possible. Only BIN files are saved. Reduces time needed for saving.

False

no-csv-save-dim

ntlm_auth

(

<path to ntlm_auth
with helper arguments>

“/usr/bin/ntlm_auth
–helper-protocol
=gss-spnego”

password

p

<private-password>

On/off switch.

password-pattern

<regular expression>

Regular expression used for checking password complexity when the password is changed (or a password is assigned to a new user), to enforce password complexity.
e.g. (?=……..+)(?=.*[a-z].*)(?=.*[A-Z].*)(.*[0-9@#$%].*) defines:
the password has to be at least 8 characters long and it has to contain at least one uppercase, one lowercase character and one digit or special symbol from ‘@#$%’

When multiple password patterns are defined, the last one has priority.

profile-interval

5

<seconds>

60

sink=syslog address=<address:port> facility=<facility>

saml-authentication

saml-authorization

saml-certificate

saml-encrypt-login

saml-encrypt-logout

saml-idp-metadata

<url>

If metadata is distributed as a file, or server is restricted from accessing the internet, use file://<filepath>.

saml-nameidpolicy

<NameID policy>

saml-privatekey

<path to private key>

saml-sign-login

saml-sign-logout

saml-signature-algorithm

<algorithm type>

saml-use-logout

service-description

q

<service-description>

service-name

S

<service-name>

session-timeout

M

<seconds>

Specifies the idle time after which the session is closed:
session-timeout 3600

-1 (300s)

splash-limit

L

<error> <warning> <info>

Splashing limits in megabytes:
Generates an error if splashing requires more space than the first number.
Generates a warning entry if splashing requires more space than the second number.
Generates an info entry if splashing requires more space than the third number.
splash-limit 2000 1000 200

1000, 500, 100

ssl-ciphers

<list of SSL ciphers>

start-service

s

On/off switch.

False

template-directory

t

<directory>

Directory of online documentation:
template-directory Binary/Api.

../Api

trace

T

<trace-file>

Empty string

undo-file-size

u

<number of
bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in files for storing changes:
undo-file-size 100000000

50 * 1024 * 1024

undo-memory-size

m

<number of bytes per lock>

In a locked cube area it is possible to undo changes. Each lock can use <number of bytes per lock> bytes in memory for storing changes:
undo-memory-size 10000000

10 * 1024 * 1024

use-cube-worker

Y

Uses cube worker.
Can react on cell value changes.
On/off switch.

False

use-dimension-worker

W

Uses dimension worker. Can react on creation, deletion, and renaming of an element in a specified dimension.
On/off switch.

False

verbose

v

<level>

Log levels:
error, warning, info, debug, trace

If no value has been set, then error is the default value.

Error

version

V

Only for command line.
On/off switch.

False

wbinfo

)

<path to wbinfo>

“/usr/bin/wbinfo”

windows-sso

e

Enables Windows SSO authentication.
On/off switch.

False

windows-sso-authentication

}

windows-sso-ignore-groups

Disables group fetching in authentication mode (i.e., when windows-sso-authentication is active). Can speed up authentication process when users are assigned to many groups.

When activated, arrays with group names are not retrieved from AD, so SVS authentication script receives empty array with group names.

worker

w

<worker-executable>
<argument1>
<argument2>
<argumentX>

worker /usr/bin/php5 /
home/palo/worker.php

Empty string
empty vector

workerlogin

x

<worker-login-type>

Uses a worker for login
Possible values:
-information
-authentication
-authorization
Example: workerlogin authorization

The workerlogin parameter has one additional argument. If you supply workerlogin on the command line and in the configuration file, then the value supplied in the configuration will be taken. If the http option is supplied for port A on the command line and for port B in the configuration file, then both ports A and B are used.

None

zip-backup

]

Level values: 0-9
0 – no compression
1 – fastest compression
9 – smallest zip size