The following CLI commands are to be used only with the direction of Technical Support.
These commands are to assist Technical Support in analyzing the status of the machine, troubleshooting common issues and correct some common problems. There are no functions that you would perform with these commands on a regular basis.
A way to manually purge audit results, this command should be used only when absolutely necessary to deal with audit tasks that produce a high number of records and take up too much disk space.
It is strongly advised to consult with Technical Support before running this command.
A Warning message is presented and a confirmation step is needed when running this command.
This command will list the audit processes and tasks information.
It will present the number of rows, ordered from the largest result set to the smallest. The number of report results is greater or equal to the input value.
Next, after the report is presented, the user can select a line number to purge the results of the audit process corresponding to that line number. Selection of this line number will delete the audit data for the selected process name.
Syntax
support clean audit_tasks <rows>
Input parameters
rows - an integer, number of rows to show. Default 10.
Note: On a system with a great many audit tasks, the completion of this command can take some time.
This CLI command will delete the specified file after user confirms to delete. If it can not find the file, it will list files larger than 10MB in /var/log and the user delete a large file from the list. A warning message is presented and a confirmation step is included.
Syntax
support clean log_file <filename> >> add filename
USAGE: support clean hosts <IP address> <fully qualified domain name>
Deletes *jsp*.java and *jsp*.class files and restarts GUI.
Use this CLI command to delete generated Java™ servlets and their classes.
This command will reset the accessmgr account password.
Syntax
support reset-password accessmgr 10000000-99999999|random
Parameters
8-digit key number used to generate new password. Keep this key number to provide to Technical Support to receive new accessmgr account password. The selection Random will generate a 8-digit random number.
Note: System will attempt to send notification to the accessmgr account email, if it is setup.
This command will reset root password on the IBM® Guardium® appliance.
Syntax
support reset-password root 10000000-99999999|random
Parameters
8-digit key number used to generate new password. Keep this key number to provide to Technical Support. The choice Random will generate a 8-digit random number.
This command also requires that the user provide a secret keyword in order to change the root password. Contact Technical Support if there is a need to change the root password.
Note: Do not reset root password unless absolutely required by business rules.
This command will list all the audit tasks.
Note: On a system with a great many audit tasks, the completion of this command can take some time.
This command will list all the db processes sorted by running time.
Syntax
support show db-processlist all
support show db-processlist locked
support show db-processlist running
support show db-process full
Parameters:
support show db-processlist [ ]
Where
running is option to see all running sql statements
all is option to include also sleeping processes
locked is to display all locked and one oldest processes
full [optional] displays sql queries in expended format
This command will display all the structure differences found during aggregation process.
Syntax
support show db-struct-check
This command will list 20 biggest database tables sorted by size and list of tables sorted by used free table space in percents for those tables which use more than 80% free space. It will allow filtering by table name. All table sizes displayed in Mbytes, free space usage in percents.
Syntax
support show db-top-tables all
support show db-top-tables like
Parameters
support show db-top-tables all
will list biggest size tables out of entire DB sorted
support show db-top-tables like
will list biggest tables matching criteria, where could be any portion of the table name
This command will show database usage.
Selections are free, used, megabytes, percentage.
Syntax
support show db-status free %
support show db-status used %
support show db-status free m
support show db-status used m
This command uses a script to collect hardware information and place this collected information in a directory for retrieval.
After running this CLI command, the following message will appear:
Collected HW Info as /var/log/guard/Gather_hw_info-2012-06-25-17-43.tgz
Then run the CLI command, fileserver, to retrieve this .tar file from the server.
This command will display the output of system iptables command.
Syntax
support show iptables diff
support show iptables list
Parameters
[diff | list] parameter controlling normal iptables output presentation versus displaying only differences/delta
[accept | full] parameter will filter output by accept row versus not filtered list
This command will list all the files larger than MB and older than days in the /var /tmp /root folders.
Usage
support show large_files
This command will list all the files larger than MB and older than days in the /var /tmp /root folders
Input parameters:
* size - integer > 10 (in MB)
* age - integer >= 0 (in days)
Syntax:
support show large_files <size> <age>
Parameters
support show large_files
where <size> is the minimum size files to display (default 100M)
where <age> is the number of days since the last modification.
This command will display the output of system netstat command. It will allow filtering of the output by content using grep parameter.
Syntax
support show netstat all
support show netstat grep
Parameters
support show netstat grep
where is alphanumeric string to search
support show netstat all
This command will display the output of system top command sorted by cpu, memory or running time. It has configurable number of iterations (default 1) and number of displayed rows (default 10).
Syntax
support show top [ cpu | memory | time ]
Parameters
support show top cpu
where N is number of iterations in range 1 to 10 and R is number of rows to display - min 10
support show top memory
where N is number of iterations in range 1 to 10 and R is number of rows to display - min 10
support show top time
where N is number of iterations in range 1 to 10 and R is number of rows to display - min 10
Invokes mysqlcheck –c command on tables (checks tables for errors).
Without any parameter this command checks all tables in TURBINE database with 3 minutes timeout for each check. Checks are running in parallel, overall time will vary. Command will show progress in percents.If any check runs more than 3 minutes it will be terminated. All tables, whose checks were terminated by timeout, will be listed on the screen after command completion. Any errors occurred during command's operation will be reported to the log file /var/log/guard/<dbname>_check_tables/errors.<date>.log, where <date> is current date and <dbname> is the name of database.
Errors found for each table check operation will be reported in /var/log/guard/<dbname>_check_tables/check_table_child.<tablename>.<date>.log files, where <date> is current date, <dbname> is a name of database and <tablename> is the name of table checked. Files for healthy tables are not created. </p><p>With dbname specified as the 1st parameter the command will check all tables in the specified DB with the same timeout (3 minutes). With no parameters specified it will check all TURBINE's tables.
With dbname and tablename specified as the parameters the command will check specified table in specified DB without timeout, until the check operation is complete. This is to allow manual checking the tables whose checks didn't finish in 3 minutes. You can use masks in tablename parameter using percent sign (%).
Use this CLI command to analyze content of static tables by sorting them based on the largest group per value length and value occurrence.
There are some simple must_gather commands that can be run by user CLI that generate specific information about the state of any Guardium system. This information can be uploaded from the appliance and sent to Guardium Technical Support whenever a PMR (Problem Management Record) is logged.
In order to run these commands, you will need to have the appropriate must_gather patch installed.
Once the correct patch is installed, the must_gather commands can be run at any time by user CLI as follows.
Open a Putty session (or similar) to the Guardium system of concern.
Log in as user CLI.
Depending on the type of issue you are facing, paste the relevant must_gather commands into the CLI prompt. More than one must_gather command may be needed in order to diagnose the problem.
support must_gather system_db_info
support must_gather purge_issues
support must_gather audit_issues
support must_gather alert_issues
support must_gather patch_install_issues
support must_gather app_masking_issues
support must_gather user_interface_issues
The following may take a few minutes to run to completion.
support must_gather miss_dbuser_prog_issues
support must_gather sniffer_issues
For the following commands, you will be prompted for a time in minutes for how long you want the debugger running while you reproduce the problem.
support must_gather backup_issues
support must_gather scheduler_issues
Output is written to the must_gather directory with filename(s) along the lines of this example, must_gather/system_logs/.tgz
By using fileserver, you can upload the tgz files and send to Support.
Send via email or upload to ECUREP using - for example - the standard data upload specifying the PMR number and file to upload.
Guardium for z/OS traffic diagnostics commands
SLON Collection Commands
Turns on SLON utility that captures packets got by sniffer for debug. Results files slon_packets.tar.gz, slon_messages.tar.gz or slon_all.tar.gz can be found via fileserver. The /var partition must have at least 15GB of free space.
Where optional parameter is:
packets, dump analyzer packets (default)
snifsql, log sniffer SQL activities and dump analyzer packets
secparams, log secure parameters info and dump analyzer packets
sgate, log S-GATE debugging info and dump analyzer packets
messages, tap message data dump
Turns off SLON utility. Results files slon_packets.tar.gz, slon_messages.tar.gz or slon_all.tar.gz can be found via fileserver.
Where optional parameter is:
packets, stop dumping packets, logging secure parameters, S-GATE debug info and sniffer SQL activities (default)
messages, stop tapping message data dump
all, stop all activities
Shows SLON utility status.
TCPDUMP Collection Command
support store tcpdump on <type> <period> <loglimit> [interface] [IP] [port] [protocol]
Turns on TCPDUMP utility. After period ends, results file tcpdump.tar.gz can be found via fileserver. The /var partition must have at least 15GB of free space.
Where:
<type> - dump type, 'headers' (only headers captured) or 'raw' (whole packets captured)
<period> - dump period, NUMBER[SUFFIX], where optional SUFFIX may be 's' for seconds, 'm' for minutes (default)
<loglimit> - dump logfile limit, from 1 to 6 gigabytes
Optional filter arguments:
[interface] - network interface name (default eth0)
[IP] - IP address
[port] - port
[protocol] - protocol, 'tcp', 'udp', 'ip', 'ip6', 'arp', 'rarp', 'icmp' or
'icmp6'
Example
support store tcpdump on headers 10m 1
This command will run TCPDUMP saving packets headers for 10 minutes and 1GB log file size limit.
Shows TCPDUMP utility status.
Turns off TCPDUMP utility. After stop, results file tcpdump.tar.gz can be found via fileserver.
Collects necessary diagnostic information for Outliers, Quick search and Datamart functionality. Information includes dumps of corresponding internal tables, necessary logs, state of corresponding processes and standard must_gather diagnostics (general system and internal DB info).
The command gathers all network information from the appliance and polls hosts that Guardium interacts with by using ping, traceroute, corresponding port probing and other measures. If the optional parameter is specified, then it polls only the host that was specified (if Guardium is configured to do any activity on this host).