Support CLI Commands
Use the following CLI commands only under the direction of Technical Support.
These commands are to assist Guardium Technical Support to analyze the status of the machine, troubleshoot common issues, and correct some common problems. You do not need to perform these commands regularly.
store active_parser_engine
This CLI command controls which parser engine that sniffer uses. This CLI command is only applicable to database types supported by ANTLR3 parsers (such as Oracle, Db2, MS SQL, and MySQL).
store active_parser_engine <num>
- 1 - ANTLR3 parser errors reparsed by ANTLR2 (default)
- 2 - ANTLR2 only
- 3 - ANTLR3 only
show active_parser_engine
store antlr3_cached_raw_context_count
Use this command to define how many cached results the sniffer antlr3 parser stores for each raw (prepared) statement map per sniffer thread. The typical workflow for raw statements is that first sniffer receives a raw SQL statement, which is parsed, stored in memory along with its ID, and logged. When sniffer later receives the bind data, the full SQL is reconstructed and reparsed.
With this feature, the cache creates a short-cut where the raw antlr3 parsed result is also stored in memory. It is much faster to retrieve and run the cached statements than having to reparse them on every retrieval. However, the caching also requires much more memory.
The command allows you to specify how many antlr3 raw statement parsed results are cached per sniffer thread, rather than reparsing the reconstructed statements.
Recommended values are 1000 - 2000 statements per GB of memory. For example, for a 32 GB collector, you can set store antlr3_cached_raw_context_count to 32 - 64 (that is, 32,000 - 64,000).
store antlr3_cached_raw_context_count <num>
Where num is a number between 0 (disabled) and 1000 (in thousands) or -1 (default) to have sniffer allocate the number of cached results based on the amount of available memory.
Examples
store antlr3_cached_raw_context_count 24
- Sets the limit to 24,000.
store antlr3_cached_raw_context_count 1000
- Sets the limit to 1,000,000.
Show command
show antlr3_cached_raw_context_count
If store antlr3_cached_raw_context_count is set to -1, the response is “Available.”
store antlr3_max
Use this command to help control data flow between the sniffer parser and logger for for either the antlr2 or antlr3 parser.
If the sniffer is running out of memory and restarting, try lowering the antlr3_max logger size. Alternatively, if the sniffer isn't using enough of the available system memory, increase the logger size to allow sniffer to use more system memory.
store antlr3_max <num>
- A number in the range 1000 - 10000000.
- 0 (the default) - Allows the sniffer to dynamically allocate space based on available memory. For every 500 MB of physical memory, this command allocates space for 1000 parsed SQL statements.
Show command
show antlr3_max
store antlr3_remove_comments
Use this CLI command to determine whether to log SQL comments in reports and alert messages.
store antlr3_remove_comments [on | off ]
- on - Do not log comments in alerts and reports.
- off - Log comments in alerts and reports.
Show command
show antlr3_remove_comments
This command shows whether store antlr3_remove_comments is enabled or disabled.
support analyze
Use this CLI command to analyze content.
Parameterssupport analyze mssql_decryption_config
support analyze sniffer
support analyze tables
support analyze tap_property
support analyze static-tables
Analyze the content of static tables by
sorting them based on the largest group per value length and value occurrence.analyze_mssql_decryption_config.log analyze_sniffer_errors.log analyze_tap_property.log
support app_debug
Turns on app_debug for the specified number of minutes.
support app_debug start
At the prompt, enter the number of minutes to run the app_debug function.
support check tables
Invokes the mysqlcheck -c command on tables (to check tables for errors). The default table is TURBINE.
support check tables [dbname [tablename]]
Checks run in parallel, so the overall run time can vary. The command shows progress in percentages. All checks time out after 3 minutes. If a check times out, the table name displays after the command completes.
/opt/IBM/Guardium/log/<dbname>_check_tablesWhere <dbname> is the name of the database that you checked.
check_table_child.<tablename>.<date>.logWhere:
- <tablename> - The name of a table with errors
- <date> - Current date
- Specify this command with no parameters to check all tables in TURBINE database.
- Specify dbname to check all tables in a specified database. If you do not specify a database, Guardium checks the tables in TURBINE.
- Specify dbname and tablename to check a single table in
the database. Use this command to recheck individual tables where the check timed out. You can use a
percent sign (%) as a wildcard in tablename parameter. For example, to search for all tables in TURBINE that begin with the word RULE:
support check tables TURBINE RULE%
support clean audit_results
A way to manually purge audit results. Use this command only when absolutely necessary to deal with audit tasks that produce a high number of records and take up too much disk space.
- A Warning message displays and you must confirm that you really want to take this step.
- This command lists the audit processes and tasks information. It presents the number of rows, ordered from the largest result set to the smallest. The number of report results is greater than or equal to the input value.
- Select the line number to delete the audit data for the selected process name.
support clean audit_results <rows>
support clean log_files
This CLI command deletes the specified file after you confirm the delete. If it cannot find the file, it lists files larger than 10 MB in /var/log and provides a list of large files that you can select for deletion. A warning message is presented and a confirmation step is included.
support clean log_file <filename>
>> add filename.
support clean centera_files
Guardium archives and backups that are stored within Centera have a deletion date marker that is attached to them by Guardium. However, no facility is available to invoke the deletion. Centera does not have a GUI to allow maintenance of its own files, so it relies on API invocations from client applications.
Use this command to delete marked files within Centera.
support clean centera_files
support clean DAM_data
A way to manually purge database activity monitoring data. Use this command only when absolutely necessary.
Consult with Technical Support before you run this command.
A Warning message and a confirmation step are included in the command.
support clean DAM_data <purge_type> <start_date> <end_date>
Input parameters
purge_type options - agg, exceptions, full_details, msgs, constructs, access, policy_violations, parser_errors, flat_log
start_date - YYYY-mm-dd
end_date - YYYY-mm-dd
support clean hosts
support clean hosts <IP address> <fully qualified domain name>
support clean InnoDB-dumps
Use this CLI command to purge InnoDB tables.
This command is password-protected (for Technical Support only)
support clean InnoDB-dumps
support clean servlets
Deletes *jsp*.java and *jsp*.class files and restarts GUI.
Use this CLI command to delete generated Java™ servlets and their classes.
support clean servlets
support execute
This utility is designed to provide Guardium Advanced Support with the ability to assist with remote diagnostics and support when direct remote access it not available or permitted.
The support execute command is not a replacement for direct remote connections, but allows Guardium Support at least some level of root access in a secure way without direct access.
The commands that are provided by Guardium Advanced Support can be SQL statements, O/S Commands, Shell Scripts, or SQL scripts. The scripts are provided to the customer along with a Secure Key to allow the command to run using the CLI. The Secure key is tied to the system that Guardium Support is working on with the customer, and is not valid for any other system. The command can only be run the number of times that are permitted by Guardium Support and is only valid for seven days from the agreed date.
The feature is disabled by default. Enable it using the CLI command in either normal and recovery mode.
support execute [enable | disable]
To permit the Guardium Advanced Support team to generate a Secure Key, the MAC address of the system in question must be provided for ens32.
support execute <CMD String> <PMR #> <KEY>
# main execute command provided by Guardium Advanced Support.
support execute showlog [<Secure Key>|main|files]
# Show usage logs #'<Secure Key>' for full details of single entry # 'main' to display the main execute log # 'files' to display log directory list
support execute mac
# ens32 MAC address required by support to generate secure key
support execute info
# Show ens32 MAC address, root passkey & other system information
support execute version
# Display the "Support Execute" internal binary code version
support execute help
# Help details and purpose of utility information
support execute "select * from GDM_ACCESS%5CG" 11111,111,111 6254130c0f0c3c504b33687c57f41363e4c00
support gather_io_metrics
This command manages the gather_io_metrics service to collect information about I/O statistics on the Guardium appliance when you run the command. With the start parameter, this command creates a gather_io_metrics.txt file. In addition, Guardium includes the gather_io_metrics.txt file with the output of any must_gather command. For more information, see support must_gather commands.
support gather_io_metrics [remove_log | start | status |stop]
- remove_log - Delete the current gather_io_metrics.txt file.
- start - Start to gather I/O metrics. By default, the service runs for 24 hours, unless you stop it sooner.
- status - Provide the current status of the gather_io_metrics service. Reports on iostat command output, whether the service is running, and other information.
- stop - Stops the gather_io_metrics service.
support get_gdp_cluster_info
This command gathers information about your Guardium® Data Protection environment to help you, and your support contact, determine the size required for a Guardium Insights cluster. Run the command on a central manager.
support get_gdp_cluster_info
- LAST_PING_DATE
- UNIT_HOST_NAME
- SQLGUARD_VERSION
- LAST_INSTALLED_PATCH
- DATA_PURGE_AGE
- MEMORY_SIZE
- CPU_CORES
- VAR_SPACE
- DB_SIZE
- NUMBER_OF_DATABASES
- SESSION_LINES
- SESSION_AVG_LINE_LENGTH
- INSTANCE_LINES
- INSTANCE_AVG_LINE_LENGTH
- POLICY_VIOLATIONS_LINES
- POLICY_VIOLATIONS_AVG_LINE_LENGTH
- EXCEPTION_LINES
- EXCEPTION_AVG_LINE_LENGTH
- FULL_SQL_LINES
- FULL_SQL_AVG_LINE_LENGTH
- VA_LINES
- VA_AVG_LINE_LENGTH
- CLASSIFIER_LINES
- CLASSIFIER_AVG_LINE_LENGTH
After you run the command, retrieve the gdp_cluster_info.csv from the Guardium fileserver and send it to Guardium Insights support for analysis.
support logrotate message
By default, log files rotate weekly and store the four most recent log files. Use this command to change the log rotation strategy for the log files.
support logrotate message [frequency] [# of rotations] [# of steps]
- frequency - The frequency with which to rotate the files. Frequency can be one of hourly | daily | weekly | monthly.
- # of rotations (integer) - The number logs to keep. The default is 4. After
Guardium reaches the specified number of logs, the oldest log is deleted. The following example
rotates the logs every week and stores the three most recent
logs:
support logrotate message weekly 3
- # of steps (integer) - The number of steps (an hour, day,
week, or month) to skip in the specified frequency. The following example stores the five most
recent logs and rotates the logs every second day:
support logrotate message daily 5 2
Show command
support show logrotate message
support must_gather commands
As the CLI user (that is, the user named CLI), you can run must_gather commands to generate specific information about the state of most Guardium systems. After you run the command, upload this information from the appliance and send it to Guardium Technical Support whenever a PMR (Problem Management Record) is logged.
The CLI user can run the must_gather commands at any time, as follows.
- Open a PuTTY session (or similar) to the Guardium system of concern.
- Log in as user cli.
- Depending on the type of issue you are facing, enter the relevant must_gather commands into the
CLI prompt in the following format.Syntax
support must_gather <arg>
Where arg is a single must_gather command. You might need more than one must_gather command to diagnose the problem.
- agg_issues - Aggregation process issues.
- alert_issues - Alerting issues.
- app_issues - Application issues.
- audit_issues - Audit process issues.
- auth_issues - Authentication issues (including LDAP and multifactor authentication).
- auto_create_ie - Auto create inspection engines issues.
- backup_issues - Backup process issues.
- big_data_issues - Big data issues.
- cm_issues - Central manager issues.
- compliance_mon_issues - Compliance monitoring issues.
- datamining_issues - Data mining issues.
- datastreams_issues - Data streaming issues.
- deploy_agents_issues - Deployment agents issues.
- deployment_issues - Deployment issues.
- eagle_eye_issues - Advanced threat scanning issues.
- ecosystem_issues - Ecosystem issues.
- enterprise_load_balancer_issues - Enterprise load balancer issues.
- entitlement_issues - Entitlement optimization issues.
- go_stream - Go stream issues.
- jproxy_issues - Jproxy issues.
- miss_dbuser_prog_issues - System database user issues.
- native_auditing_issues - Native auditing issues.
- network_issues - Network architecture issues.
- patch_install_issues - Patch installation and upgrade issues.
- purge_issues - Purge process issues.
- risk_spotter - Risk spotter issues.
- scanner_agent_issue
- scheduler_issues - Scheduler issues.
- slon_looper - Slon looper output.
- sniffer_issues - Sniffer issues.
- system_db_info - Guardium system database or operating space performance issues.
- universal_connector_issues - Universal connector issues.
The following commands might take a few minutes to complete.
support must_gather miss_dbuser_prog_issues
support must_gather sniffer_issues
For the following commands, you are prompted for a time (in minutes) for how long you want to run the debugger to reproduce the problem.support must_gather backup_issues
support must_gather scheduler_issues
Guardium writes the output to the must_gather directory with filenames, for example:must_gather/system_logs/.tgz
- Send the resulting output to IBM® Support.
Use the fileserver
CLI command to upload the tgz files and send to them to
support.
Send the output in an email or upload to ECUREP in, for example, the standard data upload specifying the PMR number and file to upload.
To purge must_gather files from the Guardium system, see show must_gather_file_max_age.
support must_gather datamining_issues
Collects necessary diagnostic information for Outliers, Quick search and data mart functionality. Information includes dumps of corresponding internal tables, necessary logs, state of corresponding processes, and standard must_gather diagnostics (general system and internal DB information).
support must_gather datamining_issues
support must_gather network_issues
The command gathers all network information from the appliance and polls hosts that Guardium interacts with by using ping, traceroute, corresponding port probing, and other measures. If the optional parameter is specified, then it polls only the host that was specified (if Guardium is configured to do any activity on this host).
support must_gather network_issues [--host=<HOST>]
Where optional parameter --host is the hostname or IP address.
support reset-managed-cli
Use this command from a central manager to login to each associated managed unit and set the CLI passwords and expirations to match the passwords and expiration dates as the central manager.
For this procedure to work, the root passkey must be set on each managed unit. For more information, see Resetting the root password.
support reset-managed-cli
support reset-password
This command resets a password on the IBM Guardium appliance. For root and cloudsupport accounts, only use this command when requested to do so by IBM Technical Support.
support reset-password [ accessmgr | cloudsupport | root ]
- accessmgr - Resets the accessmgr password.
If the accessmgr email is set up, the system notifies the accessmgr account email.
- cloudsupport - For cloud images only, resets the password for the cloudsupport
account.
The cloudsupport password uses a joint password mechanism for security. Your site holds the keys to the appliance in the form of an encoded numeric passkey. IBM holds the passkey decoder.
When you call Guardium support, the support analyst will start a remote desktop sharing session and request the cloudsupport passkey for the Guardium appliance in question. Guardium support uses the cloudsupport password to gain access to the appliance as cloudsupport user.
Use this command to reset the password key and support show passkey cloudsupport to view the passkey.
- root - Resets the root password on the IBM
Guardium appliance.
This command requires that you provide a secret keyword in order to change the root password. Contact Technical Support if you need to change the root password.
Note: Do not reset the root password unless required by business rules.
support schedule find_crashed_tables
Use this CLI command to enable or disable the daily cron job of find_crashed_tables.sh script.
support schedule find_crash_tables on ALL|db
support schedule find_crash_tables off
This command enables or disables the daily schedule of find_crashed_tables script.
support server
The support server is an advanced diagnostic utility that generates a summarized report of your Guardium system.
Use the support server command to list all of the support server CLI commands.
Run this command to enable the support server on your Guardium system.
support server enable
Run this command to disable the support server on your Guardium system.
support server disable
Use this command to get a summarized report of your Guardium system.
support server info
support show boot check
Use this command to perform a health check on the boot order of kernels in the boot loader. If
the boot order has not been customized and the latest kernel version is not the first entry in the
boot order, the command returns Failed
. Otherwise, the command returns
Passed
. If the boot order has been customized, the command always returns
Passed
.
support show boot order
Use this command to display the boot order of kernels in the boot loader.
support show db-processlist
This command lists all of the database processes sorted by running time.
support show db-processlist all
support show db-processlist locked
support show db-processlist running
support show db-process full
Parameters:
support show db-processlist [ ]
Where:
- all - Includes sleeping processes
- full [optional] - Displays SQL queries in expanded format
- locked - Displays all locked processes
- running - View all running SQL statements
support show db-struct-check
This command displays all the structure differences that are found during aggregation process.
support show db-struct-check
support show db-top-tables
This command lists the 20 largest database tables sorted by size and lists tables sorted by used free table space for tables that use more than 80% free space. It allows filtering by table name. All table sizes are displayed in MB, free space usage in percentage.
support show db-top-tables all
support show db-top-tables like
Parameters
support show db-top-tables all
Lists the largest tables out of the entire database sorted by size.
support show db-top-tables like
Lists the largest tables by matching criteria, which can be any portion of the table name.
support show db-status
This command shows database usage.
Parameters are free, used, megabytes, percentage.
support show db-status free %
support show db-status used %
support show db-status free m
support show db-status used m
support show hardware-info
This command uses a script to collect hardware information and places this collected information in a directory for retrieval.
After running this CLI command, the following message displays:
Collected HW Info as /var/log/guard/Gather_hw_info-2012-06-25-17-43.tgz
Then run the fileserver
CLI command to retrieve this .tar file from the server.
support show innodb-status
Use this CLI command to troubleshoot MySQL issues. Use this CLI command to check what is happening at runtime with MySQL tables. Use this CLI command to determine if long check times with MySQL tables are due to record lock or table lock.
support show innodb-status
0 queries inside InnoDB, 0 queries in queue 0 read views open inside InnoDB Main thread process no. 7959, id 139923805550336, state: sleeping Number of rows inserted 6894, updated 6934, deleted 93, read 24787 0.33 inserts/s, 0.00 updates/s, 0.00 deletes/s, 0.67 reads/s ---------------------------- END OF INNODB MONITOR OUTPUT
support show iptables
This command displays the output of system iptables command.
support show iptables diff
support show iptables list
Parameters
[diff | list] parameter controlling normal iptables output presentation versus displaying only differences/delta.
[accept | full] parameter filters output by accept row versus an unfiltered list.
support show large_files
This command lists all the files larger than <size> and older than <age> in the /var /tmp /root folders.
Syntax
support show large_files
This command lists all the files larger than MB and older than days in the /var /tmp /root folders.
Input parameters:
* size - integer > 10 (in MB)
* age - integer >= 0 (in days)
Syntax:
support show large_files <size> <age>
- size - The minimum size files to display (default 100M).
- age - The number of days since the last modification.
show must_gather_file_max_age
Use this command to change the number of days that a must_gather file is stored in the Guardium system before purging.
store must_gather_file_max_age <num days>
Where the value for num days is any integer greater than 1 and the default value is 30.
The file cleanup_must_gather_files.log logs all the files that are purged by the store must_gather_file_max_age command.
support show netstat
This command displays the output of system netstat command. It allows filtering of the output by content using a grep parameter.
support show netstat [ all | grep ]
- all - Shows the output of the system netstat command.
- grep - An alphanumeric string to search. The command returns the output that matches the search parameters.
support show passkey
This command displays a passkey that you created using the support reset-password command.
Syntax
show passkey < accessmgr | cloudsupport | root ]
Where,
- accessmgr shows the passkey for the accessmgr.
- cloudsupport shows the passkey for cloud images, such as Azure, IBM Cloud, or Oracle OCI. Use show passkey cloudsupport to show the passkey (access key) that Guardium technical support requires to access a cloud image during a support call.
- root shows the passkey for the current (non-cloud) appliance. Use this command to show the passkey that Guardium technical support requires to access the appliance if you are locked out of root.
For more information, see support reset-password. For more information about the root password, see Resetting the root password.
support show port open
This command is similar to using telnet to detect an open TCP port locally or on a remote host.
Connection to 127.0.0.1 8443 port [tcp/*] succeeded!
Connect to 127.0.0.1 port 1 (tcp) failed: Connection refused
support show port open
IP port - IP must be a valid IPv4 address (such as 127.0.0.1).
Port must be an integer with a value in 1-65535.
support show top
This command displays the output of system top command sorted by cpu, memory or running time. You can specify the number of iterations (default =1) and number of displayed rows (default =10).
support show top [ cpu | memory | time ]
Parameters
-
CPU <N > <R>
-
memory <N > <R>
-
time<N > <R>
Where N is number of iterations (between 1 and 10) and R is number of rows to display (minimum = 10).
support store boot custom
Use this command to manually define (customize) the first kernel entry in the boot loader. Use
support store boot custom
to show all installed kernels and the corresponding index
value, then use the index value to define the first kernel entry in the boot loader. Use
support store boot custom off
to turn off boot loader customizations.
support store boot custom [ <index> | off ]
support store boot sanitize
Use this command to reorder the kernels in boot menu. If the boot order has not been customized, the command sorts all currently installed kernels in descending order by version. If the boot order has been customized, the command does nothing.
support store boot sanitize
support store datastreams_diag
Turn data stream debug level logging off or on. When logging is on, datastream logs are stored in ../opt/IBM/Guardium/log/datastreams.
support store datastreams_diag [ off | on ]
support store hosts
The support store hosts command appends an IP-address/domain-name pair to the operating system hosts file (/etc/hosts). The hosts file translates hostnames to IP addresses.
support store hosts <IP_address> <fully_qualified_domain name>
support store hosts 1.2.3.4 mydomain.company.com
This example adds the following line to the end of the hosts file:
1.2.3.4 mydomain.company.com # CREATED BY CLI, DO NOT CHANGE
Show command
support show hosts
This command shows entries added to the /etc/hosts file using the support store hosts command.
support store ora_tns_errors
Controls handling of TNS errors early in processing, giving the option to not log them at all.
Syntax
support store ora_tns_errors [0 | 1]
- 0 - Do not store TNS errors
- 1 - Store TNS errors (default)
Show command
show ora_tns_errors
support store rdsdiag
Manage Amazon Web Services (AWS) relational database service (RDS) monitoring.
support store rdsdiag < clean | off | on >
where:- clean - Attempts to delete all core dumps older than 3 minutes from /var/tmp/rds.
- off - When RDS monitoring is on, turn on RDS diagnostics.
- on - When RDS monitoring is on, turn off RDS diagnostics.
For more information about turning on RDS monitoring, see start rds_monitoring.
support store snif_auto_hostname_cache
Use this command to toggle sniffer hostname caching.
support store snif_auto_hostname_cache [ on | off ]
- on - Sniffer automatically detects and caches hostnames.
- off - Use CLI commands to control hostname caching.
Show command
support show snif_auto_hostname_cache
support store snif_auto_os_name_cache
Use this command to toggle sniffer operating system name caching.
support store snif_auto_os_name_cache [ on | off ]
- on - Sniffer automatically detects and caches operating system names.
- off - Use CLI commands to control operating system caching.
Show command
support show snif_auto_os_name_cache
support store snif_auto_service_name_cache
Use this command to toggle sniffer service name caching.
support store snif_auto_service_name_cache [ on | off ]
- on - Sniffer automatically detects and caches service names.
- off - Use CLI commands to control service caching.
Show command
support show snif_auto_service_name_cache
support store snif-debug
Use this command to turn the snif debug on or off.
support store snif-debug [on | off ]
Show command
support show snif-debug
support store snif_dump_invalid_msgs
Use this command to control the maximum number of invalid TAP messages that snif will write to a log file in a 5 minute period.
support store snif_dump_invalid_msgs [ off | on | rate_limit | size_limit ]
- off - Do not write invalid messages to the log file.
- on - Write all messages to the log file, regardless of whether they are valid.
- rate_limit <num-msgs> - Sets the maximum number of invalid TAP messages that are written to the log file in a 5-minute period, where num-msgs is 0 or greater.
- size_limit <file-size-mb> - Sets the maximum file size for the snif log file containing invalid TAP messages. file-size-mb is the file size is between 1 and 4000, in MB.
Show command
support show snif_dump_invalid_msgs
support store snif_hostname_cache
Use this command to manage either IPv4 or IPv6 IP addresses cached for the sniffer hostname.
support store snif_hostname_cache [ remove | set ]
- remove <IP> - Removes an IP address from the operating system name entry.
- set <IP> - Sets the IP address for a hostname entry. This command overwrites any existing entries.
Show command
support show snif_hostname_cache [ all | search ]
- all - Show all cached hostname entries.
- search - Enter a set of characters to search on (such as all or part of an IP address or hostname).
support store snif_memory_max
support snif_memory_max <num>, where num is a number of | 33 | 50 | 75 |
This command applies to 64-bit systems only.
Show command
support show snif_memory_max
support store snif_os_name_cache
Use this command to manage either IPv4 or IPv6 IP addresses cached for sniffer operating system name.
support store snif_os_name_cache [ remove | set | upload ]
- remove <IP> - Removes an IP address from the operating system name entry.
- set <IP> - Sets the IP address for an operating system name entry. This command overwrites any existing entries.
- upload <file> - Uploads one or more operating system name entries. The
file name must be os.arc.upload, the first line is the number of operating system
name entries in the file, each subsequent line contains the IP address and an OS name, separated by
a space. For example:
2 192.168.1.100 test1.domain.com 192.168.1.101 test2.domain.com
Show command
support show snif_os_name_cache [ all | search ]
- all - Show all cached operating system name entries.
- search - Enter a set of characters to search on (such as all or part of an IP address or operating system name).
support store snif_service_name_cache
Use this command to manage either IPv4 or IPv6 IP addresses cached for sniffer service names.
support store snif_service_name_cache [ remove | set ]
- remove <IP> - Removes an IP address from the service name entry.
- set <IP> - Sets the IP address for a service name entry. This command overwrites any existing entries.
Show command
support show snif_service_name_cache [ all | search ]
- all - Show all cached service name entries.
- search - Enter a set of characters to search on (such as all or part of an IP address or service name).
support store slon
Turns on SLON utility that captures packets gotten by sniffer for debug. Results files slon_packets.tar.gz, slon_messages.tar.gz or slon_all.tar.gz can be found using the fileserver CLI command. The /var partition must have at least 15GB of free space.
support store slon [ on [parameter] | off [parameter] ]
- on - Turns the SLON utility on. You can specify the following optional parameters:
- packets - Dump analyzer packets (default)
- snifsql - Log sniffer SQL activities and dump analyzer packets
- secparams - Log secure parameters information and dump analyzer packets
- sgate - Log S-GATE debugging info and dump analyzer packets
- messages - TAP message data dump
- off - Turn the SLON utility off. You can specify one of the following
parameters:
- packets -Stop dumping packets, logging secure parameters, S-GATE debug info and sniffer SQL activities (default)
- messages - Stop TAP message data dump
- all - Stop all activities
support show slo
support store tcpdump
Turns on TCPDUMP utility. After period ends, results file tcpdump.tar.gz can
be found with the fileserver
CLI command. The /var partition
must have at least 15GB of free space.
support store tcpdump [ on <type> <period> <loglimit> [interface] [IP] [port] [protocol] | off]
Where:
-
on - Turns TCPDUMP utility on. Specify the following parameters:
- type - Dump type:
- 'headers' - Capture headers only
- 'raw' - Capture whole packets
- period - Dump period, NUMBER[SUFFIX], where optional SUFFIX can be 's' for seconds, 'm' for minutes (default)
- loglimit - Dump logfile limit, from 1 to 6 gigabytes
- Optional filter arguments:
- interface - Network interface name (default the primary interface)
- IP - IP address
- port - Port
- protocol - Protocol, which can be one of: 'tcp', 'udp', 'ip', 'ip6', 'arp', 'rarp', 'icmp' or 'icmp6'
- type - Dump type:
- off - Turns the TCPDUMP utility off. After stopping, the results file tcpdump.tar.gz can be found using the fileserver CLI command.
Example
support store tcpdump on headers 10m 1
This command runs TCPDUMP saving packets headers for 10 minutes and 1GB log file size limit.
support show tcpdump
support store zdiag
Toggles the Guardium for z/OS traffic diagnostics on or off. This includes collection of TCPDUMP and SLON, collections stop when corresponding files reach 2 GB size. After completion, the results files tcpdump.tar.gz and slon_all.tar.gz can be found using the fileserver CLI command. The /var partition must have at least 15GB of free space.
support store zdiag [ on [N] | off ]
- on - Turns zdiag on. N (optional) is number of minutes to run diagnostics, from 10 to 600, 60 by default.
- off - Turns zdiag off.
support show zdiag