Inspection Engine CLI Commands
Use these CLI commands to configure the inspection engines.
An inspection engine monitors the traffic between a set of one or more servers and a set of one or more clients using a specific database protocol (Oracle or Sybase, for example). The inspection engine extracts SQL from network packets; compiles parse trees that identify sentences, requests, commands, objects, and fields; and logs detailed information about that traffic to an internal database.
add inspection-engines
Adds an inspection engine configuration to the end of the inspection engine list. The parameters are described. You can re-order your list of inspection engines after adding a new one by using the reorder inspection-engines command. Adding an inspection engine does not start it running; to start it running, use the start inspection-engines command.
Syntax
add inspection-engines <name> <protocol>
<fromIP/mask> <port> <toIP/mask>
<exclude client list> <active on startup>
Parameters
name - The new inspection engine name; must be unique on the unit.
protocol - The protocol monitored, which must be one of the following: Windows: CouchDB, Db2®, Db2 Exit, Informix®, MongoDB, MS SQL, Mysql, Oracle, PostgreSQL, Sybase; UNIX: Aster, Cassandra, CouchDB, Db2, Db2 Exit, exclude IE, FTP, GreenPlumDB, Hadoop, Hive, HTTP, Hue, IBM® iSeries, Impala, Informix, Informix Exit, Kerberos, MariaDB, MongoDB, Mysql, Netezza®, Oracle, PostgreSQL, SAP HANA, Vertica, Sybase, Teradata, Vertica, or WebHDFS.
fromIP/mask - A list of clients, identified by IP addresses and subnet masks. Separate each IP address from its mask with a slash, and multiple entries by commas. An address and mask of all zeroes is a wild card. If the exclude client list option is Y, the inspection engine monitors traffic from all clients except for those in this list. If the exclude client list option is N, the inspection engine monitors traffic from only the clients in this list.
port - The port or range of ports over which traffic between the specified clients and database servers will be monitored. To specify a range, separate the two numbers with a hyphen.
toIP/mask - The list of database servers, identified by IP addresses and subnet masks, whose traffic will be monitored. Separate each IP address from its mask with a slash, and multiple entries by commas. An address and mask of all zeroes is a wildcard.
exclude client list - A Y/N value; defaults to N. If Y, the inspection engine monitors traffic from all clients except for those identified in the client list. If N, the inspection engine monitors traffic from only the clients listed in the client list.
active on startup - A Y/N value; defaults to N. If Y, the inspection engine is activated on system startup.
delete inspection-engines
Removes the single inspection engine identified by its name. The name can include only letters, numbers and blanks. If the inspection engine name contains any special characters, use the administrator portal GUI to remove it.
Syntax
delete inspection-engines <name>
reorder inspection-engines
Specifies a new order for the inspection engines, using index values from the list produced by the list inspection-engines command.
Syntax
reorder inspection-engines <index>, <index>...
Example
If the displayed indices are 1, 2, 3, and 4, the following command will reverse order of the engines:
reorder inspection-engines 4,3,2,1
restart inspection-core
Restarts the inspection-engine core, but not the inspection engines. The collection of database traffic stops when this command is issued.
restart inspection-core
restart inspection-core [--yes]
Where
--yes causes the command to run automatically.restart inspection-engines
Restarts the database inspection engine core and all inspection engines. The collection of database traffic stops temporarily while this occurs and restarts only when database connections re-initiate.
Syntax
restart inspection-engines
show inspection-engines
Displays inspection engine configuration information, as follows:
all - All inspection engines.
configuration <index> - Only the inspection engine identified by the specified index, which is from the list inspection-engines command.
type <db_type> -Displays configurations of a specific database type, which must be one of the supported monitored protocol types: Windows: CouchDB, Db2, Db2 Exit, Informix, MongoDB, MS SQL, Mysql, Oracle, PostgreSQL, Sybase; UNIX: Aster, Cassandra, CouchDB, Db2, Db2 Exit, exclude IE, FTP, GreenPlumDB, Hadoop, Hive, HTTP, Hue, IBM iSeries, Impala, Informix, Informix Exit, Kerberos, MariaDB, MongoDB, Mysql, Netezza, Oracle, PostgreSQL, SAP HANA, Vertica, Sybase, Teradata, Vertica, or WebHDFS.
Syntax
show inspection-engines <all | configuration <index> | log sqlstrings | type <type> >
start inspection-core
Starts the inspection-engine core.
Syntax
start inspection-core
start inspection-engines
Starts one or more inspection engines identified using index values from the list produced by the list inspection-engines command.
Syntax
start inspection-engines <all | id>
start inspection-engines all
Starts all the inspection engines.
Syntax
start inspection-engine all
start inspection-engines id
Usage: start inspection-engines id <n>, where n is a numeric sniffer id.
Syntax
start inspection-engines id <n>
stop inspection-engines id
Usage: stop inspection-engines id <n>, where n is a numeric sniffer id.
stop inspection-core
Stops the inspection-engine core.
Syntax
stop inspection-core
stop inspection-engines
Stops one or more inspection engines identified using index values from the list produced by the list inspection-engines command. It can also stop all inspection-engines.
Syntax
stop inspection-engine <all | id>
stop inspection-engines all
Stops all the inspection engines.
Syntax
stop inspection-engines all
stop inspection-engines id
Stops one or more inspection engines identified using index values from the list produced by the list inspection-engines command.
Syntax
stop inspection-engine <n>, where <n> is numeric sniffer id
store ignored port list
Sets the complete set of port numbers to be ignored by all inspection engines. The list you specify completely replaces the existing list. Each number is separated from the next by a comma, and no blanks or other white-space characters are allowed in the list. Use a hyphen to specify an inclusive range of numbers.
Syntax
store ignored port list <n>
Example
store ignored port list 33,60-70
Show Command
show ignored port list