Inspection Engine CLI Commands

add inspection-engines

Adds an inspection engine configuration to the end of the inspection engine list. The parameters are described. You can re-order your list of inspection engines after adding a new one by using the reorder inspection-engines command. Adding an inspection engine does not start it running; to start it running, use the start inspection-engines command.

Syntax

add inspection-engines <name> <protocol>     

<fromIP/mask> <port> <toIP/mask>     

<exclude client list> <active on startup>

Parameters

name - The new inspection engine name; must be unique on the unit.

protocol - The protocol monitored, which must be one of the following: Aster, Cassandra, CouchDB, DB2, DB2 Exit, exclude IE, FTP, GreenPlumDB, Hadoop, HIVE, HTTP, HUE, IBM ISERIES, IMPALA, Informix, iNFORMIX Exit, KERBEROS, Maria,DB, MongoDB, MS SQL, Mysql, Named Pipes, Netezza, Oracle, PostgreSQL, SAP Hana, Sybase, Teradata, WebHDFS or Windows File Share.

fromIP/mask - A list of clients, identified by IP addresses and subnet masks. Separate each IP address from its mask with a slash, and multiple entries by commas. An address and mask of all zeroes is a wild card. If the exclude client list option is Y, the inspection engine monitors traffic from all clients except for those in this list. If the exclude client list option is N, the inspection engine monitors traffic from only the clients in this list.

port - The port or range of ports over which traffic between the specified clients and database servers will be monitored. To specify a range, separate the two numbers with a hyphen.

toIP/mask - The list of database servers, identified by IP addresses and subnet masks, whose traffic will be monitored. Separate each IP address from its mask with a slash, and multiple entries by commas. An address and mask of all zeroes is a wildcard.

exclude client list - A Y/N value; defaults to N. If Y, the inspection engine monitors traffic from all clients except for those identified in the client list. If N, the inspection engine monitors traffic from only the clients listed in the client list.

active on startup - A Y/N value; defaults to N. If Y, the inspection engine is activated on system startup.

delete inspection-engines

Removes the single inspection engine identified by its name. The name can include only letters, numbers and blanks. If the inspection engine name contains any special characters, use the administrator portal GUI to remove it.

Syntax

delete inspection-engines <name>

reorder inspection-engines

Specifies a new order for the inspection engines, using index values from the list produced by the list inspection-engines command.

Syntax

reorder inspection-engines <index>, <index>...

Example

If the displayed indices are 1, 2, 3, and 4, the following command will reverse order of the engines:

reorder inspection-engines 4,3,2,1

restart inspection-core

Restarts the inspection-engine core, but not the inspection engines. The collection of database traffic stops when this command is issued.

Syntax

restart inspection-core

restart inspection-engines

Restarts the database inspection engine core and all inspection engines. The collection of database traffic stops temporarily while this occurs and restarts only when database connections re-initiate.

Syntax

restart inspection-engines

show inspection-engines

Displays inspection engine configuration information, as follows:

all - All inspection engines.

configuration <index> - Only the inspection engine identified by the specified index, which is from the list inspection-engines command.

type <db_type> -Displays configurations of a specific database type, which must be one of the supported monitored protocol types: Aster, Cassandra, CouchDB, DB2, DB2 Exit, exclude IE, FTP, GreenPlumDB, Hadoop, HIVE, HTTP, HUE, IBM ISERIES, IMPALA, Informix, iNFORMIX Exit, KERBEROS, Maria,DB, MongoDB, MS SQL, Mysql, Named Pipes, Netezza, Oracle, PostgreSQL, SAP Hana, Sybase, Teradata, WebHDFS or Windows File Share.

Syntax

show inspection-engines <all | configuration <index> | log sqlstrings | type <type> >

start inspection-core

Starts the inspection-engine core.

Syntax

start inspection-core

start inspection-engines

Starts one or more inspection engines identified using index values from the list produced by the list inspection-engines command.

Syntax

start inspection-engines <all | id>

start inspection-engines all

Starts all the inspection engines.

Syntax

start inspection-engine all

start inspection-engines id

Usage: start inspection-engines id <n>, where n is a numeric sniffer id.

Syntax

start inspection-engines id <n>

stop inspection-engines id

Usage: stop inspection-engines id <n>, where n is a numeric sniffer id.

stop inspection-core

Stops the inspection-engine core.

Syntax

stop inspection-core

stop inspection-engines

Stops one or more inspection engines identified using index values from the list produced by the list inspection-engines command. It can also stop all inspection-engines.

Syntax

stop inspection-engine <all | id>

stop inspection-engines all

Stops all the inspection engines.

Syntax

stop inspection-engines all

stop inspection-engines id

Stops one or more inspection engines identified using index values from the list produced by the list inspection-engines command.

Syntax

stop inspection-engine <n>, where <n> is numeric sniffer id

store ignored port list

Sets the complete set of port numbers to be ignored by all inspection engines. The list you specify completely replaces the existing list. Each number is separated from the next by a comma, and no blanks or other white-space characters are allowed in the list. Use a hyphen to specify an inclusive range of numbers.

Syntax

store ignored port list <n>

Example

store ignored port list 33,60-70

Show Command

show ignored port list