NOTE: This article is only meant to be used as a summary of the available commands, and used only by advanced administrators of Director. All commands come with an available question mark ( ?) at the end that will prompt you for the right syntax. LInks to more detailed information are at the bottom of this article.
1: Getting access to the command line interface- CLI:
- Open a SSH session to to the Director box..
- Enter the enable mode by following the steps.
- director > enable
- director #
- Enter the configuration mode by following these steps.
- director # config t
- director (config) #
- TIP: If you do not see this prompt, see KB4829
- Network-related configuration and troubleshooting
- director # sh interfaces
- director # sh interfaces lo ( for the loopback port)
- director # no interface lo shutdown ( to enable the loopback port if it is shut down)
- director (config) # ip name-server DNS-ip-address
- director (config) # ip name-server
- director (config) # ip host <Ipaddress> ( adds a static mapping between the supplied hostname and the address.)
- director (config) # hostname <hostname> ( changes the hostname of Director.)
- director (config) # ip default-gateway
- sh-2.05b# ifconfig -a ( shows information regarding all interfaces on the device - need to activate the linux shell here)
- director (config) # service network restart ( restarts all ethernet ports and their configuration- often used to restart the loop back port- an essential for Director operations)
- Showing the version, the serial number, and hostname of your Director.:
- director > show version
- director > show status
- director > show hosts
- User credential-related commands
- director > show usernames ( will only show the local user database).
- director > show privilege ( shows what privileges your logged-in user has)
- director (xx.xx.xx.xx username <username> disable ( to disable a username from logging in)
- director (config) # username <new username> ( to add a username)
- director (config) # no session <username> ( to terminate a user session.)
- director (config) # enable password "" ( to set the enable password to null)
- director (config) # enable password secret ( to set the enable password to ''secret')
- TIP: See the section on procuring a status of your Director dameons for a way to reset the postgress database.
- Radius commands:
- director show radius
- director (config) # radius-server host xx.xx.xx.xx key secret -----> xx.xx.xx.xx is Server IP
- director (config ) # radius-server retransmit 1
- director (config ) # no ssh server auth permitemptypassword
- NOTE: The first command will lower the number of retransmits to the RADIUS server. The second one will prevent Director from sending a null password to RADIUS before sending the actual password.
- TACACS+ commands.
- tacacs-server host hostname key password
- tacacs-server host hostname port port_number
- tacacs-server host hostname single-connection
- tacacs-server host hostname timeout numh numm nums
- Configuration commands:
- director (config) # configuration switch-to <name of config file>
- director (config) # configuration new test <new config file >
- Archive commands:
- director (config) # archive all <name of archive file>
- director (config) # archive all fetch <name of file> ftp://<ip address>
- director (config) # archive all restore all <name of archive>
- SSL commands:
- director (config) # show ssl appliance-certificate
- director (config) # ssl request-appliance-certificate
- # show ssl appliance-certificate ( when executed on the SG.)
- Restarting Director:
- Troubleshooting with the messages file:
- director # config t
- director # shell
- director # tail -f /var/log/messages
- Working with DNS ( all done in the shell mode)
- sh-2.05b# /etc/init.d/djbdns status ( checks to see if the DNS service is running)
- sh-2.05b# /etc/init.d/djbdns start (Starts the DNS service )
- sh-2.05b# /etc/init.d/djbdns reload ( reloads the DNS service)
- sh-2.05b# dnsip stoppingcom ( procures a list of all possible ip addresses of google.com)
- To disable A DNS server- not in linux shell but in config mode.
- director (config) # no ip name-server 10.125.4.50
- director (config) # wr me
- Procuing a status of Director daemons. Starting and stopping services.
- director # config t
- director # shell
- sh-2.05b# service httpd status
- sh-2.05b# service httpd stop
- sh-2.05b# service httpd start
- sh-2.05b# service director stop ( Do not attempt to exit to the nominal command line while the Director daemons are in a stoppped state! This will cause the CLI to hang, and you will then need a hardware reboot to restart the Director daemons)
- sh-2.05b# service director start
- sh-2.05b# service director status (command does not work)
- sh-2.05b# etc/init.d/djbdns stat ( checks to see if the DNS service is running)
- TIP: The "director start' command will error out on file system-related issues- these are nominal.
- TIP: The 'service tomcat status' commands give you a false negative- use the 'ps aux |grep tomcat' for accuracy.
- /etc/initi.d/tcomcat start |stop
- TIP: tomcat is automaticly started with the http daemon.
- TIP: If Postgress daemon does not start, you may want to use the command "director # monitoring db reset force" to reset it. ( this command is done in config mode) A director reload is required after this command.
- For a more detailed discussion on the essential daemons needed for Director, see 000014650
- CPU status commands.
- Interface management.
- See above under "network related" title
- Working directly with each SG device:
- Show devices max-supported ( shows how many total SGS you can configure)
- Remotely backup a SG.
- director # config t
- director # remote-config backup
- TIP: To set the max backups allowed follow the below command
- director (config remote-config backup) # options 40
- Checking the state and health.
- director # Show devices state.
- director # show monitoring health summary ( gives you a list of all registered SGs, and their status- wether or not Director can connect to them, for example)
- Executing a command on the SG..
- director # remote-config execute device "<device name>" command "show version" ( show the SG version software)
- director # remote-config reboot device "<device name>" ( reboots device)
- director # remote-config reconnect device "<device name>" ( reconnects to the device)
- director # remote-config overlay "<overlyname> " execute device <device name> ( executes a overlay)
- TIP: You can also use the LINUX command "ssh root@<ipaddress of SG> from the Director shell prompt to attach directly to each SG..
- Information on jobs.
- director # show jobs
- director # show jobs <device id>
- SMTP commands.
- director # show mail-config ( show the SMTP setup)
- Use the 'information on jobs' section, above, to print out your scheduled jobs
- Memory commands.
- Debug dump commands:
- (config) # debug dump generate
- Upload the dump file to a local FTP server
- (config) # shell
- cd /local/userfiles
- + cIQconfig_050202
- + dump?ciqinfo-Director-2010.01. 01-155844 .tgz
- mv dump?ciqinfo-Director-2010.01. 01-155844 .tgz debug_dump.tgz ( to rename file to a smaller filename )
- # ftp
- open ftp.example.com
- + 220 FTP SERVER BANNER APPEARS HERE
- put debug_dump.tgz
- LINUX MEMORY COMMANDS
- TIP: While in the 'config t' type shell to get to the LINUX shell
- #free -mot [to get memory state]
- #swapon -s [to get swap state, which should NOT be set by default)
- Taking a PCAP for support.
- director > tcpdump -i ether-0 -c 3
- director > tcpdump start
- TIP: tcpdump will be listening on ether-0
- Example1: This command filters the trace for the 188.8.131.52 address: tcpdump -w file.pcap -s 1550 host 184.108.40.206
- director > standbyp stop
- standbye2: tcpdump –vvx –i eth0 port 22 –w ssh_capture.cap
- Above PCAP command procures a sniffer trace (pcap) on eth0 for ssh traffic
- Director Standby commands.
- show standby-settings
- Partner IP:10.12.13.15
- Partner State:Reserve
- Sync State:in_sync
- Time Last HB Recd.:Fri Dec 03 2010 18:17:50
- standby make active.
- standy make primary.
- standy make secondary.
- standby make standalone.
- NTP commands
- TIP: The below commands start, stop and configure the NTP daemon.
- show recommended ( obtain a status of ntp)
- ntp enable (starts the daemon)
- no ntp enable ( stops NTP)
- ntp peer ip_address_or_hostname
- ntp server [prefer | version version_number]
- Resettingnbsp;<IP address> (only use when NTP is not enabled)
- TIP: The NTPDATE command is not recommended for normal operations, because a reload of NTP includes a ntpdate command to set the clock. Do not use NTPDATE unlese ntp is unloaded, via the linux command line, using shell.
- Heartbeat commands.
- Every minute this command is executed against each SG
- Director# show system-resource-metrics succcessfully
- To restore the configuration to factory defaults.
- director (keptfig) # configuration restore-factory-defaults
- Health commands
- director # show monitoring health all
- Reseting your Director box back to default settings.
- director (determine# configuration restore-factory-defaults
- TIP: The above command will take up to 5 minutes to complete and remove every configuration you've made to it.
Frequently asked questions:
What initi.d scripts start Director?
- The '/etc/init.d/director' script starts Director.
What are the main components of the /etc/init.d/director startup script?
- TIP: The other main Daemons needed for Director are started prior to this script.
- Tomcat is started before this script in the /etc/encryptedtomcat script or as a result of the httpd start in this script.
- This script contains an upgrade , and setup functions, if needed
- the 'service httpd start' is issued in this script.
Where do we keep the scheduled jobs I create?
- Jobs are kept in the /local/jobs/runner folder.
Where do we keep store the upgrade images we have for Director?
- After the /'upgrade-package fetch' command is succcessfully issued, Images are kept in the /local/rpms folder.
How do I determin what the runlevel is on Director?
- Once you have typed 'shell' to get to linux type 'runlevel'
- TIP: the default runlevel of Director is 3
Where do we keep the archived configuration of Director?
Where do we keep the configuration backups of each SG appliance?
- We keep them in encrpted form in local/encrypted-backups/<name of SG>
What command would count how many files I have in this folder?
- Assuming your backup file had the letters "Mart" in it, you could use ls |grep Mart | wc -l (The last letter here is l, for list.)
Where is the complete director config stored?
- The configuration is stored, in encrypted form, in the folder /local/sys/v5-config
For more detailed troubleshooting tips, using the Director logs and archiving feature, see 000011526
For a list of what ports Director needs to have open, see 000015461
For details on another reason why the UI doesn't load, see 000008751
For instructions on how to procure a archive/ dump file to send to Blue Coat Support, see 000008073
For information on how to default the configuration of Director, see 000010606
For details on how to set up Director to send its syslogs to an external server, see 000010302
NOTE 7: In earlier versions of Director ( versions earlier than 220.127.116.11) neither Tomcat nor Postgress were used for Director. However, you still needed the Apache daemon running. In these versions, you need to download the Director Client, and log in to your appliance through that.