NOTE: This article is only meant to be used as a summary of the available commands, and used only by advanced administrators of Director. All commands come with an available question mark ( ?) at the end that will prompt you for the right syntax. LInks to more detailed information are at the bottom of this article.
1: Getting access to the command line interface- CLI:
- Open a SSH session to to the Director box..
- Showing the version, the serial number, and hostname of your Director.:
- director > show version
- director > show status
- director > show hosts
- Enter the enable mode by following the steps.
- director > enable
- director #
- Enter the configuration mode by following these steps.
- director # config t
- director (config) #
- TIP: If you do not see this prompt, see KB4829
- Network-related configuration and troubleshooting
- director # sh interfaces
- director # sh interfaces lo ( for the loopback port)
- director (config) # no interface lo shutdown ( to enable the loopback port if it is shut down)
- director (config) # ip name-server ip_address ( Add a DNS server )
- director (config) # ip host ip_address ( adds a static mapping between the supplied hostname and the address.)
- director (config) # ip default-gateway ip_address ( Set the default gateway )
- director (config) # hostname host_name ( changes the hostname of Director.)
- director (config) # shell ( to access the underlying OS)
- sh-3.2# service network restart (restarts all ethernet ports and their configuration - often used to restart the loop back port- an essential for Director operations)
- sh-3.2# ifconfig -a ( shows information regarding all interfaces on the device - need to activate the linux shell here)
- sh-3.2#exit (return to the Director CLI)
- User credential-related commands
- director (config) # show usernames ( will only show the local user database).
- director (config) # show privilege ( shows what privileges your logged-in user has)
- director (config) # username <username> disable ( to disable a username from logging in)
- director (config) # username <new username> ( to add a username)
- director (config) # no session <username> ( to terminate a user session.)
- director (config) # enable password "" ( to set the enable password to null, no longer supported in 6.1 see 000008511 for details)
- TIP: See the section on procuring a status of your Director dameons for a way to reset the postgress database.
- Radius commands:
- director # show radius
- director (config) # radius-server host ip_address key <shared_secret> (Specify the shared secret (key) to be used between the Director and the RADIUS server.)
- director (config ) # radius-server ip_address retransmit 1 (Set the number of retransmission attempts to the RADIUS server)
- director (config ) # no ssh server auth permitemptypassword (prevent Director from sending a null password to RADIUS before sending the actual password.)
- director (config ) # write memory (save your configuration)
- TACACS+ commands.
- director (config) # tacacs-server host hostname_or_device_id key password
- director (config) #tacacs-server host hostname_or_device_id port port_number
- director (config) #tacacs-server host hostname_or_device_id single-connection
- director (config) #tacacs-server host hostname_or_device_id timeout integer
- Configuration commands:
- director (config) # configuration switch-to <name of config file>
- director (config) # configuration new <new config file > keep-console
- Archive commands:
- director (config) # archive all create <archive_name> key <keyname>
- director (config) # archive all fetch <archive_name> ftp://<ip address> username <director> password <bluecoat>
- director (config) # archive all restore <archive_name> key <keyname>
- SSL commands:
- director (config) # show ssl appliance-certificate
- director (config) # ssl request-appliance-certificate
- Restarting Director:
- Troubleshooting with the messages file:
- director # config t
- director (config) # shell
- sh-3.2# tail -f /var/log/messages
- Working with DNS ( all done in the shell mode)
- sh-3.2# /etc/init.d/djbdns stat ( checks to see if the DNS service is running )
- sh-3.2# /etc/init.d/djbdns start ( Starts the DNS service )
- sh-3.2# /etc/init.d/djbdns restart ( stops and starts the DNS service)
- To disable A DNS server- not in linux shell but in config mode.
- director (config) # no ip name-server ip_address
- Procuring a status of Director daemons. Starting and stopping services.
- director # config t
- director # shell
- sh-3.2# service httpd status
- sh-3.2# service httpd stop
- sh-3.2# service httpd start
- sh-3.2# service director stop ( Do not attempt to exit to the nominal command line while the Director daemons are in a stoppped state! This will cause the CLI to hang, and you will then need a hardware reboot to restart the Director daemons)
- sh-3.2# service director start
- sh-3.2# /etc/init.d/tomcat6 status | start | stop
- TIP: tomcat is automatically started with the http daemon.
- TIP: If Postgress daemon does not start, you may want to use the command "director # monitoring db reset force" to reset it. ( this command is done in config mode) A director reload is required after this command.
- For a more detailed discussion on the essential daemons needed for Director, see 000014650
- CPU status commands.
- director # config t
- director # shell
- sh-3.2# vmstat -a
procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
r b swpd free inact active si so bi bo in cs us sy id wa st
0 0 0 841992 58084 112028 0 0 89 16 1019 99 2 1 97 1 0
- Showing the cpu idle 99 percent of the time- see the id colomn.
- Interface management.
- See above under "network related" title
- Working directly with each SG device:
- director #show devices max-supported ( shows how many total SGs you can configure )
- Remotely restore a backup to an SG.
- director # remote-config backup restore device device_id backup_id
- Checking the state and health.
- director # show devices state
- director # show monitoring health summary ( gives you a list of all registered SGs, and their status- wether or not Director can connect to them, for example)
- Executing a command on the SG..
- director # remote-config execute device "<device name>" command "show version" ( show the SG version software )
- director # remote-config reboot device "<device name>" ( reboots device )
- director # remote-config reconnect device "<device name>" ( reconnects to the device )
- director # remote-config overlay "<overlyname> " execute device <device name> ( executes a overlay)
- TIP: You can also use the LINUX command "ssh root@<ipaddress of SG> from the Director shell prompt to attach directly to each SG..
- Information on jobs.
- director # show jobs
- director # show jobs <device id>
- SMTP commands.
- director # show mail-config ( show the SMTP setup)
- Memory commands.
- Debug dump commands:
- director (config) # debug dump generate
- Upload the dump file to a local FTP server
- (config) # shell
- sh-3.2# cd /local/userfiles
- sh-3.2# ls
- sh-3.2# mv dump?sgmeinfo-director-2014.09.11-095306.tgz debug_dump.tgz ( to rename file to a smaller filename )
- sh-3.2# ftp
- ftp> open ftp.example.com
- + 220 FTP SERVER BANNER APPEARS HERE
- ftp> bin
- ftp> put debug_dump.tgz
- LINUX MEMORY COMMANDS
- TIP: While in the 'config t' type shell to get to the LINUX shell
- sh-3.2# free -mot ( to get memory state)
- sh-3.2# swapon -s ( to get swap state, which should NOT be set by default)
- Taking a PCAP for support.
- director # tcpdump filter -i ether-0 -c 3
- director # tcpdump start
- TIP: tcpdump will be listening on ether-0
- Example1: This command filters the trace for the 18.104.22.168 address: tcpdump -w file.pcap -s 1550 host 22.214.171.124
- director # standbyp stop
- standbye2: tcpdump –vvx –i eth0 port 22 –w ssh_capture.cap
- Above PCAP command procures a sniffer trace (pcap) on eth0 for ssh traffic
- Director Standby commands.
- director # show standby-settings
- Partner IP:10.12.13.15
- Partner State:Reserve
- Sync State:in_sync
- Time Last HB Recd.:Fri Dec 03 2010 18:17:50
- director # standby make-active.
- director # standby make-primary.
- director # standby make-secondary.
- director # standby make-standalone.
- NTP commands
- TIP: The below commands start, stop and configure the NTP daemon.
- director (config) # show ntp( obtain a status of ntp)
- director (config) # ntp enable (starts the daemon)
- director (config) # no ntp enable ( stops NTP)
- director (config) # ntp peer ip_address_or_hostname
- director (config) # ntp server [prefer | version version_number]
- TIP: The NTPDATE command is not recommended for normal operations, because a reload of NTP includes a ntpdate command to set the clock. Do not use NTPDATE unlese ntp is unloaded, via the linux command line, using shell.
- To restore the configuration to factory defaults.
- director (config) # configuration restore-factory-defaults
- TIP: The above command will take up to 5 minutes to complete and remove every configuration you've made to it.
- Health commands
- director # show monitoring health all
Frequently asked questions:
What initi.d scripts start Director?
- The '/etc/init.d/director' script starts Director.
What are the main components of the /etc/init.d/director startup script?
- TIP: The other main Daemons needed for Director are started prior to this script.
- Tomcat is started before this script in the /etc/encryptedtomcat script or as a result of the httpd start in this script.
- This script contains an upgrade , and setup functions, if needed
- the 'service httpd start' is issued in this script.
Where do we keep the scheduled jobs I create?
- Jobs are kept in the /local/jobs/runner folder.
Where do we keep store the upgrade images we have for Director?
- After the /'upgrade-package fetch' command is succcessfully issued, Images are kept in the /local/rpms folder.
How do I determine what the runlevel is on Director?
- Once you have typed 'shell' to get to linux type 'runlevel'
- TIP: the default runlevel of Director is 3
Where do we keep the archived configuration of Director?
Where do we keep the configuration backups of each SG appliance?
- We keep them in encrypted form in local/encrypted-backups/<name of SG>
What command would count how many files I have in this folder?
- Assuming your backup file had the letters "Mart" in it, you could use ls |grep Mart | wc -l (The last letter here is l, for list.)
Where is the complete director config stored?
- The configuration is stored, in encrypted form, in the folder /local/sys/v5-config
For more detailed troubleshooting tips, using the Director logs and archiving feature, see 000011526
For a list of what ports Director needs to have open, see 000015461
For details on another reason why the UI doesn't load, see 000008751
For instructions on how to procure a archive/ dump file to send to Blue Coat Support, see 000008073
For information on how to default the configuration of Director, see 000010606
For details on how to set up Director to send its syslogs to an external server, see 000010302
NOTE 7: In earlier versions of Director ( versions earlier than 126.96.36.199) neither Tomcat nor Postgress were used for Director. However, you still needed the Apache daemon running. In these versions, you need to download the Director Client, and log in to your appliance through that.