system Command
The system command implements system-wide changes.
Type the following command from your command line.
system [access | advanced_aggregation | data_client | data_vault | fips | firewall | fsck | halt | iptables | ipv6_slaac| keycopy | logu | monitoring_console | monthly_index | monthly_index_load_divisor | passwd | reboot | secureuldp | sshkey_passphrase | storage_growth | update]
Parameter | Description | Options |
---|---|---|
access | Grants full access to the application. When Data Privacy mode is disabled, only one password is required to gain the access. The password can be changed using the
system passwd command.
When Data Privacy mode is enabled, the two Security Keys are required to gain access. You
cannot change the Security Keys using the
|
None |
advanced_aggregation | Enable or disable the Advanced Aggregation features. After enabling the Advanced Aggregation option, the
Management > Rules > Aggregation tab is visible to users and they can use the Advanced Aggregation features.
By default, Advanced Aggregation is switched off. This feature can be enabled only if the Advanced Features option is enabled. Important: Before disabling Advanced Aggregation, ensure that you delete or disable any advanced aggregation rules to avoid storing unnecessary aggregated data.
To enable or disable this feature using the GUI, see the Advanced Aggregation setting. |
|
data_client | Creates or deletes a user account. | add <username> - Creates a new account, the following constraints apply to user names:
delete <username> - Deletes the existing user account list - Displays all existing user accounts |
data_vault | Manages encryption of all data volumes including archives. By default, the data vault is disabled and the data volumes are in unlocked state.
For more information, see Data Encryption. |
enable - Enables the encryption of data volumes.
status - Displays whether the Data Vault feature is enabled or disabled. unlock - Unlocks the data vault after system reboot. change_password - Changes the password of the data vault. enable_auto_unlock - Saves the encrypted password to be used for automatically unlocking the data vault at boot time. disable_auto_unlock - Removes the saved password to be used for automatically unlocking the data vault at restart time. enable_auto_unlock_once - Automatically unlocks the data vault using the saved encrypted password, for only the next system restart. The password is deleted after one use. |
fips | Enables or disables the Federal Information Processing Standard (FIPS) mode on the appliance. FIPS libraries are preinstalled in LogLogic LMI. Enabling the FIPS mode ensures that FIPS-compliant libraries are used during secure communication. | To enable FIPS mode, run the command:
> system fips enableWhen prompted, type yes to reboot the appliance for the changes to take effect.
To disable the FIPS mode, run the command: > system fips disableWhen prompted, type yes to reboot the appliance for the changes to take effect.
Note: In an HA setup, disable the failover on both appliances, enable the FIPS mode, and then reenable the failover.
status - Displays whether FIPS is enabled or disabled. |
firewall | Configures the firewall setting.
On the GUI, the firewall can be configured from Administration > Firewall Settings. See Adding an Input Rule. |
enable - Enables the firewall.
disable - Disables the firewall. status - Displays whether the firewall is enabled or disabled. list - Displays a list of firewall rules in the system. add <All/SingleIp/CIDR> <port> <TCP/UDP> <accept/deny> - Adds a new set of IP address (All or Single IP/ CIDR), port number, protocol (TCP or UDP), and action (accept or deny). Note: The value is case-sensitive.
remove - Removes a set of IP address, protocol, port number, and action. port <add/remove> <TCP/UDP> <port> <desc> > - Adds or removes a port for use in a firewall rule. |
fsck | Performs a file system check. | enable - Enables fsck check on system reboot or startup.
disable - Disables fsck check on system reboot or startup. status - Displays whether fsck is enabled or disabled. |
halt | Halts the appliance. | None |
iptables | Enables or disables the appliance iptables. This can be used for Firewall Settings. | on - Enables the appliance iptables.
off - Disables the appliance iptables. |
ipv6_slaac | Manages the Stateless Autoconfiguration (SLAAC) feature of IPv6. By default, the feature is turned off. | enable - Enables SLAAC.
disable - Disables SLAAC. status - Displays whether SLAAC is on or off. |
keycopy | By default, copies the RSA public key of the LogLogic product family to establish secure file transfer access with another server. The public key is used for user authentication when transferring files using the secure protocols SCP or SFTP. | dsa - Copies the Digital Signature Algorithm (DSA) public key to the target server. This parameter is available for backward compatibility. |
logu | Enables or disables the Advanced Features. The default is No. After running
logu enable , you must exit from the root shell for
mtask to restart and the changes to take effect. To enable or disable this feature from the GUI, see Advanced Features . |
enable - Enables the Advanced Features.
disable - Disables the Advanced Features. status - Displays whether Advanced Features are enabled or disabled. |
monitoring_console | Enables or disables the Monitoring Console and displays the
Monitoring > Console menu.
This feature can be enabled only if the Advanced Features option is enabled. To enable or disable this feature from the GUI, see Monitoring Console. |
enable - Enables the Monitoring Console.
disable - Disables the Monitoring Console. |
monthly_index | Enables or disables the Monthly Index feature. The default is No.
This feature can be enabled only if the Advanced Features option is enabled. To disable archiving of indexes while the raw data is archived, see Monthly Index. |
enable - Enables the Monthly Index feature.
disable - Disables the Monthly Index feature. status - Displays whether the Monthly Index feature is enabled or disabled. |
monthly_index_load_divisor | Controls what fraction of the monthly index terms are loaded into memory during an Advanced Search.
To enable or disable this feature from the GUI, see Monthly Index Load Divisor. |
show - Displays the value of monthly index load divisor.
set [1-5] - Sets the value of the monthly index load divisor. |
passwd | Changes the password for the CLI or system account. If an old password is present, the system prompts you for the old password and compares it against the stored password.
After the system authenticates the user, password aging information is checked to see if the user is permitted to change their password. If the user is authenticated, the system prompts for a replacement password. If the password is accepted,
|
This command with no option indicates to change the password for CLI or shell access. cli - Change password for the CLI account. shell - Change password for the shell account. |
reboot | Reboots the appliance. | None |
secureuldp |
If secureuldp is On, you must manually restart
mtask -s engine_uldpcollector restart |
create csr - Creates a certificate signing request.
install rootCA - Parses and installs the rootCA certificate. install certificate - Parses and installs the certificate. delete rootCA - Deletes the rootCA certificate. delete certificate - Deletes the certificate from the appliance. show csr - Displays the certificate signing request. |
sshkey_passphrase | This command controls the sshkey_passphrase feature. Once this feature is enabled, the SSH private key is stored in an encrypted format. The private key can only be used after being unlocked with assigned passphrase every time the system boots up.
If the passphrase is not unlocked, any file collection or backup configurations using an SSH-based communication channel. HA is affected and stopped until the passphrase is unlocked. Note: The following constraints apply to this feature to work in HA (failover) mode:
|
enable - Enables the SSH private key encryption feature.
disable - Disables the SSH private key encryption feature. The private key is stored in plain text format. unlock - Decrypts the encrypted SSH private key and stores the key in the key management daemon. change_pass - Assigns a new passphrase to the current SSH private key. status - Displays whether sshkey_passphrase feature is enabled or disabled. |
storage_growth | By default, the feature is disabled. To attach additional storage to
LogLogic EVA at the time of system boot, you must enable the feature. The feature remains enabled through every system restart until it is disabled again.
For information about how to attach additional storage, see TIBCO LogLogic® Enterprise Virtual Appliance Quick Start. |
enable - Enables attaching more storage volume when the system boots. Once enabled, additional storage is checked at every system boot, and if found, it is attached to the local storage.
disable - Disables attaching more storage volume when the system boots. status - Displays whether the feature is enabled or disabled. |
update | Checks and updates files from one version to another version. You can use this command to update files on a smaller scale. | None |
The system access command differs from the system passwd command. For example, currently the application is password protected. The system access command lets you access the application and use the system passwd command to change the password for the CLI or system account.
To enable IP tables:
> system iptables on
To reboot the system:
> system reboot
To change the console password:
> system passwd cli Enter password: Re-enter new password:
To apply file updates:
> system update Choose an upgrade file from the list: 0: update.tar.bz2 1: exit >> 0
Copying the Public Key to Another Server
$ chmod 600 ~/.ssh/authorized_keys
- Procedure
- In the appliance CLI, copy the public
SSH
key of the appliance to the server:- Run the system
keycopy command.
> system keycopy
The appliance asks whether to test or copy the key.
- Enter
C
to copy the key.The appliance copies the key to the server and displays its pathname. - Note down the displayed server path where the key is copied.
You later need to append this file to -/.ssh/authorized_keys on the server. The appliance asks for the server IP address.
- Enter the server IP address (provided by your Administrator).
The appliance asks for the server user name.
- Enter the user name (provided by your Administrator).
The appliance asks for confirmation of the displayed host IP address and RSA key fingerprint.
- Enter
yes
.The appliance reports that it permanently added the appliance as a known host, and then asks for the password. - Enter the password.
The appliance prompts you to configure the server with the appliance’s key, appending it to -/.ssh/authorized_keys on the server. For example:
SCP Server: IP-address login as: scpdata ============================================================= Machine Name: sqalinux Owner: SQA Administrator Groups: RE/SQA/Documentation Last Update: Mar 25, 2009 ============================================================= SCP_server:~> ls -l /tmp/LOGLOGICPUBKEY -rw-r--r-- 1 scpdata users 611 2009-12-03 18:07 LOGLOGICPUBKEY SCP_server:~> cat /tmp/LOGLOGICPUBKEY >> ~/.ssh/authorized_keys
The server setup is complete.
- Run the system
keycopy command.
- Verify the server setup.
- Run the system
keycopy command.
> system keycopy
The appliance asks whether to test or copy the key.
- Enter
T
to test the key.The appliance tasks for the server IP address. - Enter the server IP address (provided by your Administrator).
The appliance asks for the server user name.
- Enter the user name (provided by your Administrator).
The appliance copies a test file (scptestfile) to the server and then copies it back to the LogLogic appliance.
The appliance displays when the test copy is complete successfully.
- Run the system
keycopy command.
Applying the File Updates
> system update Choose an upgrade file from the list: 0: update.tar.bz2 1: exit >> 0