cli reference

Blue Coat Systems Director

Command Line Interface Reference

Version SGME 6.1.x

Director Command Line Interface Reference

ii

2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW, INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE, POLICYCENTER, PROXYAV, PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING., SECURITY EMPOWERS BUSINESS, BLUETOUCH, the Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective owners. This document is for informational purposes only.

BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT. BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS, REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN COUNTRY OR IMPORT AFTER DELIVERY TO YOU.

Americas: Rest of the World:

Blue Coat Systems, Inc. Blue Coat Systems International SARL 420 N. Mary Ave. 3a Route des Arsenaux Sunnyvale, CA 94085 1700 Fribourg, Switzerland

Document Number: 231-03037 Document Revision: SGME 6.1.x 04/2014

iii

Contents

Chapter 1: IntroductionAudience for this Document ............................................................................................................. 7Organization of this Document ........................................................................................................ 7Content Filtering Policy and Role-Based Access............................................................................ 7Document Conventions ..................................................................................................................... 9Conventions and Global Concepts ................................................................................................... 9

Command Modes ....................................................................................................................... 10General Conventions ................................................................................................................. 11Global CLI Response Conventions .......................................................................................... 11URL Syntax.................................................................................................................................. 12

Related Blue Coat Documentation ................................................................................................. 13

Chapter 2: Standard and Enable Mode CommandsStandard Mode Commands ............................................................................................................ 15Content Filtering Policy Commands.............................................................................................. 15

>cli ............................................................................................................................................... 16>enable ........................................................................................................................................ 18>exit ............................................................................................................................................. 19>help ............................................................................................................................................ 20>no ............................................................................................................................................... 21>ping ........................................................................................................................................... 22>show .......................................................................................................................................... 23>slogin ......................................................................................................................................... 26>standby ..................................................................................................................................... 27>tcpdump ................................................................................................................................... 29>traceroute .................................................................................................................................. 30>upgrade-package ..................................................................................................................... 31

Enable Mode Commands................................................................................................................. 31#archive....................................................................................................................................... 32#clear ........................................................................................................................................... 38#cli................................................................................................................................................ 39#configure ................................................................................................................................... 40#content....................................................................................................................................... 41#debug......................................................................................................................................... 48#device ........................................................................................................................................ 49#disable ....................................................................................................................................... 50#exit ............................................................................................................................................. 51#file .............................................................................................................................................. 52#help ............................................................................................................................................ 53#job............................................................................................................................................... 54


iv

#line-vty ...................................................................................................................................... 55#monitoring................................................................................................................................ 56#no ............................................................................................................................................... 59#ping............................................................................................................................................ 60#push-policy............................................................................................................................... 61#reload ........................................................................................................................................ 62#remote-config........................................................................................................................... 63#show .......................................................................................................................................... 69#slogin......................................................................................................................................... 87#ssl ............................................................................................................................................... 88#standby ..................................................................................................................................... 89#tcpdump upload url................................................................................................................ 90#traceroute.................................................................................................................................. 91#write .......................................................................................................................................... 92

Chapter 3: Configuration Mode CommandsContent Filtering Policy Commands ............................................................................................. 93

(config) #aaa authentication login default.............................................................................. 94(config) #abort-on-errors ........................................................................................................... 96(config) #access-list access_list_name ..................................................................................... 97(config) #archive ....................................................................................................................... 102(config) #arp .............................................................................................................................. 103(config) #banner........................................................................................................................ 104(config) #cdn ............................................................................................................................. 105(config) #clear............................................................................................................................ 106(config) #cli ................................................................................................................................ 107(config) #clock........................................................................................................................... 108(config) #configuration ............................................................................................................ 109(config) #content options......................................................................................................... 111(config) #content url-list .......................................................................................................... 112(config) #continue-on-errors................................................................................................... 113(config) #debug......................................................................................................................... 114(config) #device device_id ...................................................................................................... 115(config) #device-acl .................................................................................................................. 121(config) #dmc request-timeout ............................................................................................... 123(config) #dmc timeout ............................................................................................................. 124(config) #exit.............................................................................................................................. 125(config) #file .............................................................................................................................. 126(config) #folder folder_id .......................................................................................................... 127(config) #group group_id........................................................................................................ 129(config) #help ............................................................................................................................ 131(config) #hostname................................................................................................................... 132(config) #interface interface_number .................................................................................... 133(config) #ip ................................................................................................................................ 135(config) #job job_id................................................................................................................... 137(config) #lcd............................................................................................................................... 141

Contents

v

(config) #license ........................................................................................................................ 142(config) #login-banner ............................................................................................................. 143(config) #line-vty ...................................................................................................................... 144(config) #logging ...................................................................................................................... 145(config) #mail-config................................................................................................................ 147(config) #monitoring ................................................................................................................ 149(config) #no ............................................................................................................................... 152(config) #ntp.............................................................................................................................. 162(config) #ntpdate ...................................................................................................................... 163(config) #ping............................................................................................................................ 164(config) #push-policy............................................................................................................... 165(config) #ldap-server................................................................................................................ 166(config) #radius-server ............................................................................................................ 171(config) #reload......................................................................................................................... 174(config) #remote-config ........................................................................................................... 175(config) #require-config-lock enable...................................................................................... 184(config) #restore-db userdb..................................................................................................... 185(config) #role ............................................................................................................................. 186(config) #role-substitution-variable ....................................................................................... 188(config) #show .......................................................................................................................... 190(config) #slogin ......................................................................................................................... 192(config) #snmp-server.............................................................................................................. 193(config) #ssh .............................................................................................................................. 195(config) #ssl ............................................................................................................................... 197(config) #standby...................................................................................................................... 199(config) #tacacs-server ............................................................................................................. 200(config) #tcpdump.................................................................................................................... 202(config) #telnet-management.................................................................................................. 203(config) #traceroute .................................................................................................................. 204(config) #upgrade-package ..................................................................................................... 205(config) #username................................................................................................................... 207

Appendix A: Commands Available to Delegated UsersStandard Mode Commands Available for Delegated Users .................................................... 211Enable Mode Commands Available for Delegated Users ........................................................ 211Configure Mode Commands Available for Delegated Users .................................................. 211

Appendix B: Third-Party Copyright Notices


vi

7Chapter 1: Introduction

This document describes all of the commands offered in the Blue Coat Director Command-Line Interface (CLI). First the terms and conventions used throughout this documented are described. Then the commands are listed along with syntax and descriptions of their functionality.

Audience for this DocumentThis reference guide is written for system administrators and experienced users who are familiar with network configuration. Blue Coat assumes that you have a functional network topography, that you and your Blue Coat Sales representative have determined the correct number and placement of the Director appliances, and that those appliances have been installed in an equipment rack and at least minimally configured as outlined in the Quick Start Guide shipped with your Blue Coat Director appliance.

Organization of this DocumentThis document contains the following chapters:

Chapter 1 IntroductionThe organization of this document; conventions used; descriptions of the CLI modes; and instructions for saving your configuration.

Chapter 2 Standard and Enable Mode CommandsAll of the standard mode commands, including syntax and examples, in alphabetical order. All of the enable mode commands (except for the configuration mode commands, which are described in Chapter 3), including syntax and examples, in alphabetical order.

Chapter 3 Configuration Mode CommandsThe configuration mode commands are the most used and most elaborate of all of the CLI commands. For better readability you will notice that in the command reference chapters, each command heading is preceded with the appropriate prompt.

Content Filtering Policy and Role-Based AccessSGME 5.5 introduces for the first time role-based access to the Director Management Console and command line. Role-based access is used for content filtering policy, which is discussed in more detail in the Blue Coat Director Configuration and Management Guide.


8

The following table summarizes the impact of this change:

Throughout this book, commands that are restricted to particular users are noted. An example follows:

(config) # username username {role {role_name} user-group user_group_name}

This command is used with content filtering policy. This command is available for the sadmin user only.

Creates a locally authenticated delegated user and specifies a role and user group name for the user user. For example, the following commands:director (config) # username FinAdmin password directordirector (config) # username FinAdmin role delegated-admin user-group Finance_policy

Create a delegated user named FinAdmin with password director and associates the user with the group Finance_policy.

User Description

sadmin The sadmin user, introduced in SGME 5.5, can execute any command in this book. sadmin has the following unique capabilities: Can create delegated users Can create user groups Can associate delegated users with user

groups Can associate user groups with devices (or

custom groups) Can associate Content Policy overlays with

devices (or custom groups)

admin or any privilege 15 user admin and sadmin can both: Create Content Policy overlays Create and provide values for substitution

variables used in content filtering policy

delegated user Create content filtering policy allow lists and block lists and push those lists to devices assigned by sadmin.In addition, because delegated users have privilege level 10, they can execute any commands listed in Appendix A: "Commands Available to Delegated Users".

Chapter 1: Introduction

9

Document ConventionsThe following table lists the typographical and CLI syntax conventions used in this manual.

Conventions and Global ConceptsThis section describes various conventions and global concepts that are used throughout this document.

Case-InsensitivityCommands and parameters are case-insensitive.

All string comparisons are case-insensitive unless otherwise specified. The cases of characters in strings to be stored persistently are maintained, however.

Command AbbreviationYou can abbreviate commands, provided you supply enough command characters as to be unambiguous. For example:

# configure terminal

Can be shortened to:

# conf t

Using Spaces in ParametersSpaces cannot be used in parameter values unless the entire value is enclosed in double quotation marks.

Correct:

(config) # group Group of Groups

Incorrect:

(config) # group Group of Groups

Table 11 Document conventions

Convention Description

Italics The first use of a new or Blue Coat-proprietary term.

Monospaced font Command-line text that will appear on your administrator workstation.

Monospaced italics A command-line variable that should be substituted with a literal name or value pertaining to the appropriate facet of your network system.

Monospaced boldface A literal command that should be entered as shown.

{ } One of the parameters enclosed within the braces must be supplied.

[ ] Optional parameters.

| Separates required or optional parameters.


10

Illegal and Escaped CharactersThe colon (:) and question mark (?) characters cannot be used in entry fields or parameter values unless you perform the following tasks:

If you use a colon character in a field or parameter (for example, in a URL), either enclose the entire URL in double quotation marks or escape it by preceding it with a / character.

Examples of using a colon character in a URL:http/://www.example.comhttp://www.example.com

To use a question mark in a field or parameter (for example, in a URL), first enter cli help disable, which causes Director to ignore the question mark character.

Command ModesDirector has the following command modes:

Standard, which is the mode when you first log in to Director. This mode allows you to monitor Director without making changes.

Enable, which provides more advanced control than standard mode. However, enable mode commands do not allow you to make permanent changes to Directors configuration.

Initially, enable mode does not require a password; however, Blue Coat strongly recommends you set an enable mode password.

Configuration, which enables you to configure the Director appliance and devices connected to it.

The command prompt changes to reflect the mode you are using:

Prompt Mode

> Standard, which enables you to set basic settings. Standard mode does not require a password. After you log in to Director, you start with standard mode.

# Enable, which enables you to set more advanced settings. By default, enable mode does not require a password but Blue Coat recommends you create a password.From standard mode, enter enable to start enable mode.

(config) # Configuration, which enables you to configure the Director appliance.From enable mode, enter configure to start configuration mode.


11

For More InformationFor more information, see one of the following:

Standard mode commands: Standard Mode Commands on page 15

Enable mode commands: Enable Mode Commands on page 31

Configuration mode commands: Chapter 3: "Configuration Mode Commands"

General ConventionsFollowing are possible results if you enter more parameters than are allowed for a particular command:

The command could have no effect and you will receive an error message and some usage help. This is true of most commands, unless otherwise noted.

The surplus parameters could be ignored and the valid part of the command will be executed. This is the case for some no commands. This behavior is implemented to make it easier for users to negate commands that they have in their cut and paste buffer, such as from the output of show configuration.

Global CLI Response ConventionsThe responses printed by the CLI will follow certain conventions, detailed below.

If the response is an error, there will be one or more lines that begin with %. These lines will contain user-printable strings explaining the error. The cli print-message-codes command allows you to print error codes along with each error message.

The last line printed will always be the prompt for the next command from the user. Initially, it will be hostname >, where hostname is the fully-qualified host name of Director. If no host name is defined, the prompt is director >.

In enable mode the prompt is hostname #, and in configuration mode it is hostname (config) #. When entering a submode, the word config is suffixed by another string, as documented in the command description.

The prompt can also be overridden by the cli prompt-override command.

Successful changes to system state usually have no response at all. As a general rule, the only commands that have a response are those that were queries, or commands that resulted in an error.

If you type an incomplete command, for example, show, the response will look like:% Type 'show ?' for help.

If you type an ambiguous command, for example, e, the response will look like:% Ambiguous command 'e'. % Type 'e?' for a list of possibilities.


12

If you type an unrecognized command, for example, cle, the response will look like:% Unrecognized command 'cle'. % Type '?' for help.

Note that this can occur after valid commands, such as conf tu:% Unrecognized command 'tu' % Type 'conf ?' for help.

URL SyntaxAll commands that accept a URL as a download source or upload destination follow the same conventions. This includes content management commands with urls-from and regexes-from arguments, because Director downloads a file list from the supplied URL. All such URLs are formatted as:

protocol://host/path

The SCP protocol must use the format:

scp://host/path

For FTP, a URL such as:

ftp://host/path

specifies a relative path, and a URL such as:

ftp://host/path

specifies an absolute path.

If path is a directory, it must end with a / character.

The following protocols are generally supported:

HTTP

HTTPS (not supported for all commands)

FTP

SCP (not supported for all commands)

When specifying HTTP or HTTPS for uploading, a PUT operation is performed.

For SCP, note that this URL syntax is different from what is accepted by the UNIX scp command.

When you use the file protocol, the path specifies an absolute path on the local file system.

For specifying user names and passwords, all commands that accept a URL allow the following optional parameters after the URL (except for the content management commands urls-from and regexes-from):

[username username [password password]]

If no user name or password is specified, the file will be uploaded or downloaded anonymously. If a user name is specified without a password, the user will be prompted for a password, which will not be echoed back.

If the protocol is SCP, a user name must be specified.


13

FTP and SCP URLs can specify absolute or relative paths (relative to the home directory of the specified user).

A URL such as:

ftp://host/path

specifies a relative path, and a URL such as:

ftp://host/path

specifies an absolute path.

This is consistent with what many other Internet applications support, even though it does not conform with the appropriate RFCs.

When specifying an upload destination URL, the last part of the URL can specify the name of an existing directory on the target. For all protocols except SCP, the URL must end with a trailing slash to indicate that the last part is a directory. For example, the command:

debug upload dump mydump.tgz ftp://host/path1/path2/

is equivalent to:

debug upload dump mydump.tgz ftp://host/path1/path2/mydump.tgz

Related Blue Coat Documentation Blue Coat Director Configuration and Management Guide

Blue Coat Director Getting Started Guide

ProxySG Appliance Configuration and Management Guide Suite

Blue Coat Director API Reference Guide


14

15

Chapter 2: Standard and Enable Mode Commands

This chapter describes and provides examples for the standard and enable mode CLI commands.

Standard Mode CommandsStandard mode is the default mode when you first log on. From Standard mode, you can view but you cannot change configuration settings. In contrast to Enable mode, this mode cannot be password-protected. Standard mode has a short list of commands.

Important: For a description of the help command and instructions on using the CLI help, see >help on page 20.

The Standard mode prompt is a greater-than sign; for example:

director > traceroute host

Content Filtering Policy CommandsEnable mode includes certain commands related to content filtering policy, which is new in SGME 5.5. For more information, see Content Filtering Policy and Role-Based Access on page 7.


16

> cli

SynopsisChanges the CLI's treatment of modes. This command is also available in enable and configuration modes.

Syntax> cli {capture {file | help disable | print-message-codes | prompt-

override string | raw-input | watch {config-changes {enable | disable} | console-logging {enable | disable} | health-changes {enable | disable} | partner-changes {enable | disable}}

Subcommands> cli capture file filename

Captures CLI output to a file in your home directory, specifying the name of the file to which to capture. The capture applies only to the current session and is automatically terminated when the administrator logs out. The capture file remains but capture would not be automatically enabled for subsequent command line sessions.

When capturing is enabled, the following is captured:

The command line and ? when a help query is made

The results of any help queries

The prompt and full command entered when you press Enter

The response to any commands entered

Command completions are not captured; in other words, none of the following output is captured:

resulting from pressing the Tab key

extending the command line

reprinting the command prompt

printing the list of possible completions

filename is created in the users home directory, which is under:/local/userfiles/username

If filename already exists, the output is appended to it. The file remains open for write until any of the following conditions is met:

you enter no cli capture,

you leave the CLI (which includes running the "xyzzy" command),

you specify a different filename

> cli help disable

The help system is normally invoked with the '?' key. The command help disable disables the help system, and you must then type out help to access the help system. To re-enable the help system, use the command no cli help disable.


17

This option applies only to the current session and is not persistent across sessions.

Note: You must enter cli help disable before entering a command (such as a URL) that includes a question mark. In other words, any command in which you enter a question mark character (?) fails unless you enter cli help disable first.

> cli print-message codes

Print error codes along with each error message. Not every error has an associated code but codes can be useful to help Blue Coat Support troubleshoot an issue.

Examples follow:

(No message codes) % Operation failed.

(With message codes) % (code 17) Operation failed.

Note: This command applies only to the current session; it does not persist among sessions or apply to other administrators who are logged in to Director at the same time.

> cli prompt-override prompt_string

Changes the prompt from its default behavior (the hostname, followed by punctuation and words to indicate what command mode you are in) to display a single prompt all the time. This option applies only to the current session and is not persistent across sessions.

> cli raw-input

Enters raw input mode (help, completion, and command line editing would be disabled for this session).

> cli watch {config-changes | console-logging | health-changes | partner-changes} {enable | disable}Enables you to watch (or not watch) changes to configuration, console log messages, health change notifications, or partner change notifications. When you enable change notification, the first line of the message is:% Configuration changed.

For example, the following command disables console log messages during the session:

cli watch console-logging disable

Note: This setting is not stored in persistent storage; it applies only to the current command line session.

Exampledirector > cli help disable director > ? % (code 2) Unrecognized command '?'. % (code 53) Type 'help' for help.


18

> enable

SynopsisUse this command to enter enable mode. Enable mode commands enable you to view and change your configuration settings. In some configurations, you must provide a password.

Syntax> enable

This changes the prompt to the enable prompt after you enter the enable password:

Enable Password: director #

The enable command does not have any parameters or subcommands.

Note: To exit enable mode, enter disable.

Exampledirector > enable Enable Password:****** director #


19

> exit

SynopsisUse this command to exit the command line. This command will close some SSH applications, such as putty.

Syntax> exit

The exit command does not have any parameters or subcommands.

Exampledirector > exit


20

> help

SynopsisLists all top-level commands currently available. This command is helpful for those with small terminal screens for whom the list of commands shown by '?' scrolls off the screen. This command also provides information about how to use the help feature.

Syntax> help

The help command does not have any parameters or subcommands.

Exampledirector > helpCommands currently available:cli help slogin upgrade-package no standby enable ping tcpdump exit show tracerouteHelp may be requested at any point in a command by typing a question mark '?'.1. For a list of available commands with full descriptions, type '?' by itself at the prompt.2. For help completing a parameter or command, type '?' anywhere in the line. For example: 's?' will list all commands beginning with 's'. 'show ?' will list all possible parameters to the 'show' command.


21

> no

SynopsisUse this command to negate certain options related to CLI commands, content, and devices.

Syntax> no {cli options}

Subcommands> no cli options

> no cli capture

Disables capturing of CLI output to a file.

> no cli help disable

The command no cli help disable re-enables the help system so that typing the command '?' will give help on completing the line.

> no cli print-message-codes

Do not print error codes along with each error message.

Note: This command applies only to the current session; it does not persist among sessions or apply to other administrators who are logged in to Director at the same time.

For examples, see >cli on page 16.

> no cli prompt-override

Removes the CLI prompt override.

> no cli raw-input

Disables raw input mode (help, completion, and command line editing would be reenabled).

Exampledirector > no cli print-message-codes director >


22

> ping

SynopsisUse this command to send ICMP echo request packets. This command is also available in enable and configuration modes.

Syntax> ping [-c count] [-i delay] [-s packet-size] host [program-

options]

-c count specifies how many ping packets to send. Without this parameter, ping continues until you press Control+C.

-i delay specifies the delay, in seconds, between ping packets.

-s packet_size specifies the size of ping packets, in bytes.

host specifies the host for which you want to send ICMP echo request packets.

> ping program_options

The ping command supports standard UNIX options. For a list of available options, enter ping by itself.

Exampledirector > ping -c 2 10.25.36.47 PING 10.25.36.47 (10.25.36.47): 56 data bytes 64 bytes from 10.25.36.47: icmp_seq=0 ttl=255 time=0.202 ms 64 bytes from 10.25.36.47: icmp_seq=1 ttl=255 time=0.214 ms----10.25.36.47 PING Statistics---- 2 packets transmitted, 2 packets received, 0.0% packet loss round-trip min/avg/max/stddev = 0.202/0.208/0.214/0.008 ms


23

> show

SynopsisUse this command to display running system information.

Syntax> show [subcommands]

Subcommands> show arp

Displays content of the running ARP cache.

> show arp [configured]

Displays static ARP entries configured on this system.

> show arp [statistics]

Displays ARP statistics.

> show clock

Displays system time, date, and timezone.

> show devices

Displays information about devices added or registered.

> show file systems

Displays information about files on this system.

> show groups

Displays information about groups on this system.

> show hosts

Displays DNS-related information.

> show interfaces [ether-0 | ether-1]Displays information about the interfaces configured on the appliance.

> show ip

Displays IP statistics.

> show ip default-gateway [configured]

Displays the running default (the default-gateway command) or configured default (the default-gateway configured command) gateway.

> show ip default-gateway-v6

Displays the IPv6 address configured as the default gateway.

> show ip icmp

Displays Internet Control Message Protocol (ICMP) statistics.

> show ip igmp

Displays Internet Group Management Protocol (IGMP) statistics.


24

> show ip route [configured]

Displays routing information. The route command displays the dynamic routes currently in use, and the route configured command displays any static routes configured for this system.

> show ip tcp [conns | listeners]show ip tcp displays TCP statistics.

show ip tcp conns displays information about active TCP connections.

show ip tcp listeners displays information about configured TCP listen ports.

> show ip udp [conns]

The udp command displays UDP statistics and the udp conns command displays UDP connection information.

> show ldap-server

Displays your LDAP server configuration.

> show license

Displays the license installed on the Blue Coat Director.

> show logging

Displays logging settings, including audit logging information.

> show login-banner

Displays the login banner displayed for access to the Director Management Console.

> show monitoring

Displays device health monitoring information.

> show monitoring alerts [all | alert-id | device device_id | group group_id | severity [all | warning | disconnected | critical] | state [all | active | inactive] | status [all | acknowledged | unacknowledged]]Displays alerts information. For example, the following command displays alerts with the severity of disconnected:

show monitoring alerts severity disconnected

> show monitoring health [all | device device_id | group group_id | summary]Displays health of a group or device.

> show monitoring statistics [device device_id]

Displays device statistics.

> show platform

Displays the hardware platform type (for example, 510).

> show privilege

Displays current user privilege level. Privilege levels are expressed as an integer between 1 (low) and 15 (high). To set a users privilege level, see (config) #username on page 207.


25

> show require-config-lock

Displays whether a configuration lock is enabled or disabled. For more information about configuration locks, refer to Appendix A, Administering Director, in the Blue Coat Director Configuration and Management Guide.

> show standby-settings

Displays the standby (Director redundancy) settings.

> show status

Displays status of this machine.

> show tcpdump

Displays tcpdump.

> show telnet-management

Displays the configuration of the Telnet server.

> show upgrade-package

Displays information about installed software packages on the appliance.

> show version [detail]

The version command displays normal system version information and the version detail command displays full version information in a compact format.

Exampledirector > show privilege Currently logged in as admin Your current privilege level is 1 Your maximum allowed privilege level is 15


26

> slogin

SynopsisOpens an SSH connection to a remote host. When you are finished, type the command exit to return to the Director CLI. This command is also available in enable and configuration modes.

The slogin command supports password authentication only. RSA authentication is not supported.

Syntax> slogin [-l username] hostname [program_options]

Subcommands> slogin -l username

Enter a user name to log in to the remote host.

> slogin hostname

Opens the SSH connection to the host.

> slogin [program_options]

Specifies optional parameters passed to the standard UNIX slogin program. For a list of potential program options, enter slogin by itself or look at slogin man pages.

Exampledirector > slogin -l admin 10.25.36.47 [email protected]'s password:10.25.36.47 - Blue Coat SGOS>

Important: When the slogin command is run from configuration mode, it will release the configuration lock so that you do not lock out other users during the slogin session.


27

> standby

SynopsisConfigures the Directors standby configuration. The Director standby feature is designed to minimize Director service disruptions caused by network outage, disaster, or Director failure. When standby is deployed, the Director configuration is mirrored to a second Director whose only function is to take over for the first Director if a failure occurs.

Normally, only one Director is active in a standby pair; the active Director is the only Director that performs configuration and monitoring tasks. The active Director mirrors its configuration and state data to the partner Director, which does not allow administrative access so that synchronization can be maintained between the two Directors.

Syntax> standby {make-active | make-primary partner_ip password | make-

secondary partner_ip username | make-standalone}

Subcommands> standby make-active

Makes this Director active. You use the active Director for all Director tasks, including remote administration using overlays, profiles, jobs, and so on. The normal state of the primary Director is active.

> standby make-primary secondary_ip-address password

Makes this Director the primary appliance in a standby pair. The primary Director performs all day-to-day Director operations. All changes on the primary Director are propagated to the secondary Director by means of the sync utility running over SSH.

The primary Director continually executes SSH commands on the secondary Director to verify connectivity.

When you execute the make-primary command, the Director reboots.

> standby make-secondary primary_ip-address password

Makes this Director the secondary appliance in a standby pair. The secondary Director takes over for the primary Director when a failure occurs. The normal state of the secondary Director is reserve, which means it cannot perform any monitoring or configuration operations and will not accept Management Console connections. If you configure the secondary Director to be active, it performs all functions previously performed by the primary Director.

When you execute the make-secondary command, Director reboots. To access the secondary Director, you must log in with the standbyuser user name.

> standby make-standalone


28

Takes the Director out of the standby pair. This is the factory default state of Director. A standalone Director cannot participate in a standby pair until an administrator changes its identity to primary or secondary.

When you execute the make-standalone command, Director reboots.

Exampledirector > standby make-primary 192.168.0.2 thunder


29

> tcpdump

SynopsisStarts tcpdump in the background with the program option parameters provided. If tcpdump was already running, this starts another instance (presumably with parameters that pass through a disjoint set of packets, otherwise some will be printed twice). Control returns to the user immediately, and packets are printed as they arrive.

This command is also available in enable and configuration modes.

Syntax> tcpdump {filter options | start | stop}

Subcommands> tcpdump filter options

With no options specified, captures all packets. options is a standard set of UNIX tcpdump options (with the exception of -D, -k, -R, and -U, which are not supported for Director). For more information about filtering options, see the tcpdump man page.

> tcpdump start

Starts tcpdump.

> tcpdump stop

Stops tcpdump.

Exampledirector > tcpdump -i ether-0 -c 3 director > tcpdump start tcpdump: listening on ether-0 director > tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 96 bytes 3 packets captured 3 packets received by filter 0 packets dropped by kerneldirector > tcpdump stop

Important: If you do not specifically exclude packets between Director and the host you are connecting from, an infinite feedback loop results because printing packets generates SSH/telnet traffic, which generates more packets.


30

> traceroute

SynopsisDetermines the route packets take to a destination. The command executes until the entire route to the host is traced, or until you press Control+C. This command is also available in enable and configuration modes.

Syntax> traceroute host

SubcommandsNone.

Exampledirector > traceroute 172.16.45.142 1: 172.16.45.141 (172.16.45.141) 0.362ms pmtu 1500 1: 172.16.45.142 (172.16.45.142) 0.837ms reached Resume: pmtu 1500 hops 1 back 1


31

> upgrade-package

SynopsisEnables you to roll back to the previously installed software version.

Subcommands> upgrade-package rollback

Enables you to roll back to the previously installed system image. After you roll back, Director reboots.

If there is no package to which to roll back, the following message displays:No previously installed package available for rollback.

To upgrade a Director 510, see (config) #upgrade-package on page 205.

Enable Mode CommandsEnable mode provides a robust set of commands that enable you to view, manage, and change Director settings for features such as managing jobs, device records, or user privileges.

To access enable mode:

From standard mode, enter enable, as follows:

director > enable Password:******** director #

By default, an enable mode password is not required. Press to go in to enable mode. If a login password is configured, you must re-enter the password or passcode that is registered on their local, RADIUS/SecurID, TACACS or LDAP authentication domain.

Important: The enable mode subcommand configure, referred to as configuration mode, enables you to manage the Director features. See Chapter 3: "Configuration Mode Commands" for detailed information about this command and its subcommands.


32

# archive

SynopsisUse this command to manipulate Director backups (that is, archives) on this Director appliance.

Syntax# archive {{all | config | device-backup | event-log | job-report}

{create [archive_name url [username username password password] | key keyname]} | delete archive_name | move archive_name_old archive_name_new | fetch {archive_name url [username username password password]} | upload {archive_name} url [username username password password]}} | {delete key keyname | generate key keyname | input key keyname {show | no-show}}

SubcommandsSee one of the following sections:

Specifying What to Archive

Working With Archive Keys on page 33

Creating, Encrypting, and Uploading an Archive on page 34

Creating an Archive and Optionally Encrypting It on page 34

Deleting or Renaming Archives on page 35

Fetching an Archive on page 35

Uploading an Archive on page 35

Specifying What to ArchiveThe following subcommands specify the scope of the archive:

allIncludes configuration, event log, device backup, and job report backup data.

configIncludes the Director configuration files only. This archive includes the device settings, network settings, profiles, overlays, and scheduled job data.

Note: Director does not archive its IP addresses so an archive taken on one Director appliance can be restored on another Director appliance without changing the target Directors IP addresses.

Note: The following configuration settings are not preserved when you create an archive:

Directors IP addresses

SNMP (after restoring the archive, SNMP will be disabled and SNMP contact information reverts to its default values)

NTP


33

device-backupArchives all device backups.

event-logIncludes event log data only stored in /var/log/messages. Director components generate these syslog entries during runtime. The archive event-log includes all of the /var/log/files and logs files in the /local/log/ directory.

job-reportIncludes job report data only. Job reports list the job commands as well as errors that are encountered.

Working With Archive KeysAn archive key is an RSA public-private key pair that can be used to encrypt the archive on this Director appliance. To restore a Director archive on an appliance other than the one for which it was created, you import the key pair on the other appliance. Creating archive keys is optional but is highly recommended.

Use the following subcommands to work with archive keys:

generate key keyname

Generates an RSA key pair and stores it on this Director as keyname.

Director ships with an archive key named default that you do not need to generate.

After generating the key, if you want to restore this archive on a different Director appliance, you must use the following command to display the key:director # show archive key keyname Enter pass phrase here:

Entering show archive key ? displays the available archive keys on this Director appliance. The keys passphrase is the user name of the user who created the passphrase.

To add that key to the target Director appliance, use input key keyname command.

input key keyname [show | no-show]Reads the RSA key pair and imports it in this Director appliance. Use this command before you restore an archive that was created on another Director appliance. In other words, if the key for the archive is not stored on this Director appliance, use this command to import the key on this Director before you restore the archive.

The show or no-show attributes can be used to make the key viewable or non-viewable with the show archive key keyname command. If the input key is encrypted, you must enter the decryption passphrase. The passphrase is the user name of the user who created the key.

Note that a zero length passphrase is not valid.

delete key keyname

Note: The following error indicates you do not have the appropriate privilege to use this command:

% Error while generating key "test2"Only the Director admin user can use this command.


34

Deletes keyname from this Director.

Creating, Encrypting, and Uploading an ArchiveTo create an archive, encrypt it with an archive key, and upload the archive to an external server, use the following syntax:

director (config)# archive {all | config | device-backup | event-log | job-report} {upload current url [username username password password] {key keyname}

For the meaning of the all, config, device-backup, event-log, and job-report parameters, see Specifying What to Archive on page 32.

Prerequisite: Creating and uploading an archive requires the archive file be encrypted with an existing encryption key. For more information about generating an archive key, see Working With Archive Keys on page 33.

The upload current parameters are required to create and upload the archive file to an external server in one step. current is a reserved archive name that can be used only for this purpose. The current archive is temporary; after the archive is uploaded, it is deleted from Director.

For information about valid URL syntax, see URL Syntax on page 12.

An example follows:director# archive all upload current scp://192.168.0.50/director/ username director password bluecoat key default

The command creates an archive file, encrypts it using the default key, and uploads it to an external server using the SCP protocol, storing the archive in a directory named director.

Creating an Archive and Optionally Encrypting ItTo create an archive, encrypt it with an archive key, and optionally uploading the archive to an external server, use the following syntax:

director (config)# archive {all | config | device-backup | event-log | job-report} {create [archive_name url [username username password password] | [key keyname]}



The username and password parameters are required only if the external server requires authentication.

If you omit archive_name, the archive is created with a name like the following:sgmearchive-director-all-2008.12.03-004256.tgz

To encrypt the archive, you must use the key parameter. Before encrypting an archive, you must generate an RSA public-private key pair as discussed in Working With Archive Keys on page 33.

An example follows:

Note: archive_name cannot include space characters.


35

director (config)# archive all create director_510_sgme5.4_12-02-08.tgz key default

This command creates and archive named director_510_sgme5.4_12-02-08.tgz and encrypts it with the key named default.

Deleting or Renaming ArchivesTo rename or delete an existing archive, you must specify the name of the archive. Examples follow:

director # archive all delete sgme_5.4.1.1_510.tgz

director # archive device-backup move sgme_5.4.1.1_backups.tgz sgme_5.4.1.1_backups_old.tgz

Fetching an ArchiveFetching an archive downloads it from an external server to this Director. To restore the archive on Director, you must use the configuration mode command discussed in Restoring an Archive on page 102.

Command syntax follows:

director # archive {all | config | device-backup | event-log | job-report} fetch {archive_name url [username username password password]}


The archive_name parameter is required and it specifies the name of the archive file to store on this Director appliance. url must also contain the archive file name if there is more than one archive in the directory specified by url. If archive_name and the file name in url are different, archive_name specifies the name of the archive that is stored on this Director.

The username and password parameters must be used only if the external server requires authentication.


For example,director # archive all fetch sgme_5.4.1.1_510.tgz ftp://192.168.0.50/director-5.4.1.1-36821-3192.tgz username director password bluecoat

This example fetches an archive named director-5.4.1.1-36821-3192.tgz from the FTP server 192.168.0.50/ and stores it on Director as sgme_5.4.1.1_510.tgz.

After fetching the archive, you must perform the following tasks:

If the archive was encrypted using a key that is not stored on this Director appliance, you must input the key as discussed in Working With Archive Keys on page 33.

To restore (that is, install) the archive on this Director appliance, you must use the configuration mode command discussed in Restoring an Archive on page 102.

Uploading an ArchiveTo upload an archive to an external server, use the following command:


36

director # archive {all | config | device-backup | event-log | job-report} upload {archive_name url [username username password password]}


archive_name must match the name of a previously saved archive on this Director. to display archive names, enter one of the following commands;director (config)# archive {all | config | device-backup | event-log | job-report} upload ?director (config)# show archive {all | config | device-backup | event-log | job-report}url can optionally specify a different archive file name to store on url.

The username and password parameters must be used only if the external server requires authentication.


For example,director # archive all upload sgme_5.4.1.1_12-5-08.tgz ftp://198.162.0.50/director-5.4.1.1.tgz username director password bluecoat

This example uploads an archive named sgme_5.4.1.1_12-5-08.tgz to the FTP server 198.162.0.50 and stores it on the server as director-5.4.1.1.tgz.

ExampleThe following example shows how to create an archive on the source Director, upload it to an FTP server, and to install it on the target Director. The source and target Directors can be the same Director appliances or different Director appliances.

Generate the key (source Director)

director # archive generate key mykey

director # show archive key mykey

When prompted, enter a passphrase for the private key. Copy the entire key to a text editor application; you will need it later.

Switch to configuration mode (source Director)director # configuration terminaldirector (config)#

Create the archive (source Director)

director (config) # archive all create sgme_5.4.1.1_04-01-09.tgzdirector (config) # archive config upload ftp://192.168.0.2/

uploads/sgme/sgme_5.4.1.1_04-01-09.tgz username director password bluecoat

Input the archive key (target Director)

director # archive input key mykey show

Input the private key you copied earlier and, when prompted, enter the private keys pass phrase.


37

Switch to configuration mode (target Director)director # configuration terminaldirector (config)#

Fetch and install the archive (target Director)

director (config)# archive config fetch sgme_5.4.1.1_04-01-09 ftp://192.168.0.2/sgme_5.3.1.2_08-04-08.tgz username director password bluecoat

director (config)# archive config restore sgme_5.4.1.1_04-01-09 key mykey


38

# clear

SynopsisThis command clears specified options. This command is also available in configuration mode.

Syntax# clear [subcommands]

Subcommands# clear arp statistics

Clears runtime information for the ARP protocol.

# clear arp-cache

Clears the contents of the ARP cache.

# clear ip

# clear ip all statistics

Clears runtime statistics for all IP protocols.

# clear ip icmp statistics

Clears runtime statistics for ICMP protocols.

# clear ip igmp statistics

Clears runtime statistics for IGMP protocols.

# clear ip statistics

Clears the runtime statistics for IP protocols.

# clear ip tcp statistics

Clears runtime statistics for TCP protocols.

# clear ip udp statistics

Clears runtime statistics for UDP protocols.

Exampledirector # clear arp statistics


39

# cli

SynopsisSets CLI options. This command is also available in standard and configuration modes. For information, see >cli on page 16.


40

# configure

SynopsisStarts configuration mode, which enables you to manage the Director features. See Chapter 3: "Configuration Mode Commands" for detailed information about this command.


41

# content

SynopsisIssues content management commands, which enable you to pre-populate the object cache on selected devices with the content you specify. You specify content by URL, and content commands also enable you to prioritize, delete, query, and revalidate those URLs. In addition, URLs can be specified individually, by URL list, or by regular expressions.

You can optionally place text files containing URL lists and regular expressions on a Web server to which Director and the devices have access. Subcommands that use urls-from can be used to distribute, query, revalidate, or delete content on devices using these text files. For example, suppose you place a text file containing a regular expression list of URLs on a Web server at URL http://www.example.com/private/list-of-urls.txt. Use the content distribute urls-from command to cause devices to get the content list from list-of-urls.txt at that URL; use content revalidate urls-from to validate the URLs; or use content delete urls-from to delete content listed in list-of-urls.txt from devices. (Other variations are discussed in this section; the preceding are examples only and not a complete list.)

Similarly, you can create a URL list specified by a unique identifier and use the URL list to distribute, query, revalidate, or delete content on devices.

This command is also available in configuration mode.

Syntax# content subcommands

SubcommandsThis section discusses the following subcommands:

cancel command on page 41

delete on page 42

distribute on page 43

[no] content priority one-time on page 43

content query on page 44

regex-list on page 47

revalidate on page 47

cancel commandCancels currently executing content commands.

# content cancel command {{all | {command_id {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version} | all}

Note: For a discussion of the options subcommand, see (config) #content options on page 111.


42

To cancel all currently executing content commands on all devices and groups, enter:

# content cancel command all

To cancel a particular command ID currently executing on all devices and groups, enter:

# content cancel command command_id all

To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:director # content cancel command 1 group ? Austin AustinDev AustinDevGroup1 Sunnyvale SunnyvaleDev SunnyvaleQA

deleteDeletes content from the object cache of specified devices based on whether the content matches URLs or regular expression.

# content delete {{regex url_regex | regexes-from url | regex-list regex-list_id | url-list url_list_id | urls-from url | url url} {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}}To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:director # remote-config clear-byte-cache model ? 200-B 200-C

Examples:

To delete content based on a regular expression:

# content delete regex url_regex {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}Deletes content from the object cache of specified devices based on a regular expression.

To delete content from the object cache of specified devices by regular expressions in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.):

# content delete regexes-from url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To delete content from the object cache of specified devices, where the content is specified by url. In other words, this command deletes one piece of content:


43

# content delete url url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

distributeAdds (that is, pre-populates) the object cache of specified devices with content specified by URL or regular expression.

Note: The content distribute command replaces the deprecated content pull command.

# content distribute {{url url | url-list url_list_id | urls-from url} {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}}

To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:director # content distribute url-list CEOUpdate model ? 200-B 200-C

Examples:

To pre-populate the object cache of specified devices with content specified by url. In other words, this command adds one piece of content to the object cache.

# content distribute url url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To pre-populate the object cache of specified devices with content specified by URLs in a URL list:

# content distribute url-list list_id {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To pre-populate the object cache of specified devices where the content is specified by URLs listed in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.)

# content distribute urls-from url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

[no] content priority one-timePrioritizes URLs content commands according to by URL or regular expression. The one-time parameter means that the command is forgotten after it completes; in other words, content priority returns to its previous value.

Preceding the command with the optional no parameter removes the URL prioritization.

Priority levels range from 0 (lowest) to 7 (highest). Prioritization does the following:

Pre-populates important content first so devices cache high priority content before lower priority content.


44

In the event devices purge their object cache, makes sure that higher priority content is purged after lower priority content. A device purges its object cache for a variety of reasons, including low available disk space.

# [no] content priority one-time {{priority#_0-7 regex-list regex-list_id | regexes-from url | urls-from url | url-list url_list_id} {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}}

To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:

director # content priority one-time 7 regexes-from https://myserver.example.com/regexes/regexes.txt model ? 200-B 200-C

Examples:

To set the priority for objects specified by a regular expression list on the specified set of devices:

# [no] content priority one-time priority#_0-7 regex-list regex-list_id {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To set the priority for objects specified by URLs listed in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.)

# [no] content priority one-time priority#_0-7 regexes-from url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version | model model | os-version sgos_version}

To set the priority for objects in a specified URL list object on the specified set of devices:

# [no] content priority one-time priority#_0-7 url-list url_list_id {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

content queryReturns information about the contents of devices object cache. Options include verbosity of the returned information, and filtering by a variety of parameters.

The content query commands can return the following levels of detail:

concise

detail

summary

# content query {{command {command_id {concise | detail | summary} [status {all | failed | issued | pending | remaining | successful}]} | {{in-progress {detail | summary}} | {{info {concise | detail | summary} {url url | urls-from url | url-list list}} | {liveness device device_id} | {{outstanding {all |


45

regex regex | regex-list list_id | regexes-from url | url url | url-list list_id | urls-from url} addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}}To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:director # content query in-progress detail os-version ? 5.3.1.11 5.4.2.1

content query command

# content query {{command {command_id {concise | detail | summary}} [status {all | failed | issued | pending | remaining | successful}]}

Queries devices for information on the objects they are storing and displays concise execution status of content commands for the specified command ID.

The concise parameter provides the execution status for the specified command and other information, such as the command name, the start time and possibly the end time.

The detail command provides additional information about the specified command ID. The format of the output for the detail command depends on the type of command (that is, output for the content distribute command is different than that for the content cancel command).

For the detail and summary commands, it is possible to filter the output based on a device or group ID. It is also possible to further filter the output to display only successful, failed, remaining, pending, or issued device commands.

The definition of the successful and failed commands is specific to each command.

For the content distribute, delete, and revalidate commands, a command is successful if it could be delivered to the device. For content query commands, a command is successful if the content is present in the devices object cache.

Example:

# content query command CEO_Update09 detail status pending

content query in-progress

# content query {{in-progress {detail | summary} addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}}Displays detailed or summary information about distributes and revalidates in progress on the specified set of devices.

The detail parameter displays the complete list of URLs being distributed and revalidated.

The summary parameter displays only the number of URLs being distributed and revalidated.

content query info


46

# content query info {concise | detail | summary} {url url | urls-from url | url-list list} {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

Runs the show content command for the specified URLs, and displays the results for the devices specified.

The concise, detail, and summary parameters determine the level of information returned:

concise displays counters for number of URLs whose content is in the object cache of specified devices, and does not include content in-progress

detail displays each URL with the complete response from the device.

summary displays only the status of each URL.

The following information applies to the concise, detail, and summary parameters:

url displays query results for content specified by a particular URL.

url-list displays query results for content specified in a URL list.

urls-from displays query results for content specified by URLs listed in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.)

addr-device ip_address_or_hostname queries a particular device specified by its IP address or host name.

all queries all known devices.

device device_id queries a particular device specified by its ID.

group group_id queries a group of devices.

content query liveness

# content query liveness device device_id

Display liveness information for the specified device ID.

content query outstanding

# content query {outstanding {all | regex regex | regex-list list_id | regexes-from url | url url | url-list list_id | urls-from url} addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

Displays information about all incomplete content management commands on the specified set of devices.

Example:

# content query outstanding urls-from url all

Displays information about incomplete content management commands for content specified by URLs listed in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.)


47

content query status

# content query status {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

Displays the status of specified devices.

regex-listEnables you to input a regular expression list. When you are finished, press Control+D to save the list or Control+C to cancel without saving the list.

# content regex-list regex_list_id input

revalidateRevalidates content in the specified devices object cache.

# content revalidate {{regex regex | regex-list list_id | regexes-from url | url url | url-list list_id | urls-from url {addr-device ip_address_or_hostname} {all | device device_id | group group_id | model model | os-version sgos_version}}

To get valid values for the addr-device, device, group, model, or os-version subcommands, enter ? for the value. For example:director # content query in-progress detail os-version ? 5.3.1.11 5.4.1.2

Examples:

To revalidate objects specified by regular expression on the specified set of devices:

# content revalidate regex url_regex {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To revalidate a single object on the specified set of devices:

# content revalidate url url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}

To revalidate objects specified by URLs listed in a text file stored at url. (The URL you specify must be reachable by Director and the devices you specify. The URL must also specify the full path to the text file as well as the text file name.)

# content revalidate urls-from url {addr-device ip_address_or_hostname | all | device device_id | group group_id | model model | os-version sgos_version}


48

# debug

SynopsisSystem debugging information and commands.

Syntax# debug [subcommands]

Subcommands# debug dump

# debug dump delete filename

Deletes the specified dump file from the system.

# debug dump generate

Generates a debugging dump file.

# debug dump move old_filename new_filename

Renames the old dump file name to the new dump file name.

# debug dump upload filename url

Uploads the specified debugging dump file to a remote URL in one of the formats discussed in URL Syntax on page 12.

If the path ends with a directory name, it must end with / (a forward slash).

Exampledirector # debug dump generate Generating debugging dump... Dump file successfully written to sgmeinfo-cjd-d2-2004.04.23-163334.tgz


49

# device

SynopsisUse this command to reconnect to a device with which you have lost the connection.

Syntax# device [subcommands]

Subcommands# device device_id reconnect

Drops the existing connection and reinitiates connection to the specified device.

Exampledirector # device 10.25.36.47 reconnect


50

# disable

SynopsisExits enable mode and returns you to standard mode.

Syntax# disable

The disable command does not have any parameters or subcommands.

Exampledirector # disable director >


51

# exit

SynopsisExits the system. If you want to exit enable mode and return to standard mode, use the Enable mode command disable.

Syntax# exit

The exit command does not have any parameters or subcommands.

Exampledirector # exit Connection closed by foreign host.


52

# file

SynopsisThis command manages text files created with commands such as cli capture. This command is also available in configuration mode.

Syntax# file [subcommands]

Subcommands# file text-file

# file text-file delete filename

Deletes the specified text file from the system.

# file text-file move filename

Renames the old file name to the new file name.

# file text-file upload filename url

Uploads the specified text file to a remote URL in one of the URL formats discussed in URL Syntax on page 12.

If the path ends with a directory name, it must end with / (a forward slash).

Exampledirector # file text-file move myfile.txt yourfile.txt


53

# help

SynopsisLists all top-level commands currently available. This command is also available in standard and configuration modes. See >help on page 20 for more information.


54

# job

SynopsisThis command allows you to immediately execute or cancel a specified job, or immediately update the status of all jobs.

Syntax# job [subcommands]

Subcommands# job job_id

# job job_id cancelImmediately cancels all running instances of the specified job.

# job job_id executeImmediately executes the commands in the specified job.

# job update-statusThis command starts an immediate poll on outstanding jobs, bypassing the timeout to get immediate status without waiting for the polling timeout.

Exampledirector # job 2004Apr23112257PDT cancel


55

# line-vty

SynopsisThis command sets the number of screen lines. If the number of lines to output is greater than the screen size, the CLI output handler pauses output by displaying the --More-- prompt. The default value of screen size is 24.

Press the Enter key to display more lines one by one the space bar to display another group of screen lines, or enter, q or Control+C to end further displays. If the number of lines is set to 0 (zero), then paging is disabled.

Syntax# line-vty length number

Specifies the number of screen lines that will display. Set to 0 (zero) to disable paging.

Exampledirector # line-vty length 0

Important: This is a per-session variable and it is not saved to the configuration database.


56

# monitoring

SynopsisRefreshes the health monitoring statistics for one or more devices; and generates health reports and Performance Analysis reports for devices and e-mails those reports.

Syntaxdirector # monitoring {refresh health-state {all | device device_id

| group group_id}} | {generate-report {health | performance} subcommands}}}

Refreshes the health monitoring statistics of all devices, devices specified by device ID, or all devices in a specified group.

More options are available in configuration mode as discussed in (config) #monitoring on page 149.

SubcommandsThis section discusses the following subcommands:

generate-report health on page 56

generate-report performance on page 57

refresh health-state on page 58

generate-report healthdirector# monitoring generate-report health {{all | device

device_id | group group_id | model model | os-version sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month | Last-Year} {mail {From: email_address_list | To: email_address_list | Cc: email_address_list | BCC: email_address_list}} [username username | password password]Generates and e-mails health reports for specified devices.

Specify the devices for which to generate and e-mail reports using the parameters: {all | device device_id | group group_id | model model | os-version sgos_version}To get valid values for parameters other than all, enter the parameter followed by the question mark character. For example, to get valid values for os-version groups, enter:director (config) # monitoring generate-report health os-version ?

Specify the period of time over which to average report values using the parameters: {Last-Hour | Last-Day | Last-Week | Last-Month | Last-Year}


57

Specify e-mail parameters as discussed in the following table:

Note: To set up the SMTP server, see (config) #mail-config on page 147.

The following example shows how to generate health reports for all devices in the SGOS 5.4.1.1 OS Version group, compiled over the last day, to two users. The SMTP server requires authentication from the user named [email protected].

director# monitoring generate-report health os-version 5.4.1.1 Last-Day mail From: [email protected] To: [email protected],[email protected] username [email protected] password bluecoat

generate-report performanceGenerates and e-mails performance analysis reports for specified devices.

director# monitoring generate-report performance {{all | device device_id | group group_id | model model | os-version sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month | Last-Year} {Bytes | Kilo-Bytes | Mega-Bytes | Giga-Bytes} {mail {From: email_address_list | To: email_address_list | Cc: email_address_list | Bcc: email_address_list}} [username username | password password]Generates and e-mails performance reports for specified devices.

Specify the devices for which to generate and e-mail reports using the parameters: {all | device device_id | group group_id | model model | os-version sgos_version}To get valid value

cli reference

Documents

trademark of blue coat

blue coat logos

blue coat shield

blue coat products

document conventions

document revision

export control

import regulations