Director Command Line Interface Reference

Blue Coat® Systems
Director
Command Line Interface Reference
Version SGME 6.1.x
Director Command Line Interface Reference
© 2015 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE, POLICYCENTER, PROXYAV,
PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING.,
SECURITY EMPOWERS BUSINESS, BLUETOUCH, the Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are
registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be
complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped
using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective
owners. This document is for informational purposes only.
BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE
SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO
EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS,
REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY
LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN
COUNTRY OR IMPORT AFTER DELIVERY TO YOU.
Americas:
Blue Coat Systems, Inc.
384 Santa Trinita Avenue
Sunnyvale, CA 94085
Rest of the World:
Blue Coat Systems International SARL
3a Route des Arsenaux
1700 Fribourg, Switzerland
Document Number: 231-03037
Document Revision: SGME 6.1.x 07/2015
ii
Contents
Chapter 1: Introduction
Audience for this Document .............................................................................................................7
Organization of this Document.........................................................................................................7
Content Filtering Policy and Role-Based Access............................................................................7
Document Conventions .....................................................................................................................9
Conventions and Global Concepts ...................................................................................................9
Command Modes .......................................................................................................................10
General Conventions .................................................................................................................11
Global CLI Response Conventions ..........................................................................................11
URL Syntax..................................................................................................................................12
Related Blue Coat Documentation .................................................................................................13
Chapter 2: Standard and Enable Mode Commands
Standard Mode Commands ............................................................................................................15
Content Filtering Policy Commands..............................................................................................15
>cli ...............................................................................................................................................16
>enable ........................................................................................................................................18
>exit .............................................................................................................................................19
>help ............................................................................................................................................20
>no ...............................................................................................................................................21
>ping ...........................................................................................................................................22
>show ..........................................................................................................................................23
>slogin .........................................................................................................................................26
>standby .....................................................................................................................................27
>tcpdump ...................................................................................................................................29
>traceroute ..................................................................................................................................30
>upgrade-package .....................................................................................................................31
Enable Mode Commands.................................................................................................................31
#archive ....................................................................................................................................... 32
#clear............................................................................................................................................ 38
#cli................................................................................................................................................ 39
#configure ................................................................................................................................... 40
#content....................................................................................................................................... 41
#debug......................................................................................................................................... 48
#device ........................................................................................................................................ 49
#disable ....................................................................................................................................... 50
#exit.............................................................................................................................................. 51
#file .............................................................................................................................................. 52
#help ............................................................................................................................................ 53
#job............................................................................................................................................... 54
iii
Director Command Line Interface Reference
#line-vty ......................................................................................................................................
#monitoring................................................................................................................................
#no ...............................................................................................................................................
#ping............................................................................................................................................
#push-policy...............................................................................................................................
#reload ........................................................................................................................................
#remote-config ...........................................................................................................................
#show ..........................................................................................................................................
#slogin .........................................................................................................................................
#ssl ...............................................................................................................................................
#standby .....................................................................................................................................
#tcpdump upload url................................................................................................................
#traceroute..................................................................................................................................
#write ..........................................................................................................................................
55
56
59
60
61
62
63
69
87
88
89
90
91
92
Chapter 3: Configuration Mode Commands
Content Filtering Policy Commands ............................................................................................. 93
(config) #aaa authentication login default.............................................................................. 94
(config) #abort-on-errors ........................................................................................................... 96
(config) #access-list access_list_name...................................................................................... 97
(config) #archive ....................................................................................................................... 102
(config) #arp .............................................................................................................................. 103
(config) #banner........................................................................................................................ 104
(config) #cdn ............................................................................................................................. 105
(config) #clear............................................................................................................................ 106
(config) #cli ................................................................................................................................ 107
(config) #clock........................................................................................................................... 108
(config) #configuration ............................................................................................................ 109
(config) #content options......................................................................................................... 111
(config) #content url-list .......................................................................................................... 112
(config) #continue-on-errors................................................................................................... 113
(config) #debug......................................................................................................................... 114
(config) #device device_id ...................................................................................................... 115
(config) #device-acl .................................................................................................................. 121
(config) #dmc request-timeout ............................................................................................... 123
(config) #dmc timeout ............................................................................................................. 124
(config) #exit.............................................................................................................................. 125
(config) #file .............................................................................................................................. 126
(config) #folder folder_id .......................................................................................................... 127
(config) #group group_id........................................................................................................ 129
(config) #help ............................................................................................................................ 131
(config) #hostname................................................................................................................... 132
(config) #interface interface_number .................................................................................... 133
(config) #ip ................................................................................................................................ 135
(config) #job job_id................................................................................................................... 137
(config) #lcd............................................................................................................................... 141
iv
Contents
(config) #license ........................................................................................................................ 142
(config) #login-banner ............................................................................................................. 143
(config) #line-vty ...................................................................................................................... 144
(config) #logging ...................................................................................................................... 145
(config) #mail-config................................................................................................................ 147
(config) #mc-migration............................................................................................................ 149
(config) #monitoring ................................................................................................................ 150
(config) #no ............................................................................................................................... 153
(config) #ntp .............................................................................................................................. 163
(config) #ntpdate ...................................................................................................................... 164
(config) #ping............................................................................................................................ 165
(config) #push-policy ............................................................................................................... 166
(config) #ldap-server................................................................................................................ 167
(config) #radius-server ............................................................................................................ 172
(config) #reload......................................................................................................................... 175
(config) #remote-config ........................................................................................................... 176
(config) #require-config-lock enable...................................................................................... 185
(config) #restore-db userdb..................................................................................................... 186
(config) #role ............................................................................................................................. 187
(config) #role-substitution-variable ....................................................................................... 189
(config) #show .......................................................................................................................... 191
(config) #slogin ......................................................................................................................... 193
(config) #snmp-server.............................................................................................................. 194
(config) #ssh .............................................................................................................................. 196
(config) #ssl ............................................................................................................................... 198
(config) #standby...................................................................................................................... 200
(config) #tacacs-server ............................................................................................................. 201
(config) #tcpdump.................................................................................................................... 203
(config) #telnet-management.................................................................................................. 204
(config) #traceroute .................................................................................................................. 205
(config) #upgrade-package ..................................................................................................... 206
(config) #username................................................................................................................... 208
Appendix A: Commands Available to Delegated Users
Standard Mode Commands Available for Delegated Users .................................................... 213
Enable Mode Commands Available for Delegated Users ........................................................ 213
Configure Mode Commands Available for Delegated Users .................................................. 213
Appendix B: Third-Party Copyright Notices
v
Director Command Line Interface Reference
vi
Chapter 1: Introduction
This document describes all of the commands offered in the Blue Coat® Director
Command-Line Interface (CLI). First the terms and conventions used throughout this
documented are described. Then the commands are listed along with syntax and
descriptions of their functionality.
Audience for this Document
This reference guide is written for system administrators and experienced users who
are familiar with network configuration. Blue Coat assumes that you have a functional
network topography, that you and your Blue Coat Sales representative have
determined the correct number and placement of the Director appliances, and that
those appliances have been installed in an equipment rack and at least minimally
configured as outlined in the Quick Start Guide shipped with your Blue Coat Director
appliance.
Organization of this Document
This document contains the following chapters:
Chapter 1 – Introduction
The organization of this document; conventions used; descriptions of the CLI modes;
and instructions for saving your configuration.
Chapter 2 – Standard and Enable Mode Commands
All of the standard mode commands, including syntax and examples, in alphabetical
order. All of the enable mode commands (except for the configuration mode
commands, which are described in Chapter 3), including syntax and examples, in
alphabetical order.
Chapter 3 – Configuration Mode Commands
The configuration mode commands are the most used and most elaborate of all of the
CLI commands. For better readability you will notice that in the command reference
chapters, each command heading is preceded with the appropriate prompt.
Content Filtering Policy and Role-Based Access
SGME 5.5 introduces for the first time role-based access to the Director Management
Console and command line. Role-based access is used for content filtering policy,
which is discussed in more detail in the Blue Coat Director Configuration and Management
Guide.
7
Director Command Line Interface Reference
The following table summarizes the impact of this change:
User
Description
sadmin
The sadmin user, introduced in SGME 5.5, can
execute any command in this book. sadmin
has the following unique capabilities:
• Can create delegated users
• Can create user groups
• Can associate delegated users with user
groups
• Can associate user groups with devices (or
custom groups)
• Can associate Content Policy overlays with
devices (or custom groups)
admin or any privilege 15 user
admin and sadmin can both:
• Create Content Policy overlays
• Create and provide values for substitution
variables used in content filtering policy
delegated user
Create content filtering policy allow lists and
block lists and push those lists to devices
assigned by sadmin.
In addition, because delegated users have
privilege level 10, they can execute any
commands listed in Appendix A:
"Commands Available to Delegated Users".
Throughout this book, commands that are restricted to particular users are noted. An
example follows:
(config) # username username {role {role_name} user-group
user_group_name}
This command is used with content filtering policy. This command is
available for the sadmin user only.
Creates a locally authenticated delegated user and specifies a role and user
group name for the user user. For example, the following commands:
director (config) # username FinAdmin password director
director (config) # username FinAdmin role delegated-admin usergroup Finance_policy
Create a delegated user named FinAdmin with password director and
associates the user with the group Finance_policy.
8
Chapter 1: Introduction
Document Conventions
The following table lists the typographical and CLI syntax conventions used in this
manual.
Table 1–1 Document conventions
Convention
Description
Italics
The first use of a new or Blue Coat-proprietary term.
Monospaced font
Command-line text that will appear on your
administrator workstation.
Monospaced italics
A command-line variable that should be substituted with
a literal name or value pertaining to the appropriate facet
of your network system.
Monospaced boldface
A literal command that should be entered as shown.
{ }
One of the parameters enclosed within the braces must be
supplied.
[ ]
Optional parameters.
|
Separates required or optional parameters.
Conventions and Global Concepts
This section describes various conventions and global concepts that are used throughout
this document.
Case-Insensitivity
Commands and parameters are case-insensitive.
All string comparisons are case-insensitive unless otherwise specified. The cases of
characters in strings to be stored persistently are maintained, however.
Command Abbreviation
You can abbreviate commands, provided you supply enough command characters as to
be unambiguous. For example:
# configure terminal
Can be shortened to:
# conf t
Using Spaces in Parameters
Spaces cannot be used in parameter values unless the entire value is enclosed in double
quotation marks.
Correct:
(config) # group “Group of Groups”
Incorrect:
(config) # group Group of Groups
9
Director Command Line Interface Reference
Illegal and Escaped Characters
The colon (:) and question mark (?) characters cannot be used in entry fields or parameter
values unless you perform the following tasks:
❐
If you use a colon character in a field or parameter (for example, in a URL), either
enclose the entire URL in double quotation marks or escape it by preceding it
with a / character.
Examples of using a colon character in a URL:
http/://www.example.com
“http://www.example.com”
❐
To use a question mark in a field or parameter (for example, in a URL), first enter
cli help disable, which causes Director to ignore the question mark character.
Command Modes
Director has the following command modes:
❐
Standard, which is the mode when you first log in to Director. This mode allows
you to monitor Director without making changes.
❐
Enable, which provides more advanced control than standard mode. However,
enable mode commands do not allow you to make permanent changes to
Director’s configuration.
Initially, enable mode does not require a password; however, Blue Coat strongly
recommends you set an enable mode password.
❐
Configuration, which enables you to configure the Director appliance and devices
connected to it.
The command prompt changes to reflect the mode you are using:
10
Prompt
Mode
>
Standard, which enables you to set basic settings.
Standard mode does not require a password.
After you log in to Director, you start with standard
mode.
#
Enable, which enables you to set more advanced
settings. By default, enable mode does not require a
password but Blue Coat recommends you create a
password.
From standard mode, enter enable to start enable
mode.
(config) #
Configuration, which enables you to configure the
Director appliance.
From enable mode, enter configure to start
configuration mode.
Chapter 1: Introduction
For More Information
For more information, see one of the following:
❐
Standard mode commands: “Standard Mode Commands” on page 15
❐
Enable mode commands: “Enable Mode Commands” on page 31
❐
Configuration mode commands: Chapter 3: "Configuration Mode Commands"
General Conventions
Following are possible results if you enter more parameters than are allowed for a
particular command:
❐
The command could have no effect and you will receive an error message and
some usage help. This is true of most commands, unless otherwise noted.
❐
The surplus parameters could be ignored and the valid part of the command will
be executed. This is the case for some no commands. This behavior is
implemented to make it easier for users to negate commands that they have in
their cut and paste buffer, such as from the output of show configuration.
Global CLI Response Conventions
The responses printed by the CLI will follow certain conventions, detailed below.
❐
If the response is an error, there will be one or more lines that begin with %. These
lines will contain user-printable strings explaining the error. The cli printmessage-codes command allows you to print error codes along with each error
message.
❐
The last line printed will always be the prompt for the next command from the
user. Initially, it will be hostname >, where hostname is the fully-qualified host
name of Director. If no host name is defined, the prompt is director >.
In enable mode the prompt is hostname #, and in configuration mode it is
hostname (config) #. When entering a submode, the word config is suffixed
by another string, as documented in the command description.
The prompt can also be overridden by the cli prompt-override command.
❐
Successful changes to system state usually have no response at all. As a general
rule, the only commands that have a response are those that were queries, or
commands that resulted in an error.
❐
If you type an incomplete command, for example, show, the response will look
like:
% Type 'show ?' for help.
❐
If you type an ambiguous command, for example, e, the response will look like:
% Ambiguous command 'e'.
% Type 'e?' for a list of possibilities.
11
Director Command Line Interface Reference
❐
If you type an unrecognized command, for example, cle, the response will look
like:
% Unrecognized command 'cle'.
% Type '?' for help.
Note that this can occur after valid commands, such as conf tu:
% Unrecognized command 'tu'
% Type 'conf ?' for help.
URL Syntax
All commands that accept a URL as a download source or upload destination follow the
same conventions. This includes content management commands with urls-from and
regexes-from arguments, because Director downloads a file list from the supplied URL.
All such URLs are formatted as:
protocol://host/path
The SCP protocol must use the format:
scp://host/path
For FTP, a URL such as:
ftp://host/path
specifies a relative path, and a URL such as:
ftp://host/path
specifies an absolute path.
If path is a directory, it must end with a / character.
The following protocols are generally supported:
❐
HTTP
❐
HTTPS (not supported for all commands)
❐
FTP
❐
SCP (not supported for all commands)
When specifying HTTP or HTTPS for uploading, a PUT operation is performed.
For SCP, note that this URL syntax is different from what is accepted by the UNIX scp
command.
When you use the file protocol, the path specifies an absolute path on the local file system.
For specifying user names and passwords, all commands that accept a URL allow the
following optional parameters after the URL (except for the content management
commands urls-from and regexes-from):
[username username [password password]]
If no user name or password is specified, the file will be uploaded or downloaded
anonymously. If a user name is specified without a password, the user will be prompted
for a password, which will not be echoed back.
If the protocol is SCP, a user name must be specified.
12
Chapter 1: Introduction
FTP and SCP URLs can specify absolute or relative paths (relative to the home directory of
the specified user).
A URL such as:
ftp://host/path
specifies a relative path, and a URL such as:
ftp://host/path
specifies an absolute path.
This is consistent with what many other Internet applications support, even though it
does not conform with the appropriate RFCs.
When specifying an upload destination URL, the last part of the URL can specify the
name of an existing directory on the target. For all protocols except SCP, the URL must
end with a trailing slash to indicate that the last part is a directory. For example, the
command:
debug upload dump mydump.tgz ftp://host/path1/path2/
is equivalent to:
debug upload dump mydump.tgz ftp://host/path1/path2/mydump.tgz
Related Blue Coat Documentation
❐
Blue Coat Director Configuration and Management Guide
❐
Blue Coat Director Getting Started Guide
❐
ProxySG Appliance Configuration and Management Guide Suite
❐
Blue Coat Director API Reference Guide
13
Director Command Line Interface Reference
14
Chapter 2: Standard and Enable Mode Commands
This chapter describes and provides examples for the standard and enable mode CLI
commands.
Standard Mode Commands
Standard mode is the default mode when you first log on. From Standard mode, you
can view but you cannot change configuration settings. In contrast to Enable mode, this
mode cannot be password-protected. Standard mode has a short list of commands.
Important: For a description of the help command and instructions on using the CLI
help, see “>help” on page 20.
The Standard mode prompt is a greater-than sign; for example:
director > traceroute host
Content Filtering Policy Commands
Enable mode includes certain commands related to content filtering policy, which is
new in SGME 5.5. For more information, see “Content Filtering Policy and Role-Based
Access” on page 7.
15
Director Command Line Interface Reference
> cli
Synopsis
Changes the CLI's treatment of modes. This command is also available in enable
and configuration modes.
Syntax
> cli {capture {file | help disable | print-message-codes | promptoverride string | raw-input | watch {config-changes {enable |
disable} | console-logging {enable | disable} | health-changes
{enable | disable} | partner-changes {enable | disable}}
Subcommands
> cli capture file filename
Captures CLI output to a file in your home directory, specifying the name of
the file to which to capture. The capture applies only to the current session
and is automatically terminated when the administrator logs out. The capture
file remains but capture would not be automatically enabled for subsequent
command line sessions.
When capturing is enabled, the following is captured:
•
The command line and ? when a help query is made
•
The results of any help queries
•
The prompt and full command entered when you press Enter
•
The response to any commands entered
Command completions are not captured; in other words, none of the
following output is captured:
•
resulting from pressing the Tab key
•
extending the command line
•
reprinting the command prompt
•
printing the list of possible completions
filename is created in the user’s home directory, which is under:
/local/userfiles/username
If filename already exists, the output is appended to it. The file remains open
for write until any of the following conditions is met:
•
you enter no cli capture,
•
you leave the CLI (which includes running the "xyzzy" command),
•
you specify a different filename
> cli help disable
The help system is normally invoked with the '?' key. The command help
disable disables the help system, and you must then type out help to access
the help system. To re-enable the help system, use the command no cli help
disable.
16
Chapter 2: Standard and Enable Mode Commands
This option applies only to the current session and is not persistent across
sessions.
Note: You must enter cli help disable before entering a command (such as
a URL) that includes a question mark. In other words, any command in which
you enter a question mark character (?) fails unless you enter cli help
disable first.
> cli print-message codes
Print error codes along with each error message. Not every error has an
associated code but codes can be useful to help Blue Coat Support
troubleshoot an issue.
Examples follow:
•
(No message codes) % Operation failed.
•
(With message codes) % (code 17) Operation failed.
Note: This command applies only to the current session; it does not persist
among sessions or apply to other administrators who are logged in to
Director at the same time.
> cli prompt-override prompt_string
Changes the prompt from its default behavior (the hostname, followed by
punctuation and words to indicate what command mode you are in) to
display a single prompt all the time. This option applies only to the current
session and is not persistent across sessions.
> cli raw-input
Enters raw input mode (help, completion, and command line editing would
be disabled for this session).
> cli watch {config-changes | console-logging | health-changes |
partner-changes} {enable | disable}
Enables you to watch (or not watch) changes to configuration, console log
messages, health change notifications, or partner change notifications. When
you enable change notification, the first line of the message is:
% Configuration changed.
For example, the following command disables console log messages during
the session:
cli watch console-logging disable
Note: This setting is not stored in persistent storage; it applies only to the
current command line session.
Example
director > cli help disable
director > ?
% (code 2) Unrecognized command '?'.
% (code 53) Type 'help' for help.
17
Director Command Line Interface Reference
> enable
Synopsis
Use this command to enter enable mode. Enable mode commands enable you to
view and change your configuration settings. In some configurations, you must
provide a password.
Syntax
> enable
This changes the prompt to the enable prompt after you enter the enable
password:
Enable Password:
director #
The enable command does not have any parameters or subcommands.
Note: To exit enable mode, enter disable.
Example
director > enable
Enable Password:******
director #
18
Chapter 2: Standard and Enable Mode Commands
> exit
Synopsis
Use this command to exit the command line. This command will close some SSH
applications, such as putty.
Syntax
> exit
The exit command does not have any parameters or subcommands.
Example
director > exit
19
Director Command Line Interface Reference
> help
Synopsis
Lists all top-level commands currently available. This command is helpful for
those with small terminal screens for whom the list of commands shown by '?'
scrolls off the screen. This command also provides information about how to use
the help feature.
Syntax
> help
The help command does not have any parameters or subcommands.
Example
director > help
Commands currently available:
cli
no
tcpdump
help
standby
exit
slogin
enable
show
upgrade-package
ping
traceroute
Help may be requested at any point in a command by typing a question
mark '?'.
1. For a list of available commands with full descriptions, type
'?' by itself at the prompt.
2. For help completing a parameter or command, type '?' anywhere in
the line.
For example:
's?' will list all commands beginning with 's'.
'show ?' will list all possible parameters to the 'show'
command.
20
Chapter 2: Standard and Enable Mode Commands
> no
Synopsis
Use this command to negate certain options related to CLI commands, content,
and devices.
Syntax
> no {cli options}
Subcommands
> no cli options
> no cli capture
Disables capturing of CLI output to a file.
> no cli help disable
The command no cli help disable re-enables the help system so that
typing the command '?' will give help on completing the line.
> no cli print-message-codes
Do not print error codes along with each error message.
Note: This command applies only to the current session; it does not
persist among sessions or apply to other administrators who are logged
in to Director at the same time.
For examples, see “>cli” on page 16.
> no cli prompt-override
Removes the CLI prompt override.
> no cli raw-input
Disables raw input mode (help, completion, and command line editing
would be reenabled).
Example
director > no cli print-message-codes
director >
21
Director Command Line Interface Reference
> ping
Synopsis
Use this command to send ICMP echo request packets. This command is also
available in enable and configuration modes.
Syntax
> ping [-c count] [-i delay] [-s packet-size] host [programoptions]
-c count specifies how many ping packets to send. Without this parameter,
ping continues until you press Control+C.
-i delay specifies the delay, in seconds, between ping packets.
-s packet_size specifies the size of ping packets, in bytes.
host specifies the host for which you want to send ICMP echo request
packets.
> ping program_options
The ping command supports standard UNIX options. For a list of available
options, enter ping by itself.
Example
director > ping -c 2 10.25.36.47
PING 10.25.36.47 (10.25.36.47): 56 data bytes
64 bytes from 10.25.36.47: icmp_seq=0 ttl=255 time=0.202 ms
64 bytes from 10.25.36.47: icmp_seq=1 ttl=255 time=0.214 ms
----10.25.36.47 PING Statistics---2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.202/0.208/0.214/0.008 ms
22
Chapter 2: Standard and Enable Mode Commands
> show
Synopsis
Use this command to display running system information.
Syntax
> show [subcommands]
Subcommands
> show arp
Displays content of the running ARP cache.
> show arp [configured]
Displays static ARP entries configured on this system.
> show arp [statistics]
Displays ARP statistics.
> show clock
Displays system time, date, and timezone.
> show devices <device-id>
Displays information about devices added or registered.
> show file systems
Displays information about files on this system.
> show groups <groups id>
Displays information about groups on this system.
> show hosts
Displays DNS-related information.
> show interfaces [ether-0] [lo]
Displays information about configured interfaces or the specified interface.
> show ip
Displays IP statistics.
> show ip default-gateway [configured]
Displays the running default (the default-gateway command) or
configured default (the default-gateway configured command)
gateway.
> show ip default-gateway-v6
Displays the IPv6 address configured as the default gateway.
> show ip icmp
Displays Internet Control Message Protocol (ICMP) statistics.
> show ip igmp
Displays Internet Group Management Protocol (IGMP) statistics.
23
Director Command Line Interface Reference
> show ip route [configured]
Displays routing information. The route command displays the dynamic
routes currently in use, and the route configured command displays
any static routes configured for this system.
> show ip tcp [conns | listeners]
show ip tcp displays TCP statistics.
show ip tcp conns displays information about active TCP connections.
show ip tcp listeners displays information about configured TCP
listen ports.
> show ip udp [conns]
The udp command displays UDP statistics and the udp conns command
displays UDP connection information.
> show ldap-server
Displays your LDAP server configuration.
> show license
Displays the license installed on the Blue Coat Director.
> show logging
Displays logging settings, including audit logging information.
> show login-banner
Displays the login banner displayed for access to the Director Management
Console.
> show monitoring
Displays device health monitoring information.
> show monitoring alerts [all | alert-id | device device_id |
group group_id | severity [all | warning | disconnected |
critical] | state [all | active | inactive] | status [all |
acknowledged | unacknowledged]]
Displays alerts information. For example, the following command
displays alerts with the severity of disconnected:
show monitoring alerts severity disconnected
> show monitoring health [all | device device_id | group
group_id | summary]
Displays health of a group or device.
> show monitoring statistics [device device_id]
Displays device statistics.
> show platform
Displays the hardware platform type (for example, 510).
> show privilege
Displays current user privilege level. Privilege levels are expressed as an
integer between 1 (low) and 15 (high). To set a user’s privilege level, see
“(config) #username” on page 208.
24
Chapter 2: Standard and Enable Mode Commands
> show require-config-lock
Displays whether a configuration lock is enabled or disabled. For more
information about configuration locks, refer to Appendix A, Administering
Director, in the Blue Coat Director Configuration and Management Guide.
> show standby-settings
Displays the standby (Director redundancy) settings.
> show status
Displays status of this machine.
> show tcpdump
Displays tcpdump.
> show telnet-management
Displays the configuration of the Telnet server.
> show upgrade-package
Displays information about installed software packages on the appliance.
> show version [detail]
The version command displays normal system version information and the
version detail command displays full version information in a compact
format.
Example
director > show privilege
Currently logged in as admin
Your current privilege level is 1
Your maximum allowed privilege level is 15
25
Director Command Line Interface Reference
> slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director CLI. This command is also available in
enable and configuration modes.
The slogin command supports password authentication only. RSA authentication
is not supported.
Important: When the slogin command is run from configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
Syntax
> slogin [-l username] hostname [program_options]
Subcommands
> slogin -l username
Enter a user name to log in to the remote host.
> slogin hostname
Opens the SSH connection to the host.
> slogin [program_options]
Specifies optional parameters passed to the standard UNIX slogin program.
For a list of potential program options, enter slogin by itself or look at slogin
man pages.
Example
director > slogin -l admin 10.25.36.47
admin@10.25.36.47's password:
10.25.36.47 - Blue Coat SGOS>
26
Chapter 2: Standard and Enable Mode Commands
> standby
Synopsis
Configures the Director’s standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs.
Normally, only one Director is active in a standby pair; the active Director is the
only Director that performs configuration and monitoring tasks. The active
Director mirrors its configuration and state data to the partner Director, which
does not allow administrative access so that synchronization can be maintained
between the two Directors.
Syntax
> standby {make-active | make-primary partner_ip password | makesecondary partner_ip username | make-standalone}
Subcommands
> standby make-active
Makes this Director active. You use the active Director for all Director tasks,
including remote administration using overlays, profiles, jobs, and so on. The
normal state of the primary Director is active.
> standby make-primary secondary_ip-address password
Makes this Director the primary appliance in a standby pair. The primary
Director performs all day-to-day Director operations. All changes on the
primary Director are propagated to the secondary Director by means of the
sync utility running over SSH.
The primary Director continually executes SSH commands on the secondary
Director to verify connectivity.
When you execute the make-primary command, the Director reboots.
> standby make-secondary primary_ip-address password
Makes this Director the secondary appliance in a standby pair. The secondary
Director takes over for the primary Director when a failure occurs. The
normal state of the secondary Director is reserve, which means it cannot
perform any monitoring or configuration operations and will not accept
Management Console connections. If you configure the secondary Director to
be active, it performs all functions previously performed by the primary
Director.
When you execute the make-secondary command, Director reboots. To
access the secondary Director, you must log in with the standbyuser user
name.
> standby make-standalone
27
Director Command Line Interface Reference
Takes the Director out of the standby pair. This is the factory default state of
Director. A standalone Director cannot participate in a standby pair until an
administrator changes its identity to primary or secondary.
When you execute the make-standalone command, Director reboots.
Example
director > standby make-primary 192.168.0.2 thunder
28
Chapter 2: Standard and Enable Mode Commands
> tcpdump
Synopsis
Starts tcpdump in the background with the program option parameters provided.
If tcpdump was already running, this starts another instance (presumably with
parameters that pass through a disjoint set of packets, otherwise some will be
printed twice). Control returns to the user immediately, and packets are printed as
they arrive.
Important: If you do not specifically exclude packets between Director and the
host you are connecting from, an infinite feedback loop results because printing
packets generates SSH/telnet traffic, which generates more packets.
This command is also available in enable and configuration modes.
Syntax
> tcpdump {filter options | start | stop}
Subcommands
> tcpdump filter options
With no options specified, captures all packets. options is a standard set of
UNIX tcpdump options (with the exception of -D, -k, -R, and -U, which are
not supported for Director). For more information about filtering options, see
the tcpdump man page.
> tcpdump start
Starts tcpdump.
> tcpdump stop
Stops tcpdump.
Example
director > tcpdump -i ether-0 -c 3
director > tcpdump start
tcpdump: listening on ether-0
director >
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
size 96 bytes
3 packets captured
3 packets received by filter
0 packets dropped by kernel
director > tcpdump stop
29
Director Command Line Interface Reference
> traceroute
Synopsis
Determines the route packets take to a destination. The command executes until
the entire route to the host is traced, or until you press Control+C. This command
is also available in enable and configuration modes.
Syntax
> traceroute host
Subcommands
None.
Example
director > traceroute 172.16.45.142
1: 172.16.45.141 (172.16.45.141)
1: 172.16.45.142 (172.16.45.142)
Resume: pmtu 1500 hops 1 back 1
30
0.362ms pmtu 1500
0.837ms reached
Chapter 2: Standard and Enable Mode Commands
> upgrade-package
Synopsis
Enables you to roll back to the previously installed software version.
Subcommands
> upgrade-package rollback
Enables you to roll back to the previously installed system image. After you roll
back, Director reboots.
If there is no package to which to roll back, the following message displays:
No previously installed package available for rollback.
To upgrade a Director 510, see “(config) #upgrade-package” on page 206.
Enable Mode Commands
Enable mode provides a robust set of commands that enable you to view, manage, and
change Director settings for features such as managing jobs, device records, or user
privileges.
Important: The enable mode subcommand configure, referred to as configuration
mode, enables you to manage the Director features. See Chapter 3: "Configuration
Mode Commands" for detailed information about this command and its
subcommands.
To access enable mode:
From standard mode, enter enable, as follows:
director > enable
Password:********
director #
By default, an enable mode password is not required. Press <Enter> to go in to enable
mode. If a login password is configured, you must re-enter the password or passcode that
is registered on their local, RADIUS/SecurID, TACACS or LDAP authentication domain.
31
Director Command Line Interface Reference
# archive
Synopsis
Use this command to manipulate Director backups (that is, archives) on this
Director appliance.
Note: Director does not archive its IP addresses so an archive taken on one
Director appliance can be restored on another Director appliance without
changing the target Director’s IP addresses.
Syntax
# archive {{all | config | device-backup | event-log | job-report}
{create [archive_name url [username username password password]
| key keyname]} | delete archive_name | move archive_name_old
archive_name_new | fetch {archive_name url [username username
password password]} | upload {archive_name} url [username
username password password]}} | {delete key keyname | generate
key keyname | input key keyname {show | no-show}}
Subcommands
See one of the following sections:
•
“Specifying What to Archive”
•
“Working With Archive Keys” on page 33
•
“Creating, Encrypting, and Uploading an Archive” on page 34
•
“Creating an Archive and Optionally Encrypting It” on page 34
•
“Deleting or Renaming Archives” on page 35
•
“Fetching an Archive” on page 35
•
“Uploading an Archive” on page 35
Specifying What to Archive
The following subcommands specify the scope of the archive:
•
all—Includes configuration, event log, device backup, and job report backup
data.
Note: The following configuration settings are not preserved when you create an
archive:
❐
Director’s IP addresses
❐
SNMP (after restoring the archive, SNMP will be disabled and SNMP contact
information reverts to its default values)
❐
NTP
•
config—Includes the Director configuration files only. This archive includes
the device settings, network settings, profiles, overlays, and scheduled job
data.
32
Chapter 2: Standard and Enable Mode Commands
•
device-backup—Archives all device backups.
•
event-log—Includes event log data only stored in /var/log/messages.
Director components generate these syslog entries during runtime. The
archive event-log includes all of the /var/log/files and logs files in the
/local/log/ directory.
•
job-report—Includes job report data only. Job reports list the job commands
as well as errors that are encountered.
Working With Archive Keys
An archive key is an RSA public-private key pair that can be used to encrypt the
archive on this Director appliance. To restore a Director archive on an appliance
other than the one for which it was created, you import the key pair on the other
appliance. Creating archive keys is optional but is highly recommended.
Use the following subcommands to work with archive keys:
•
generate key keyname
Generates an RSA key pair and stores it on this Director as keyname.
Director ships with an archive key named default that you do not need to
generate.
After generating the key, if you want to restore this archive on a different
Director appliance, you must use the following command to display the key:
director # show archive key keyname
Enter pass phrase here:
Entering show archive key ? displays the available archive keys on this
Director appliance. The key’s passphrase is the user name of the user who
created the passphrase.
To add that key to the target Director appliance, use input key keyname
command.
Note: The following error indicates you do not have the appropriate privilege to use
this command:
% Error while generating key "test2"
Only the Director admin user can use this command.
•
input key keyname [show | no-show]
Reads the RSA key pair and imports it in this Director appliance. Use this
command before you restore an archive that was created on another Director
appliance. In other words, if the key for the archive is not stored on this
Director appliance, use this command to import the key on this Director
before you restore the archive.
The show or no-show attributes can be used to make the key viewable or nonviewable with the show archive key keyname command. If the input key is
encrypted, you must enter the decryption passphrase. The passphrase is the
user name of the user who created the key.
Note that a zero length passphrase is not valid.
•
delete key keyname
33
Director Command Line Interface Reference
Deletes keyname from this Director.
Creating, Encrypting, and Uploading an Archive
To create an archive, encrypt it with an archive key, and upload the archive to an
external server, use the following syntax:
director (config)# archive {all | config | device-backup | eventlog | job-report} {upload current url [username username
password password] {key keyname}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see “Specifying What to Archive” on page 32.
Prerequisite: Creating and uploading an archive requires the archive file be
encrypted with an existing encryption key. For more information about
generating an archive key, see “Working With Archive Keys” on page 33.
The upload current parameters are required to create and upload the archive
file to an external server in one step. current is a reserved archive name that can
be used only for this purpose. The current archive is temporary; after the archive
is uploaded, it is deleted from Director.
For information about valid URL syntax, see “URL Syntax” on page 12.
An example follows:
director# archive all upload current
scp://192.168.0.50/director/ username director password bluecoat
key default
The command creates an archive file, encrypts it using the default key, and
uploads it to an external server using the SCP protocol, storing the archive in a
directory named director.
Creating an Archive and Optionally Encrypting It
To create an archive, encrypt it with an archive key, and optionally uploading the
archive to an external server, use the following syntax:
director (config)# archive {all | config | device-backup | eventlog | job-report} {create [archive_name url [username username
password password] | [key keyname]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see “Specifying What to Archive” on page 32.
For information about valid URL syntax, see “URL Syntax” on page 12.
The username and password parameters are required only if the external server
requires authentication.
If you omit archive_name, the archive is created with a name like the following:
sgmearchive-director-all-2008.12.03-004256.tgz
Note: archive_name cannot include space characters.
To encrypt the archive, you must use the key parameter. Before encrypting an
archive, you must generate an RSA public-private key pair as discussed in
“Working With Archive Keys” on page 33.
An example follows:
34
Chapter 2: Standard and Enable Mode Commands
director (config)# archive all create director_510_sgme5.4_12-0208.tgz key default
This command creates and archive named director_510_sgme5.4_12-0208.tgz and encrypts it with the key named default.
Deleting or Renaming Archives
To rename or delete an existing archive, you must specify the name of the archive.
Examples follow:
director # archive all delete sgme_5.4.1.1_510.tgz
director # archive device-backup move sgme_5.4.1.1_backups.tgz
sgme_5.4.1.1_backups_old.tgz
Fetching an Archive
Fetching an archive downloads it from an external server to this Director. To
restore the archive on Director, you must use the configuration mode command
discussed in “Restoring an Archive” on page 102.
Command syntax follows:
director # archive {all | config | device-backup | event-log | jobreport} fetch {archive_name url [username username password
password]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see “Specifying What to Archive” on page 32.
The archive_name parameter is required and it specifies the name of the archive file
to store on this Director appliance. url must also contain the archive file name if
there is more than one archive in the directory specified by url. If archive_name and
the file name in url are different, archive_name specifies the name of the archive
that is stored on this Director.
The username and password parameters must be used only if the external server
requires authentication.
For information about valid URL syntax, see “URL Syntax” on page 12.
For example,
director # archive all fetch sgme_5.4.1.1_510.tgz ftp://
192.168.0.50/director-5.4.1.1-36821-3192.tgz username director
password bluecoat
This example fetches an archive named director-5.4.1.1-36821-3192.tgz
from the FTP server 192.168.0.50/ and stores it on Director as
sgme_5.4.1.1_510.tgz.
After fetching the archive, you must perform the following tasks:
•
If the archive was encrypted using a key that is not stored on this Director
appliance, you must input the key as discussed in “Working With Archive
Keys” on page 33.
•
To restore (that is, install) the archive on this Director appliance, you must use
the configuration mode command discussed in “Restoring an Archive” on
page 102.
Uploading an Archive
To upload an archive to an external server, use the following command:
35
Director Command Line Interface Reference
director # archive {all | config | device-backup | event-log | jobreport} upload {archive_name url [username username password
password]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see “Specifying What to Archive” on page 32.
archive_name must match the name of a previously saved archive on this Director.
to display archive names, enter one of the following commands;
director (config)# archive {all | config | device-backup | eventlog | job-report} upload ?
director (config)# show archive {all | config | device-backup |
event-log | job-report}
url can optionally specify a different archive file name to store on url.
The username and password parameters must be used only if the external server
requires authentication.
For information about valid URL syntax, see “URL Syntax” on page 12.
For example,
director # archive all upload sgme_5.4.1.1_12-5-08.tgz ftp://
198.162.0.50/director-5.4.1.1.tgz username director password
bluecoat
This example uploads an archive named sgme_5.4.1.1_12-5-08.tgz to the FTP
server 198.162.0.50 and stores it on the server as director-5.4.1.1.tgz.
Example
The following example shows how to create an archive on the source Director,
upload it to an FTP server, and to install it on the target Director. The source and
target Directors can be the same Director appliances or different Director
appliances.
•
Generate the key (source Director)
director # archive generate key mykey
director # show archive key mykey
When prompted, enter a passphrase for the private key. Copy the entire key
to a text editor application; you will need it later.
•
Switch to configuration mode (source Director)
director # configuration terminal
director (config)#
•
Create the archive (source Director)
director (config) # archive all create sgme_5.4.1.1_04-01-09.tgz
director (config) # archive config upload ftp://192.168.0.2/
uploads/sgme/sgme_5.4.1.1_04-01-09.tgz username director
password bluecoat
•
Input the archive key (target Director)
director # archive input key mykey show
Input the private key you copied earlier and, when prompted, enter the
private key’s pass phrase.
36
Chapter 2: Standard and Enable Mode Commands
•
Switch to configuration mode (target Director)
director # configuration terminal
director (config)#
•
Fetch and install the archive (target Director)
director (config)# archive config fetch sgme_5.4.1.1_04-01-09
ftp://192.168.0.2/sgme_5.3.1.2_08-04-08.tgz username
director password bluecoat
director (config)# archive config restore sgme_5.4.1.1_04-01-09
key mykey
37
Director Command Line Interface Reference
# clear
Synopsis
This command clears specified options. This command is also available in
configuration mode.
Syntax
# clear [subcommands]
Subcommands
# clear arp statistics
Clears runtime information for the ARP protocol.
# clear arp-cache
Clears the contents of the ARP cache.
# clear ip
# clear ip all statistics
Clears runtime statistics for all IP protocols.
# clear ip icmp statistics
Clears runtime statistics for ICMP protocols.
# clear ip igmp statistics
Clears runtime statistics for IGMP protocols.
# clear ip statistics
Clears the runtime statistics for IP protocols.
# clear ip tcp statistics
Clears runtime statistics for TCP protocols.
# clear ip udp statistics
Clears runtime statistics for UDP protocols.
Example
director # clear arp statistics
38
Chapter 2: Standard and Enable Mode Commands
# cli
Synopsis
Sets CLI options. This command is also available in standard and configuration
modes. For information, see “>cli” on page 16.
39
Director Command Line Interface Reference
# configure
Synopsis
Starts configuration mode, which enables you to manage the Director features.
See Chapter 3: "Configuration Mode Commands" for detailed information about
this command.
40
Chapter 2: Standard and Enable Mode Commands
# content
Synopsis
Issues content management commands, which enable you to pre-populate the
object cache on selected devices with the content you specify. You specify content
by URL, and content commands also enable you to prioritize, delete, query, and
revalidate those URLs. In addition, URLs can be specified individually, by URL
list, or by regular expressions.
You can optionally place text files containing URL lists and regular expressions on
a Web server to which Director and the devices have access. Subcommands that
use urls-from can be used to distribute, query, revalidate, or delete content on
devices using these text files. For example, suppose you place a text file
containing a regular expression list of URLs on a Web server at URL http://
www.example.com/private/list-of-urls.txt. Use the content distribute urlsfrom command to cause devices to get the content list from list-of-urls.txt at
that URL; use content revalidate urls-from to validate the URLs; or use
content delete urls-from to delete content listed in list-of-urls.txt from
devices. (Other variations are discussed in this section; the preceding are
examples only and not a complete list.)
Similarly, you can create a URL list specified by a unique identifier and use the
URL list to distribute, query, revalidate, or delete content on devices.
This command is also available in configuration mode.
Syntax
# content subcommands
Subcommands
This section discusses the following subcommands:
•
“cancel command” on page 41
•
“delete” on page 42
•
“distribute” on page 43
•
“[no] content priority one-time” on page 43
•
“content query” on page 44
•
“regex-list” on page 47
•
“revalidate” on page 47
Note: For a discussion of the options subcommand, see “(config) #content options” on
page 111.
cancel command
Cancels currently executing content commands.
# content cancel command {{all | {command_id {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} | all}
41
Director Command Line Interface Reference
To cancel all currently executing content commands on all devices and groups,
enter:
# content cancel command all
To cancel a particular command ID currently executing on all devices and groups,
enter:
# content cancel command command_id all
To get valid values for the addr-device, device, group, model, or os-version
subcommands, enter ? for the value. For example:
director # content cancel command 1 group ?
<group ID>
Austin
AustinDev
AustinDevGroup1
Sunnyvale
SunnyvaleDev
SunnyvaleQA
delete
Deletes content from the object cache of specified devices based on whether the
content matches URLs or regular expression.
# content delete {{regex url_regex | regexes-from url | regex-list
regex-list_id | url-list url_list_id | urls-from url | url url}
{addr-device ip_address_or_hostname | all | device device_id |
group group_id | model model | os-version sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-byte-cache model ?
<model ID>
200-B
200-C
Examples:
•
To delete content based on a regular expression:
# content delete regex url_regex {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
Deletes content from the object cache of specified devices based on a
regular expression.
•
To delete content from the object cache of specified devices by regular
expressions in a text file stored at url. (The URL you specify must be
reachable by Director and the devices you specify. The URL must also
specify the full path to the text file as well as the text file name.):
# content delete regexes-from url {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
•
42
To delete content from the object cache of specified devices, where the
content is specified by url. In other words, this command deletes one
piece of content:
Chapter 2: Standard and Enable Mode Commands
# content delete url url {addr-device ip_address_or_hostname |
all | device device_id | group group_id | model model | osversion sgos_version}
distribute
Adds (that is, pre-populates) the object cache of specified devices with content
specified by URL or regular expression.
Note: The content distribute command replaces the deprecated content
pull command.
# content distribute {{url url | url-list url_list_id | urls-from
url} {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content distribute url-list CEOUpdate model ?
<model ID>
200-B
200-C
Examples:
•
To pre-populate the object cache of specified devices with content
specified by url. In other words, this command adds one piece of content
to the object cache.
# content distribute url url {addr-device ip_address_or_hostname
| all | device device_id | group group_id | model model | osversion sgos_version}
•
To pre-populate the object cache of specified devices with content
specified by URLs in a URL list:
# content distribute url-list list_id {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
•
To pre-populate the object cache of specified devices where the content is
specified by URLs listed in a text file stored at url. (The URL you specify
must be reachable by Director and the devices you specify. The URL must
also specify the full path to the text file as well as the text file name.)
# content distribute urls-from url {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
[no] content priority one-time
Prioritizes URLs content commands according to by URL or regular expression.
The one-time parameter means that the command is forgotten after it completes;
in other words, content priority returns to its previous value.
Preceding the command with the optional no parameter removes the URL
prioritization.
Priority levels range from 0 (lowest) to 7 (highest). Prioritization does the
following:
•
Pre-populates important content first so devices cache high priority content
before lower priority content.
43
Director Command Line Interface Reference
•
In the event devices purge their object cache, makes sure that higher priority
content is purged after lower priority content. A device purges its object cache
for a variety of reasons, including low available disk space.
# [no] content priority one-time {{priority#_0-7 regex-list regexlist_id | regexes-from url | urls-from url | url-list
url_list_id} {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content priority one-time 7 regexes-from https://
myserver.example.com/regexes/regexes.txt model ?
<model ID>
200-B
200-C
Examples:
•
To set the priority for objects specified by a regular expression list on the
specified set of devices:
# [no] content priority one-time priority#_0-7 regex-list regexlist_id {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}
•
To set the priority for objects specified by URLs listed in a text file stored
at url. (The URL you specify must be reachable by Director and the
devices you specify. The URL must also specify the full path to the text
file as well as the text file name.)
# [no] content priority one-time priority#_0-7 regexes-from url
{addr-device ip_address_or_hostname | all | device device_id
| group group_id | model model | os-version sgos_version |
model model | os-version sgos_version}
•
To set the priority for objects in a specified URL list object on the specified
set of devices:
# [no] content priority one-time priority#_0-7 url-list
url_list_id {addr-device ip_address_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version}
content query
Returns information about the contents of devices’ object cache. Options include
verbosity of the returned information, and filtering by a variety of parameters.
The content query commands can return the following levels of detail:
•
concise
•
detail
•
summary
# content query {{command {command_id {concise | detail | summary}
[status {all | failed | issued | pending | remaining |
successful}]} | {{in-progress {detail | summary}} | {{info
{concise | detail | summary} {url url | urls-from url | url-list
list}} | {liveness device device_id} | {{outstanding {all |
44
Chapter 2: Standard and Enable Mode Commands
regex regex | regex-list list_id | regexes-from url | url url |
url-list list_id | urls-from url} addr-device
ip_address_or_hostname | all | device device_id | group group_id |
model model | os-version sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content query in-progress detail os-version ?
<os-version>
5.3.1.11
5.4.2.1
•
content query command
# content query {{command {command_id {concise | detail | summary}}
[status {all | failed | issued | pending | remaining |
successful}]}
Queries devices for information on the objects they are storing and displays
concise execution status of content commands for the specified command ID.
The concise parameter provides the execution status for the specified
command and other information, such as the command name, the start time
and possibly the end time.
The detail command provides additional information about the specified
command ID. The format of the output for the detail command depends on
the type of command (that is, output for the content distribute command
is different than that for the content cancel command).
For the detail and summary commands, it is possible to filter the output
based on a device or group ID. It is also possible to further filter the output to
display only successful, failed, remaining, pending, or issued device
commands.
The definition of the successful and failed commands is specific to each
command.
For the content distribute, delete, and revalidate commands, a
command is successful if it could be delivered to the device. For content
query commands, a command is successful if the content is present in the
device’s object cache.
Example:
# content query command CEO_Update09 detail status pending
•
content query in-progress
# content query {{in-progress {detail | summary} addr-device
ip_address_or_hostname | all | device device_id | group group_id |
model model | os-version sgos_version}}
Displays detailed or summary information about distributes and revalidates
in progress on the specified set of devices.
The detail parameter displays the complete list of URLs being distributed
and revalidated.
The summary parameter displays only the number of URLs being distributed
and revalidated.
•
content query info
45
Director Command Line Interface Reference
# content query info {concise | detail | summary} {url url | urlsfrom url | url-list list} {addr-device ip_address_or_hostname |
all | device device_id | group group_id | model model | osversion sgos_version}
Runs the show content command for the specified URLs, and displays the
results for the devices specified.
The concise, detail, and summary parameters determine the level of
information returned:
•
concise displays counters for number of URLs whose content is in the
object cache of specified devices, and does not include content inprogress
•
detail displays each URL with the complete response from the device.
•
summary displays only the status of each URL.
The following information applies to the concise, detail, and summary
parameters:
•
url displays query results for content specified by a particular URL.
•
url-list displays query results for content specified in a URL list.
•
urls-from displays query results for content specified by URLs listed in
a text file stored at url. (The URL you specify must be reachable by
Director and the devices you specify. The URL must also specify the full
path to the text file as well as the text file name.)
•
addr-device ip_address_or_hostname queries a particular device
specified by its IP address or host name.
•
•
all queries all known devices.
•
device device_id queries a particular device specified by its ID.
•
group group_id queries a group of devices.
content query liveness
# content query liveness device device_id
Display liveness information for the specified device ID.
•
content query outstanding
# content query {outstanding {all | regex regex | regex-list
list_id | regexes-from url | url url | url-list list_id | urlsfrom url} addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}
Displays information about all incomplete content management commands
on the specified set of devices.
Example:
# content query outstanding urls-from url all
Displays information about incomplete content management commands
for content specified by URLs listed in a text file stored at url. (The URL
you specify must be reachable by Director and the devices you specify.
The URL must also specify the full path to the text file as well as the text
file name.)
46
Chapter 2: Standard and Enable Mode Commands
•
content query status
# content query status {addr-device ip_address_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version}
Displays the status of specified devices.
regex-list
Enables you to input a regular expression list. When you are finished, press
Control+D to save the list or Control+C to cancel without saving the list.
# content regex-list regex_list_id input
revalidate
Revalidates content in the specified devices’ object cache.
# content revalidate {{regex regex | regex-list list_id | regexesfrom url | url url | url-list list_id | urls-from url {addrdevice ip_address_or_hostname} {all | device device_id | group
group_id | model model | os-version sgos_version}}
To get valid values for the addr-device, device, group, model, or os-version
subcommands, enter ? for the value. For example:
director # content query in-progress detail os-version ?
<os-version>
5.3.1.11
5.4.1.2
Examples:
•
To revalidate objects specified by regular expression on the specified set of
devices:
# content revalidate regex url_regex {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
•
To revalidate a single object on the specified set of devices:
# content revalidate url url {addr-device ip_address_or_hostname
| all | device device_id | group group_id | model model | osversion sgos_version}
•
To revalidate objects specified by URLs listed in a text file stored at url. (The
URL you specify must be reachable by Director and the devices you specify.
The URL must also specify the full path to the text file as well as the text file
name.)
# content revalidate urls-from url {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
47
Director Command Line Interface Reference
# debug
Synopsis
System debugging information and commands.
Syntax
# debug [subcommands]
Subcommands
# debug dump
# debug dump delete filename
Deletes the specified dump file from the system.
# debug dump generate
Generates a debugging dump file.
# debug dump move old_filename new_filename
Renames the old dump file name to the new dump file name.
# debug dump upload filename url
Uploads the specified debugging dump file to a remote URL in one of the
formats discussed in “URL Syntax” on page 12.
If the path ends with a directory name, it must end with “/” (a forward
slash).
Example
director # debug dump generate
Generating debugging dump...
Dump file successfully written to
sgmeinfo-cjd-d2-2004.04.23-163334.tgz
48
Chapter 2: Standard and Enable Mode Commands
# device
Synopsis
Use this command to reconnect to a device with which you have lost the
connection.
Syntax
# device [subcommands]
Subcommands
# device device_id reconnect
Drops the existing connection and reinitiates connection to the specified
device.
Example
director # device 10.25.36.47 reconnect
49
Director Command Line Interface Reference
# disable
Synopsis
Exits enable mode and returns you to standard mode.
Syntax
# disable
The disable command does not have any parameters or subcommands.
Example
director # disable
director >
50
Chapter 2: Standard and Enable Mode Commands
# exit
Synopsis
Exits the system. If you want to exit enable mode and return to standard mode,
use the Enable mode command disable.
Syntax
# exit
The exit command does not have any parameters or subcommands.
Example
director # exit
Connection closed by foreign host.
51
Director Command Line Interface Reference
# file
Synopsis
This command manages text files created with commands such as cli capture.
This command is also available in configuration mode.
Syntax
# file [subcommands]
Subcommands
# file text-file
# file text-file delete filename
Deletes the specified text file from the system.
# file text-file move filename
Renames the old file name to the new file name.
# file text-file upload filename url
Uploads the specified text file to a remote URL in one of the URL formats
discussed in “URL Syntax” on page 12.
If the path ends with a directory name, it must end with “/” (a forward
slash).
Example
director # file text-file move myfile.txt yourfile.txt
52
Chapter 2: Standard and Enable Mode Commands
# help
Synopsis
Lists all top-level commands currently available. This command is also available
in standard and configuration modes. See “>help” on page 20 for more
information.
53
Director Command Line Interface Reference
# job
Synopsis
This command allows you to immediately execute or cancel a specified job, or
immediately update the status of all jobs.
Syntax
# job [subcommands]
Subcommands
# job job_id
# job job_id cancel
Immediately cancels all running instances of the specified job.
# job job_id execute
Immediately executes the commands in the specified job.
# job update-status
This command starts an immediate poll on outstanding jobs, bypassing the
timeout to get immediate status without waiting for the polling timeout.
Example
director # job 2004Apr23112257PDT cancel
54
Chapter 2: Standard and Enable Mode Commands
# line-vty
Synopsis
This command sets the number of screen lines. If the number of lines to output is
greater than the screen size, the CLI output handler pauses output by displaying
the --More-- prompt. The default value of screen size is 24.
Press the Enter key to display more lines one by one the space bar to display
another group of screen lines, or enter, q or Control+C to end further displays. If
the number of lines is set to 0 (zero), then paging is disabled.
Important: This is a per-session variable and it is not saved to the
configuration database.
Syntax
# line-vty length number
Specifies the number of screen lines that will display. Set to 0 (zero) to disable
paging.
Example
director # line-vty length 0
55
Director Command Line Interface Reference
# monitoring
Synopsis
Refreshes the health monitoring statistics for one or more devices; and generates
health reports and Performance Analysis reports for devices and e-mails those
reports.
Syntax
director # monitoring {refresh health-state {all | device device_id
| group group_id}} | {generate-report {health | performance}
subcommands}}}
Refreshes the health monitoring statistics of all devices, devices specified by
device ID, or all devices in a specified group.
More options are available in configuration mode as discussed in “(config)
#monitoring” on page 150.
Subcommands
This section discusses the following subcommands:
•
“generate-report health” on page 56
•
“generate-report performance” on page 57
•
“refresh health-state” on page 58
generate-report health
director# monitoring generate-report health {{all | device
device_id | group group_id | model model | os-version
sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year} {mail {From: email_address_list | To:
email_address_list | Cc: email_address_list | BCC:
email_address_list}} [username username | password password]
Generates and e-mails health reports for specified devices.
•
Specify the devices for which to generate and e-mail reports using the
parameters: {all | device device_id | group group_id | model
model | os-version sgos_version}
To get valid values for parameters other than all, enter the parameter
followed by the question mark character. For example, to get valid values
for os-version groups, enter:
director (config) # monitoring generate-report health osversion ?
•
Specify the period of time over which to average report values using the
parameters: {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year}
56
Chapter 2: Standard and Enable Mode Commands
•
Specify e-mail parameters as discussed in the following table:
E-mail parameter
Description
From:
Enter one e-mail address to appear on
the From line in the e-mail. This e-mail
address is also used to return reports to
this address in the event the e-mail
failed to deliver.
E-mail addresses must be in the format
name@domain. For example,
bob.smith@example.com
To:
Enter one or more e-mail addresses to
which to send the reports.
Cc:
Enter one or more e-mail addresses to
copy on the report e-mail.
BCC:
Enter one or more e-mail addresses to
blind copy on the report e-mail.
username
If the SMTP server requires
authentication, enter a valid user name.
password
Enter the user’s password.
Note: To set up the SMTP server, see “(config) #mail-config” on page 147.
The following example shows how to generate health reports for all devices
in the SGOS 5.4.1.1 OS Version group, compiled over the last day, to two
users. The SMTP server requires authentication from the user named
email.user@example.com.
director# monitoring generate-report health os-version 5.4.1.1
Last-Day mail From: director.user@bluecoat.com To:
john.doe@example.com,jane.doe@example.com username
email.user@example.com password bluecoat
generate-report performance
Generates and e-mails performance analysis reports for specified devices.
director# monitoring generate-report performance {{all | device
device_id | group group_id | model model | os-version
sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year} {Bytes | Kilo-Bytes | Mega-Bytes | Giga-Bytes} {mail
{From: email_address_list | To: email_address_list | Cc:
email_address_list | Bcc: email_address_list}} [username
username | password password]
Generates and e-mails performance reports for specified devices.
•
Specify the devices for which to generate and e-mail reports using the
parameters: {all | device device_id | group group_id | model
model | os-version sgos_version}
To get valid values for parameters other than all, enter the parameter
followed by the question mark character. For example, to get valid values
for os-version groups, enter:
director # monitoring generate-report health os-version ?
57
Director Command Line Interface Reference
•
Specify the period of time over which to average report values using the
parameters: {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year}
•
Specify e-mail parameters as discussed in the following table:
E-mail parameter
Description
From:
Enter one e-mail address to appear on
the From line in the e-mail. This e-mail
address is also used to return reports to
this address in the event the e-mail
failed to deliver.
E-mail addresses must be in the format
name@domain. For example,
bob.smith@example.com
To:
Enter one or more e-mail addresses to
which to send the reports.
Cc:
Enter one or more e-mail addresses to
copy on the report e-mail.
BCC:
Enter one or more e-mail addresses to
blind copy on the report e-mail.
username
If the SMTP server requires
authentication, enter a valid user name.
password
Enter the user’s password.
Note: To set up the SMTP server, see “(config) #mail-config” on page 147.
The following example shows how to generate performance reports for all
devices in the SGOS 5.4.1.1 OS Version group, compiled over the last day in
units of MB, to two users. The SMTP server requires authentication from the
user named email.user@example.com.
director# monitoring generate-report performance os-version 5.4.1.1
Last-Day Mega-Bytes mail From: director.user@bluecoat.com To:
john.doe@example.com,jane.doe@example.com username
email.user@example.com password bluecoat
refresh health-state
director# monitoring refresh health-state {all | device device_id |
group group_id}
Refreshes the health monitoring statistics of all devices, devices specified by
device ID, or all devices in a specified group.
58
Chapter 2: Standard and Enable Mode Commands
# no
Synopsis
This command negates specified options.
Syntax
# no subcommands
Subcommands
# no cli
# no cli capture
Disables capturing of CLI output to a file.
# no cli help disable
The command no cli help disable re-enables the help system so that
typing the command '?' will give help on completing the line.
# no cli print-message-codes
Specifies not to print error codes along with each error message.
# no cli prompt-override
Removes the CLI prompt override.
# no cli raw-input
Disables raw input mode (help, completion, and command line editing
would be reenabled).
# no content priority one-time
For syntax, see “[no] content priority one-time” on page 43.
# no session session-ip username username
Kills the Management Console session running on the specified IP address
and user name. Entering no session ? displays the list of currently loggedin users and the IP addresses used by Director Management Console sessions.
Example
director # no session 192.168.0.2 username admin
59
Director Command Line Interface Reference
# ping
Synopsis
Sends ICMP echo request packets. This command is also available in standard
and configuration modes. See “>ping” on page 22 for more information.
60
Chapter 2: Standard and Enable Mode Commands
# push-policy
Synopsis
This command is related to content filtering policy. This command is available to
delegated users. If admin, sadmin, or another privilege 15 user runs the command,
an error is displayed.
This command is intended to be used by delegated users because the user must be
a member of a user group that is associated with a device or custom group. In
addition, the device or custom group with which the user is associated must be
associated with a Content Policy overlay.
Before a delegated user can use this command, the sadmin user must perform all
of the following tasks:
•
Create delegated users
•
Create delegated user groups and associate users with user groups
•
Create Content Policy overlays
•
Associate a Content Policy overlay with devices or a custom group
•
Associate user groups with devices or custom groups
For more information about content filtering policy commands and role-based
access, see “Content Filtering Policy and Role-Based Access” on page 7.
Syntax
# push-policy {device device_id | group custom_group_name |
central}
Subcommands
# push-policy device device_id
Pushes content filtering policy defined in the associated Content Policy
overlay and URL/category allow lists and block lists to the specified
device_id.
# push-policy group custom_group_name
Pushes content filtering policy defined in the associated Content Policy
overlay and URL/category allow lists and block lists to the custom group
named custom_group_name.
Note: Content filtering policy cannot be pushed to System groups, such as
All, Model groups, or OS Version groups.
# push-policy central
Writes a central policy file on the specified location in user-group
configurations. This command only works on user-groups using a central
policy file.
61
Director Command Line Interface Reference
# reload
Synopsis
This command allows you to reboot or shut down this machine. This command is
also available in Configuration mode.
Syntax
# reload [halt [force] | force]
Subcommands
# reload
With no optional subcommands, reboots this machine, but warns you if there
are outstanding configuration changes.
Blue Coat strongly recommends using the write memory command before
the reload command to avoid losing pending configuration changes. For
more information, see “#write” on page 92.
# reload force
Reboots the appliance, discarding any pending configuration changes.
To apply pending configuration changes, use the write memory
command (see “#write” on page 92).
# reload halt [force]
Shuts down the appliance.
halt shuts down the appliance.
halt force shuts down this machine even if there are outstanding
configuration changes. These changes will then be lost.
To apply pending configuration changes, use the write memory
command (see “#write” on page 92).
Example
director # reload halt force
62
Chapter 2: Standard and Enable Mode Commands
# remote-config
Synopsis
Configures and manages remote devices. More options are available in configure
mode as discussed in “(config) #remote-config” on page 176.
Syntax
# remote-config subcommands
Subcommands
This command has the following subcommands:
•
“backup restore device”
•
“clear-byte-cache” on page 63
•
“clear-dns-cache” on page 63
•
“clear-object-cache” on page 64
•
“diff” on page 64
•
“download-system url” on page 64
•
“execute” on page 65
•
“license-key update” on page 66
•
“overlay” on page 66
•
“profile” on page 67
•
“reboot” on page 67
•
“reconnect” on page 67
•
“validate-system version” on page 68
backup restore device
# remote-config backup restore device device_id backup_id
Restores a backup to a device.
clear-byte-cache
# remote-config clear-byte-cache {all | device device_id | group
group_id | model model | os-version sgos_version}
This command enables you to clear the byte cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-byte-cache model ?
<model ID>
200-B
200-C
clear-dns-cache
# remote-config clear-dns-cache {all | device device_id | group
group_id | model model | os-version sgos_version}
63
Director Command Line Interface Reference
This command enables you to clear the DNS cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-dns-cache model ?
<model ID>
200-B
200-C
clear-object-cache
# remote-config clear-object-cache {all | device device_id | group
group_id | model model | os-version sgos_version}
This command enables you to clear the object cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-object-cache group ?
<group ID>
Austin
AustinDev
AustinDevGroup1
Sunnyvale
SunnyvaleDev
SunnyvaleQA
diff
# remote-config diff [context | unified] {{backups first_device_id
first_backup_id second_device_id second_backup_id} | {overlays
first_overlay_id second_overlay_id} | {profiles
first_profile_id second_profile_id}}
Compares backups, overlays, or profiles using a diff utility and formats the
output in one of the following ways:
•
context format uses an identification line for each file, containing the
filename and modification date.
•
unified (default) uses plus and minus signs to indicate differences: each
line that occurs only in the left file is preceded by a minus sign, each line
that occurs only in the right file is preceded by a plus sign, and common
lines are preceded by a space.
download-system url
# remote-config download-system url url {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}
Downloads a system image to a device or group of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config download-system url https://
myserver.example.com/sgos os-version ?
<os-version>
5.3.1.3
5.4.1.1
64
Chapter 2: Standard and Enable Mode Commands
execute
# remote-config execute {{addr-device ip_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version} {command command | disable-health | enable-health
| input [errors-only]}}
This command enables you to execute various commands on single devices,
all devices, or groups of devices. If you use the input subcommand, you can
execute commands in bulk.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config execute os-version ?
<os-version>
5.3.1.11
5.4.1.2
Note: To get help for commands you can execute, you must first designate a
device using remote-config help device device_id as discussed in “help
device” on page 179.
Enables you to perform the following operations on a single configured
device, all configured devices, or a group of configured devices:
command command executes a single command. To run enable mode
commands on a device, you must use the input parameter.
enable-health enables health monitoring on the devices.
disable-health disables health monitoring on the devices.
input [errors-only] runs a set of commands. After you enter remoteconfig execute followed by input, type the set of commands to execute
on the specified devices, followed by Control+D to save the commands or
Control+C to cancel without running the commands. The optional
errors-only parameter causes only errors to display.
Notes:
•
For enable and configuration mode commands to complete
successfully, the devices must be configured with the correct enable
mode password. To set the enable mode password on a device, use
the following command as discussed in “(config) #device device_id”
on page 115:
(config device device_id) # enable-password enablepassword
•
Commands execute in the device’s configuration mode by default. To
run enable mode commands on a device, you must use the input
parameter and enter the commands in the format shown:
exit
commands
config t
For example, to run commands that cause all devices to display their
version and bandwidth gains, enter the following:
65
Director Command Line Interface Reference
director # remote-config execute all input
Enter your commands now. Press Ctrl-D to finish, Ctrl-C
to abort.
exit
show version
show bandwidth-gain
config t
(Press Control+D)
To run the same commands but display only error messages, enter the
following:
director # remote-config execute all input errors-only
Enter your commands now. Press Ctrl-D to finish, Ctrl-C
to abort.
exit
show version
show bandwidth-gain
config t
(Press Control+D)
license-key update
# remote-config license-key update {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}} [errors-only |
username web_power_username password web_power_password]
Updates the license-key for a device or group of devices, displaying only
device errors. You can optionally update the BlueTouch Online user name
and password used to upgrade the devices’ license key.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config license-key update os-version ?
<os-version>
5.3.1.11
5.4.1.2
Note: The BlueTouch Online user name and password are not validated.
They are used only if the license must be fetched from BlueTouch Online.
(BlueTouch Online was previously referred to as WebPower.)
overlay
# remote-config overlay overlay_id execute {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} [errors-only]
Executes the specified overlay against the specified device or group of
devices, optionally displaying only errors.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config overlay 210Basic execute os-version ?
<os-version>
5.3.1.11
5.4.1.2
66
Chapter 2: Standard and Enable Mode Commands
Note: Usually, a profile or overlay displays results for all devices in a group when the
profile or overlay is executed on a group of devices under a banner similar to:
+------------------------------------------| Output for device "name"
+-------------------------------------------
However, if the group has no substitution variables defined for it but some of the
devices in the group have substitution variables defined for them, profile or overlay
execution displays errors for the devices without substitution variables and it displays
the result of the command execution for devices with substitution variables.
The error displays as follows:
Error: The device <name> does not have a value for the required
substitution variable variable-name.
profile
# remote-config profile profile_id execute {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} [errors-only]
Executes the specified profile against the specified device or group of devices,
optionally displaying only errors.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config profile 510Edge execute os-version ?
<os-version>
5.3.1.11
5.4.1.2
reboot
# remote-config reboot {addr-device ip_address_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version}
Reboots the given device or group of devices. The command waits until all
the specified devices have finished rebooting before returning. This command
can therefore be used, for example, in schedules when you need to reboot a
device between two other commands.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config reboot device ?
<device ID>
Dev142
QA143
reconnect
# remote-config reconnect {addr-device ip_address_or_hostname | all
| device device_id | group group_id | model model | os-version
sgos_version}
Reconnects the given device or group of devices. this command does not wait
for the reconnect process to complete before returning. It just initiates the
reconnect process.
67
Director Command Line Interface Reference
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config reconnect device ?
<device ID>
Dev142
QA143
validate-system version
# remote-config validate-system version version {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}
Validates the image version of a certain device or group of devices. The
version is validated for all digits you enter.
For example, the following command succeeds for all devices running SGOS
5.x:
# remote-config validate-system version 5 all
However, the following command fails if any device is not running SGOS
5.3.0.6:
# remote-config validate-system version 5.3.0.6 all
Example
director # remote-config backup restore device 10.25.36.47 bu2
68
Chapter 2: Standard and Enable Mode Commands
# show
Synopsis
Use this command to display running system information.
Syntax
# show subcommands
Subcommands
This section discusses the following subcommands:
•
“aaa authentication login” on page 70
•
“access-lists” on page 70
•
“archive” on page 70
•
“arp” on page 71
•
“banner” on page 71
•
“category-list” on page 71
•
“cli” on page 72
•
“clock” on page 72
•
“configuration” on page 72
•
“content” on page 73
•
“debug dumps” on page 73
•
“device-hierarchy” on page 73
•
“devices” on page 73
•
“dmc timeout” on page 74
•
“file” on page 75
•
“folder-hierarchy” on page 75
•
“folders” on page 75
•
“groups” on page 75
•
“hosts” on page 76
•
“interfaces” on page 76
•
“ip” on page 76
•
“jobs” on page 77
•
“jobs-detailed” on page 78
•
“lcd” on page 78
•
“ldap-server” on page 78
•
“license” on page 78
•
“line-vty” on page 78
69
Director Command Line Interface Reference
•
“list-settings” on page 79
•
“mail-config” on page 79
•
“monitoring alerts” on page 79
•
“ntp” on page 80
•
“platform” on page 80
•
“privilege” on page 80
•
“radius” on page 80
•
“remote-config” on page 80
•
“require-config-lock” on page 82
•
“role” on page 82
•
“role-hierarchy” on page 83
•
“role-substitution-variable” on page 83
•
“running-config” on page 83
•
“sessions” on page 83
•
“snmp” on page 83
•
“special-groups” on page 83
•
“ssh” on page 84
•
“standby-settings” on page 84
•
“status” on page 84
•
“syslog” on page 85
•
“tacacs” on page 85
•
“tcpdump” on page 85
•
“telnet-management” on page 85
•
“upgrade-package” on page 85
•
“user-group” on page 85
•
“usernames” on page 86
•
“version” on page 86
•
“#slogin” on page 87
aaa authentication login
# show aaa authentication login
Displays the list of login authentication methods.
access-lists
# show access-lists
Displays the contents of current access lists.
archive
# show archive
# show archive all [archive_name]
70
Chapter 2: Standard and Enable Mode Commands
Displays a specified saved Director archive. If an archive_name is not
specified, a list of archives will be displayed.
# show archive config [archive_name]
Displays a specified saved config archive. If an archive_name is not
specified, a list of archives will be displayed.
# show archive device-backup [archive_name]
Displays a specified device archive. If an archive_name is not specified, a
list of archives will be displayed followed by the available space for
backups.
# show archive event-log [archive_name]
Displays a specified saved event-log archive. If an archive_name is not
specified, a list of archives will be displayed followed by the available
space for log files.
# show archive job-report [archive_name]
Displays a specified saved job-report archive. If an archive_name is not
specified, a list of archives will be displayed followed by the available
space for job reports.
# show archive key key_name
Displays a specified archive key. A pass phrase must be entered to
display the key. Using ? as the key name displays the list of keys
currently on this Director appliance. The pass phrase is the name of the
user who created the key.
# show archive keys
Displays the names (but not values) of existing archive keys.
arp
# show arp [configured | statistics]
Without optional arguments, displays the contents of the system’s running
Address Resolution Protocol (ARP) cache. The optional configured
parameter displays the list of static ARP entries that were configured with
the arp command. The optional statistics parameter displays ARP statistics.
banner
# show banner
Displays the current banner. For example,
director (config) # show banner
Copyright (c) 1997-2010, Blue Coat Systems, Inc.
Welcome to SG-ME 5.5.1.1 #45678 2010.04.06-013904
certificate-signing-request
# show certificate-signing-request
Display the certificate signing request.
category-list
# show category-list
71
Director Command Line Interface Reference
For admin and super-admin users this displays all the categories from the
master category list. For the delegated users it displays the categories
associated with them. If the categories are not associated to particular
delegated user, and the categories are associated to all the users in the
usergroup, those categories are displayed.
For information about categories, see KB article 1567 and the Blue Coat
WebFilter URL Categories data sheet.
cli
#show cli-timeout
Displays the CLI timeout configured on the appliance. The default value is
900 seconds/15minutes.
clock
# show clock
Displays the current system time, date, and timezone.
configuration
# show configuration [files filename | lock-holder | options
subcommands | revision | running]
Without any optional parameters, the show configuration command
displays commands that can be used to re-create this Director’s configuration.
# show configuration files [filename]
Displays a list of the names of all configuration files on the system, or, if
you specify a filename, displays the contents of the specified
configuration file's saved state.
# show configuration lock-holder
Displays identity and idle time of the holder on the write lock for this
node.
# show configuration options {exclude-devices | exclude-jobs |
exclude-priorities | exclude-groups}
exclude-devices displays the Director’s configuration without
commands related to device configuration.
exclude-jobs displays the Director’s configuration without commands
related to job configuration.
exclude-priorities displays the Director’s configuration without
commands related to content priority configuration.
exclude-groups displays the Director’s configuration without
commands related to group configuration.
# show configuration revision
Displays versioning information for the active configuration file.
# show configuration running [options {exclude-devices |
exclude-jobs | exclude-priorities | exclude-groups}]
Without the options parameter, displays the running configuration of
this Director. This is different from Director’s saved configuration, which
is displayed by the show configuration command.
72
Chapter 2: Standard and Enable Mode Commands
The running configuration includes any configuration changes that have
been made but not yet saved. Use the following guidelines:
•
Director Management Console: Any configuration changes made
using the Director Management Console are saved only after you exit
the Management Console. Until then, the changes are part of
Director’s running configuration.
•
Command line: Configuration changes are saved only after you enter
the write memory command. Until then, the changes are part of
Director’s running configuration.
exclude-devices displays the Director’s running configuration without
commands related to device configuration.
exclude-jobs displays the Director’s running configuration without
commands related to job configuration.
exclude-priorities displays the Director’s running configuration
without commands related to content priority configuration.
exclude-groups displays the Director’s running configuration without
commands related to group configuration.
content
# show content
# show content options
Displays content management options.
# show content regex-list [list_id]
Displays a summary of the regular expression list or, with the optional
list_id parameter, displays information about a particular regular
expression ID.
# show content url-list [list_id]
Displays a summary of the URL expression list or, with the optional
list_id parameter, displays information about a particular URL ID.
debug dumps
# show debug dumps
Displays a list of the dump files saved on the system followed by the space
available for dump files.
device-hierarchy
# show device-hierarchy
Displays the hierarchy of groups and devices, including device group
assignments and groups that are nested in other groups.
devices
# show devices
Displays all top-level devices.
# show devices [device_id | {device_id substitution-variable}]
73
Director Command Line Interface Reference
Displays detailed information about the specified device; that is, its
address, name, comment, Web configuration port, protocol, authtype,
simple authentication info (username, and password), model, SGOS
version, and RSA authentication information (user name, client user
name and identity, and known host key).
Entering a device ID and the optional substitution-variable
parameter displays all substitution variables defined for that device and
inherited from groups to which the device belongs (in other words, the
group hierarchy to which the device belongs).
For example,
director # show devices Dev142 substitution-variable
Substitution-Variable:SNMPContact
Value:user@example.com
Device:Dev142
Substitution-Variable:DNS
Value:172.16.36.10
Group:Austin
Substitution-Variable:SNMPContact
Value:user@example.com
Group:AustinDev
Substitution-Variable:DNSAlt
Value:10.107.4.77
Group:Sunnyvale
This example shows that the device Dev142 has one substitution variable
defined for it; and two other variables (DNS and DNSAlt) it inherits from
groups to which it belongs.
# show devices max-supported
Displays the maximum number of devices supported by your Director
appliance.
# show devices state [configured | connected | disconnected |
not-registered | registered]
Without an optional parameter, displays the state of all devices that were
added to this Director. Add one of the optional arguments to display the
state of certain devices (for example, the configured parameter displays
the state of configured devices only).
# show devices versions
Displays the device versions supported by Director. Only major and
minor numbers are displayed for the versions supported. Complete
version strings are displayed for versions that are not supported.
dmc request-timeout
# show dmc request-timeout
Display the timeout period set for requests made in Director
Management Console. (Available in SGME 6.1.8.1 and later)
dmc timeout
# show dmc timeout
Display the timeout period set for Director Management Console
sessions.
74
Chapter 2: Standard and Enable Mode Commands
file
# show file
# show file systems
Displays a list of valid file systems for the local machine. Each is shown
with the following: their filename; full capacity; amount of remaining free
space; miscellaneous flags; and type, which is either image (can hold
software images) or var (where all machine-specific information is kept:
logs, configurations, home Directories, etc.).
# show file text-files [filename]
Displays the contents of a text file, using the UNIX less command. If no
filename is specified, a list of files is displayed. Common keystrokes used
with the less command:
•
Up and Down arrow keys to move up or down one line at a time
•
<space> to move down a page
•
b to move up a page
•
> to move to the end
•
/ followed by a search string and <cr> to do a forward search
•
< to move to the beginning
•
? followed by a search string and <cr> to do a backward search
•
n to find next occurrence of search string in same direction as last search
•
q to quit
folder-hierarchy
# show folder-hierarchy
Displays the hierarchy of folders for profiles, overlays, jobs, and content
collections.
folders
# show folders [folder_id]
With no optional parameter, displays information about all configured
folders. By specifying an optional folder_id, displays information about the
specified folder. Displayed information includes folder ID, friendly name,
parent and child folders, overlays, profiles, jobs, regular expression lists, URL
lists, and jobs.
groups
# show groups [group_id | {group_id substitution-variable}]
Displays information about the specified group. This includes its group ID,
friendly name, comment, its parent's group ID (if it is not a top-level group), a
list of all its devices (ID only) and a list of all its subgroups (ID only). If the
named group does not exist, an error is given.
If no group is specified, a list of all groups (their ID and friendly name only) is
displayed.
Entering a group ID and the optional substitution-variable parameter
displays all substitution variables defined for that group and inherited from
other groups.
75
Director Command Line Interface Reference
For example,
director # show groups AustinDev substitution-variable
Substitution-Variable:SNMPContact
Value:user@example.com
Group:AustinDev
Substitution-Variable:DNS
Value:172.16.36.10
Group:Austin
This example shows that the group AustinDev has one substitution variable
defined for it and it inherits one variable (DNS) from a parent group.
For more information about substitution variables, see the Blue Coat Director
Configuration and Management Guide.
hosts
# show hosts
Displays DNS-related information: a list of all name servers, a list of all
domain names, a list of all static-hostname to IP-address mappings, and the
hostname of the local machine. The name servers and domain names are
listed in the order in which they will be tried.
interfaces
# show interfaces
Displays all of the information for all interfaces.
# show interfaces [interface_number]
Displays all of the information about the specified interface.
# show interfaces [configured interface_number]
Displays the values that can be set by the user with their configured
values.
ip
# show ip
Displays IP-specific information for all interfaces.
# show ip [access-lists]
Displays IP access-list information.
# show ip [default-gateway [configured]]
Displays the running default (the default-gateway command) or
configured default (the default-gateway configured command)
gateway.
# show ip [default-gateway-v6 [configured]]
Displays the running default IPv6 (the default-gateway command) or
configured default IPv6 (the default-gateway configured command)
gateway.
# show ip icmp
Displays ICMP statistics.
# show ip igmp
Displays IGMP statistics.
76
Chapter 2: Standard and Enable Mode Commands
# show ip [interface [interface_number] | [configured
[interface_number]]]
The interface command displays running IP-related state of all
interfaces; the interface interface_number command displays
running IP-related state of the specified interface; the interface
configured command displays the configured IP-related state of all
network interfaces; and the interface configured interface_number
command displays the configured IP-related state of the specified
network interface.
# show ip [route [configured]]
Displays routing information. The route command displays the dynamic
routes currently in use, and the route configured command displays
the static IP routes that have been configured for this system.
# show ip [tcp [conns | listeners]]
The tcp command displays TCP statistics, the tcp conns command
displays TCP connection information, and the tcp listeners command
displays TCP listener information.
# show ip [udp [conns]]
The udp command displays UDP statistics and the udp conns command
displays UDP connection information.
jobs
# show jobs [job_id {commands | date-time-pairs | execution
subcommands | status | time-of-day | substitution-variables |
validate}]
With no job_id specified, the command displays a list of all jobs.
Optional parameters follow:
# show jobs job_id displays the properties of the specified job,
including the recipient and sender addresses for e-mail notification, the
schedule type, the job type, and next run time if configured.
# show jobs job_id commands displays commands associated with this
job.
# show jobs job_id date-time-pairs displays date-time pairs
associated with this job.
# show jobs job_id execution {ids | last} displays execution
details. ids displays a list of all saved execution reports for this job and
last displays details for the last (that is, most recent) execution of this
job.
# show jobs job_id status displays the current status of this job.
# show jobs job_id time-of-day displays time-of-day settings for this
job.
# show jobs job_id substitution-variables displays any substitution
variables defined for profiles or overlays pushed by this job.
# show jobs job_id validate validates substitution variables for
profiles or overlays pushed by this job.
77
Director Command Line Interface Reference
An example follows:
director # show jobs Job1 validate
overlay:SG210Basic
device:Dev142
% Conflicts found, unable to apply the substitution
variables.
Target-Device:Dev142
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
Value:10.107.4.60
Group:AustinDev
In this example, a job named Job1 pushes a profile named SG210Basic
that has a substitution variable conflict. The variable DNS is defined in
two places with different values; as a result, the job will fail to execute.
For more information about resolving substitution variable conflicts, see
the Blue Coat Director Configuration and Management Guide.
jobs-detailed
# show jobs-detailed [n-days]
Without the optional parameter, displays detailed information about all
configured jobs. Information includes job ID, friendly name, comment,
whether the job is enabled, scheduling type, and job type.
With the optional n-days parameter, displays information about jobs
executed in the last n number of days.
lcd
# show lcd
Displays the LCD panel settings PIN. A value of 0000 means that no PIN is
set. To set the front panel LCD PIN, see “(config) #lcd” on page 141.
ldap-server
# show ldap-server
Displays the LDAP server(s) details, if configured.
license
# show license
Displays the validity of the currently installed license on your Blue Coat
Director.
line-vty
# show line-vty
Displays the current number of screen lines.
78
Chapter 2: Standard and Enable Mode Commands
list-settings
# show list-settings
Displays the list settings for the logged in user. If the list settings are not set
for the user, the list settings are inherited from the user-group the delegated
user belongs to.
This command is available to delegated users only.
# show logging
Displays all configuration parameters associated with logging: the list of SCP
servers; the logging trap level; and the console log level.
mail-config
# show mail-config
Displays SMTP mail configuration parameters for e-mailing health reports
and Performance Analysis Reports.
monitoring alerts
# show monitoring alerts {[device device_id [metric
subcommands]] | [group group_id] [metric subcommands]] |
{metric subcommands} |[severity {all | warning | critical |
disconnected}] | [all | active | inactive] | [all |
acknowledged | unacknowledged] | [days number_of_days]}
This command displays alerts with a specific metric, severity, state, status,
range for number of days; optionally, for a device or for a group. You must
specify a metric to view and you can optionally filter the results by severity,
state, status, and number of days.
metric subcommands follow:
•
adn-connection-status: Application Delivery Network alerts based on
connection status
•
adn-manager-status: Application Delivery Network connection status
indicates whether or not the device is connected to the ADN network
and, if it is connected, what its status is (for example, approved, pending,
and so on)
•
cpu-utilization: Indicates when CPU utilization has crossed the
threshold limit
•
device-connection: Indicates whether Director has lost or re-
established a connection with a device
•
disk-status: Displays the status of disks
•
health-check-status: Indicates when a device’s health checks have
crossed a threshold
•
interface-utilization: Display alerts when the traffic on the interface
approaches maximum bandwidth
•
license-expiration: Display alerts of impending license expiration
•
license-utilization: Display alerts for licenses that have user limits,
and monitors the number of users
•
memory-pressure: (SGOS 5.2 and earlier) Display alerts when memory
resources become limited, causing new connections to be delayed
79
Director Command Line Interface Reference
•
memory-utilization: (SGOS 5.3 and later) Display alerts when memory
resources become limited, causing new connections to be delayed
•
sensor: Indicates problems detected by device sensors (for example,
motherboard over-temperature)
Note: The alerts displayed by a particular device are SGOS version-dependant.
Director displays only the alerts that are supported by the version of SGOS the device
runs.
Examples:
director # show monitoring alerts metric all severity warning
This example displays alerts for all metrics filtered by severity.
director # show monitoring alerts group AustinDev metric healthcheck-status severity all active unacknowledged days 30
This example displays only acknowledged, active health-check-status
alerts for the group AustinDev, of all severities, that have occurred in the
last 30 days.
ntp
# show ntp
Displays Network Time Protocol (NTP) configuration: the current list of NTP
servers, their version numbers, and whether they are marked as preferred.
Also indicates whether NTP is enabled.
Note: Version 3 is hardcoded into the configuration database when the
management node is created. When the NTP server is up, the correct version
is returned.
platform
# show platform
Displays your Director appliance’s hardware type (for example, 510).
privilege
# show privilege
Displays the current user's privilege level, both current and maximum. The
current level will reflect only what mode the user is in (standard, enable, or
configuration); the maximum level will be whatever is configured as the
maximum privilege level for that username.
radius
# show radius
Displays all RADIUS server configuration settings.
remote-config
# show remote-config
# show remote-config backups [device_id [backup_id]]
Displays the given backups available for all the devices on the system. If
you specify a device ID, only the given backups available for this device
are displayed. If you specify a device ID and a backup ID, the contents of
the specified backup are displayed.
80
Chapter 2: Standard and Enable Mode Commands
# show remote-config help
Displays the device used for command line completion and help.
# show remote-config license-key username
Displays the BlueTouch Online user name, if any, entered when applying
a license upgrade to a device. (BlueTouch Online was previously referred
to as WebPower.)
# show remote-config overlays [{overlay_id | substitutionvariables | {validate | all | device device_id | group
group_id | model model_number | os-version sgos_version}
substitution-variable}]
Displays a summary of overlays. If you specify overlay_id, this
command displays the comment, friendly name, and list of commands
for the specified overlay.
If you specify overlay_id and the optional substitution-variable
parameter, the names of any substitution variables defined for that
overlay display.
If you specify overlay_id and the optional validate parameter, the
names of any substitution variables defined for that overlay display. To
get valid values for the device, group, model, or os-version parameters,
enter ? for the value.
An example validation follows:
director # show remote-config overlays SG210Basic validate
all substitution-variable
% Conflicts found, unable to apply the substitution
variables.
Target-Device:Dev142
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
Value:10.107.4.60
Group:AustinDev
Valid Substitution Variables:
Target-Device:QA143
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
This example validates substitution variables in the overlay 210Basic for
all devices. One conflict was found; for more information about resolving
substitution variable conflicts, see the Blue Coat Director Configuration and
Management Guide.
# show remote-config profiles [{profile_id | substitutionvariables | {validate | all | device device_id | group
group_id | model model | os-version sgos_version}
substitution-variable}]
Displays a list of all the profiles in the system, and their comments. If you
specify profile_id, this command displays the contents of the given
profile, along with its comment and friendly name.
If you specify profile_id and the optional substitution-variable
parameter, the names of any substitution variables defined for that profile
display.
81
Director Command Line Interface Reference
If you specify profile_id and the optional validate parameter, the
names of any substitution variables defined for that profile display. To get
valid values for the device, group, model, or os-version parameters,
enter ? for the value.
An example validation follows:
director # show remote-config profiles Basic210Config
validate all substitution-variable
% Conflicts found, unable to apply the substitution
variables.
Target-Device:Dev142
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
Value:10.107.4.60
Group:AustinDev
Valid Substitution Variables:
Target-Device:QA143
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
This example validates substitution variables in the profile
Basic210Config for all devices. One conflict was found; for more
information about resolving substitution variable conflicts, see the Blue
Coat Director Configuration and Management Guide
require-config-lock
# show require-config-lock
Displays current configuration lock mode. By default, the require
configuration lock mode is disabled.
role
# show role delegated-admin user-groups
This command is used for content filtering policy. This command is available
for the sadmin, admin, and privilege 15 users.
Displays the list of user groups. For example,
director # show role delegated-admin user-groups
unassigned
Fin_policy
HR_policy
# show role delegated-admin user-groups policy-file-association
Displays the user group associated with central policy file.
# show role delegated-admin user-group user-group-name {all | user
username } list-settings
Displays the list settings of the delegated users.
# show role delegated-admin user-group user-group-name {all | user
username } categories
Displays the categories assigned to the users. The all option displays the
categories of the user group level. If categories are not set for the user, the
categories are inherited from the user-group the delegated user belongs to.
82
Chapter 2: Standard and Enable Mode Commands
role-hierarchy
# show role-hierarchy
This command is used for content filtering policy. This command is available
for the sadmin, admin, and all privilege 15 users.
Displays the hierarchy of user groups (used for content filtering policy). For
example,
# show role-hierarchy
delegated-admin:
unassigned
Finance_policy
HR_policy
role-substitution-variable
# show role-substitution-variable {device device_id | group
custom_group_name}
This command is used for content filtering policy. This command is available
for the sadmin, admin, delegated-admin, and all privilege 15 users.
Displays the substitution variables defined for the specified device or custom
group.
# show role-substitution-variable user-group user-group-name
Displays the substitution variables for a user group.
running-config
# show running-config [brief | options {exclude-devices | excludejobs | exclude-priorities | exclude-groups}]
With no optional parameters or with the optional brief parameter, displays
commands required to configure Director to its currently running state.
options subcommands filter output by excluding information from devices,
jobs, priorities, and groups.
sessions
# show sessions
Displays information about active Management Console sessions.
Information includes user name, IP address from which the Management
Console is being run, whether the user acquired the configuration lock,
session ID, and last activity.
snmp
# show snmp [traps]
Displays SNMP configuration information.
The snmp traps command displays a list of the MIBs in Director and whether
their traps are disabled or enabled.
special-groups
# show special-groups
Displays all model and SGOS version groups.
For example:
83
Director Command Line Interface Reference
director # show special-groups
Device:Dev142
Parent:200-C
Parent:5.3.1.11
Device:QA143
Parent:200-B
Parent:5.4.1.2
The command displays groups and devices in the following order:
•
Devices in custom groups and for each device, which model and
operating system group it belongs to.
•
Model groups and each device in each model group.
•
Operating system groups and each device in each operating system
group.
ssh
# show ssh
# show ssh client
Displays all SSH client settings.
# show ssh client [authorized-keys [user username] | identity
[user username] | knownhosts [user username]]
Without an optional parameter, the command displays user identities,
user known hosts, and user authorized public keys.
# show ssh client [authorized-keys [user username] displays
RSA authorized public keys for all users or for the specified user.
# show ssh client [identity [user username]]
Displays known host identities for all users or for the specified user.
# show ssh client [knownhosts [user username]]
Displays known host public keys for all users or for the specified user.
# show ssh server [hostkey | knownhosts]
Without an optional argument, the command displays all SSH server
information.
# show ssh server [hostkey]
Displays the host public keys.
# show ssh server [knownhosts]
Displays all known host public keys.
standby-settings
# show standby-settings
Displays the standby pair settings for the Director. This includes the identity
of the primary and secondary. For more information, see Chapter 12,
Configuring Director Redundancy, in the Blue Coat Director Configuration and
Management Guide.
status
# show status
84
Chapter 2: Standard and Enable Mode Commands
Displays general Director status information. This includes hardware
installed (number of disks, amount of memory, number of CPUs), system
uptime, and CPU load.
syslog
# show syslog [archived number]
Using the command without the optional parameter enters an interactive
mode where you can scroll through the current system logs using the same
keys the UNIX less command uses. The common ones are:
•
Up and Down arrow keys to move up or down one line at a time
•
<space> to move down a page
•
b to move up a page
•
> to move to the end
•
/ followed by a search string and <cr> to do a forward search
•
< to move to the beginning
•
? followed by a search string and <cr> to do a backward search
•
n to find next occurrence of search string in same direction as last search
•
q to quit
# show syslog [archived number]
Used without an archive number, the command displays the list of
numbers of syslog archives. Enter an archive number displays the
corresponding log message.
tacacs
# show tacacs
Displays all TACACS+ server configuration settings.
tcpdump
# show tcpdump
Displays tcpdump output.
telnet-management
# show telnet-management
Displays whether or not Telnet logins are enabled, and displays options
related to the Telnet server.
upgrade-package
# show upgrade-package
Displays the list of installed software packages.
user-group
# show user-group user_group_name objects
This command is used for content filtering policy. This command is available
for the sadmin, admin, delegated-admin, and all privilege 15 users.
Displays objects associated with the specified user group name. For example,
to display the objects associated with the user group named Finance_policy:
85
Director Command Line Interface Reference
director # show user-group Finance_policy objects
Policy-type: local
central Policy path:
content policy overlay:
Send sg-commands: disable
http username:
http password:
Associated Usernames:
FinAdmin
Assoc-Device:Dev143
Name:SunnyvaleDev
Address:192.168.0.143
PolicyTemplate:FinancePolicyOverlay
Following is an explanation of the example:
•
Associated Usernames displays the delegated users who are members of
this user group
•
Assoc-Device displays the device IDs of all devices associated with the
user group
•
Name is the friendly name of each device
•
Address displays the device’s IP address
•
PolicyTemplate displays the names of the Policy templates associated
with the device.
usernames
# show usernames [username]
Displays a list of all usernames of all the users in the system. The privilege
level is listed for each username. If a username is specified, the information is
shown only for that user.
Note that this list does not reflect who is currently logged in.
version
# show version [detail]
Displays version information for the software installed on the local machine
and also includes Director’s hardware serial number. If you use the version
detail command, the output contains a few more fields, and is shown in a
more compact format.
86
Chapter 2: Standard and Enable Mode Commands
# slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director CLI. This command is also available in
Standard and Configuration mode. For information, see “>slogin” on page 26.
Important: When the slogin command is run from Configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
87
Director Command Line Interface Reference
# ssl
(Introduced in SGME 6.1.9.1) Configure security settings on the Director
appliance. For more information on the subcommands, see “(config) #ssl” on page
198.
88
Chapter 2: Standard and Enable Mode Commands
# standby
Configures the Director’s standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs. For information, see “>standby” on page 27.
89
Director Command Line Interface Reference
# tcpdump upload url
Synopsis
Displays IP packets on the wire. This command is also available in standard and
configuration modes.
Syntax
# tcpdump upload url
Upload a tcpdump file to an external server. url must be in one of the formats
discussed in “URL Syntax” on page 12.
For information about other options available with tcpdump, see “>tcpdump” on
page 29.
Example
# tcpdump upload ftp://192.168.0.2/uploads/
# tcpdump upload ftp://192.168.0.2/uploads/tcpdump.txt
90
Chapter 2: Standard and Enable Mode Commands
# traceroute
Synopsis
Determines the route packets take to a destination. This command is also
available in standard and configuration modes. For information, see
“>traceroute” on page 30.
91
Director Command Line Interface Reference
# write
Synopsis
Writes running configuration to persistent storage, making the changes
permanent. This command is also available in configuration mode.
Syntax
# write memory
Writes running configuration to persistent storage. To make settings
permanent (that is, permanent across multiple sessions with multiple
administrators), you must use this command.
Example
director # write memory
92
Chapter 3: Configuration Mode Commands
With the configure command you can attempt to acquire a write lock on the
configuration state of this Director. If you succeed, you enter Configuration mode. This
affects what set of commands are available. The word config is inserted into the
prompt to the left of the trailing # character.
Syntax
configure terminal [force]
If you fail to acquire a write lock (because someone else had the lock), you will
see an error message containing information about the current lock holder. The
full output will look similar to the following example:
director # configure terminal
% Lock is currently owned by:
Username: admin
Remote address: 10.25.36.47
Last active: 2004/04/28 07:29:05
Note that active here means making configuration changes, rather than any
keystrokes in the CLI.
If the force option is specified, the Director will break the lock of anyone else
who has it, instead of failing. The other client will be notified asynchronously
that it has lost the lock. After the lock is broken, the breaker automatically
acquires the lock.
Content Filtering Policy Commands
Configuration mode includes certain commands related to content filtering policy,
which is new in SGME 5.5. For more information, see “Content Filtering Policy and
Role-Based Access” on page 7.
93
Director Command Line Interface Reference
(config) # aaa authentication login default
Synopsis
Director enables you to use the following authentication schemes for user access
to Director:
•
LDAP: Supports authentication and authorization. You can configure all new
LDAP users to have privilege level 15 access, if needed. For more
information, see “(config) #ldap-server” on page 167.
•
RADIUS: Supports authentication and authorization.
For more information, see “(config) #radius-server” on page 172.
Important: To use RADIUS authentication, you must specify a shared secret (also
referred to as a key) when you configure the RADIUS server in Director.
•
TACACS: Supports authentication only. All users authenticated by TACACS
have privilege level 15 access.
For more information, see “(config) #tacacs-server” on page 201.
•
Local: Supports authentication and authorization.
For more information, see “(config) #username” on page 208.
The aaa authentication login default command enables you to use any
combination of the preceding mechanisms to authenticate and authorize users.
Use the aaa authentication login default command to determine the order
in which the repositories are searched. Local authentication must always be
searched.
For example, suppose your company has RADIUS and TACACS servers to
authenticate and authorize users. When a user named joe.jones logs in to
Director, you can configure Director to search for joe.jones in RADIUS,
TACACS, and local user repositories.
The following command causes Director to first search RADIUS; if joe.jones is
not found, Director searches TACACS; if joe.jones is not found, Director
searches its local repository; and if joe.jones is not found, Director denies the
login attempt:
(config) # aaa authentication login default radius tacacs local
If you have only a RADIUS server to authenticate and authorize users, use the
following command:
(config) # aaa authentication login default radius local
Note that local must always be in the list.
Syntax
(config) # aaa authentication login default {local | radius |
tacacs} subcommands
94
Chapter 3: Configuration Mode Commands
Subcommands
(config) # aaa authentication login default local {radius
[tacacs+]| tacacs+ [radius]}
Configures default authentication for login using the local password file.
(config) # aaa authentication login default radius {local [tacacs+]
| tacacs+ [local]}
Configures default authentication for login using a RADIUS server. Although
both combinations of the local command are listed as optional, you must
choose at least one of them so that local is present somewhere in the list.
(config) # aaa authentication login default tacacs+ {local
[radius]| radius [local]}
Configures default authentication for login using a TACACS+ server.
Although both combinations of the local command are listed as optional,
you must choose at least one of them so that local is present somewhere in the
list.
Example
director (config) # aaa authentication login default tacacs+ local
radius
95
Director Command Line Interface Reference
(config) # abort-on-errors
Causes a job to stop executing if errors are encountered. This command should
not be used in the command line; the command is used only by the Management
Console and is listed here for completeness.
96
Chapter 3: Configuration Mode Commands
(config) # access-list access_list_name
Synopsis
Use this command to create or edit access list settings. Most of the commands in
this submode are also available by entering the configuration command accesslist access_list_name.
An access list is consumed by an access group; in other words, an access list sets up
the list of access rules for an interface (for example, to deny TCP requests from a
particular network). The access list is associated with a particular interface using
an access group. For more information about access groups, see “(config)
#interface interface_number” on page 133.
Syntax
(config) # [no] access-list access_list_name
This changes the prompt to:
director (config acl access_list_name) #
Following is a general discussion of the command syntax. This information
applies to all access-list commands.
Prefacing this command with the optional no command removes the access list.
access-list Actions
Possible actions are as follows:
•
deny—The specified packets are dropped.
•
permit—The specified packets are allowed.
•
reject—The specified packets are dropped and Director returns an error
code to the sender of the packet, or respond with an ICMP unreachable
message, depending on whether matching is done on outbound or inbound
traffic, respectively.
Protocol
Enables you to selectively permit, deny, or reject traffic from the following IP
protocols (transport layer and below only):
•
All protocols (use the ip subcommand to specify all protocols)
•
tcp
•
udp
•
icmp (including ICMP types)
You have the option of including ICMP message type as part of the filter.
Omitting the ICMP type means you match all ICMP message types.
To do this, enter icmp icmp_type for the protocol, where icmp_type is
defined as follows:
•
0 (echo-reply)
•
3 (unreachable)
•
4 (source-quench)
97
Director Command Line Interface Reference
•
5 (redirect)
•
8 (echo)
Source and Destination
Source and destination addresses can be used to selectively permit, reject, or deny
protocol traffic to and from source and destination addresses and address
wildcards.
Specify the source address first in the following format: source_ip_address
wildcard_mask. Together, they specify a network address range used to match
packets.
source_ip_address is the IP address of the source.
wildcard_mask is the opposite of a subnet mask for source_ip_address. For
example, if source_ip_address is 10.1.1.0, its subnet mask would be a Class C
mask (24-bit) mask of 255.255.255.0. wildcard_mask for this source_ip_address
is 0.0.0.255.
Port Number Matching
This information applies to the UDP and TCP protocols only.
UDP and TCP access lists enable you to use port numbers as part of the access list
filter. Omitting the port number means the filter applies to all ports.
You can also use one of the following operators:
•
gt (greater than)
•
lt (less than)
•
== (equal to)
•
!= (not equal to)
•
range—destination port range, specified as the lower port number, space,
and the higher port number
For example, range 5000 6000
Subcommands
This section discusses the following subcommands:
•
“comment”
•
“deny” on page 99
•
“exit” on page 99
•
“help” on page 99
•
“permit” on page 99
•
“reject” on page 100
•
“show access-lists” on page 100
comment
(config acl access_list_name) # [no] comment comment
Enter an optional description for this access list.
98
Chapter 3: Configuration Mode Commands
Prefacing this command with the optional no command removes the
comment from the access list.
deny
(config acl access_list_name) # [no] deny ip_protocol any {any |
destination_ip_address wildcard_mask | host ip_address} [log]
Drops packets using the specified IP protocol from any source address. To
drop packets for all IP protocols, enter ip for ip_protocol. For more
information, including information about the ICMP protocol, source and
destination addresses, and port number matching for TCP and UDP
protocols, see “Subcommands” on page 98.
Prefacing this command with the optional no command removes the deny
rule.
(config acl access_list_name) # deny ip_protocol source_ip_address
wildcard_mask {any | destination_ip_address
destination_wildcard | host ip_address} [log]
Drops packets using the specified IP protocol from a specified source address.
(config acl access_list_name) # deny ip_protocol host ip_address
{any | destination_ip_address wildcard_mask | host ip_address}
[log]
Drops the packet for the host source address for the specified IP protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in “(config) #interface interface_number” on
page 133.
exit
(config acl access_list_name) # exit
Exits the access-list submode and returns to configuration mode.
help
(config acl access_list_name) # help
Displays help for subcommands.
permit
(config acl access_list_name) # [no] permit ip_protocol
(config acl access_list_name) # permit ip_protocol any {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
Passes the packet through for any source address for the specified IP
protocol. To pass the packet through for all IP protocols, enter ip for
ip_protocol. For more information, including information about the
ICMP protocol, source and destination addresses, and port number
matching for TCP and UDP protocols, see “Subcommands” on page 98.
Prefacing this command with the optional no command removes the
permit rule.
(config acl access_list_name) # permit ip_protocol
source_ip_address source_wildcard {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
99
Director Command Line Interface Reference
Passes the packet through for the specified source address.
(config acl access_list_name) # permit ip_protocol host
ip_address {any | destination_ip_address
destination_wildcard | host} [log]
Passes the packet through for the host source address for the specified IP
protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in “(config) #interface interface_number” on
page 133.
reject
(config acl access_list_name) # [no] reject ip_protocol
(config acl access_list_name) # reject ip_protocol any {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for any source address for
the specified IP protocol. For more information, including information
about the ICMP protocol, source and destination addresses, and port
number matching for TCP and UDP protocols, see “Subcommands” on
page 98.
Prefacing this command with the optional no command removes the
reject rule.
(config acl access_list_name) # reject ip_protocol
source_ip_address source_wildcard {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for the specified source
address for the specified IP protocol.
(config acl access_list_name) # reject ip_protocol host
ip_address {any | destination_ip_address
destination_wildcard | host} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for the host source address
for the specified IP protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in “(config) #interface interface_number” on
page 133.
show access-lists
(config acl access_list_name) # show access-lists
Displays information about configured access lists.
100
Chapter 3: Configuration Mode Commands
Example
director (config acl bc) # deny udp 10.107.0.62 0.0.255.255
192.168.0.11 0.0.255.255 gt 5000
director (config acl bc) # show access-lists
Access-list bc, type "filter"
0: deny 0.0.0.0 255.255.255.255 10.107.0.62 0.0.0.0 ip log
1: deny 10.107.0.62 0.0.255.255 192.168.0.11 0.0.255.255 udp gt
5000
101
Director Command Line Interface Reference
(config) # archive
Synopsis
Manipulates archives on this system. With the exception of the restore
subcommand, this command is also available in enable mode. See “#archive” on
page 32 for information.
Note: Director does not archive its IP addresses so an archive taken on one Director
appliance can be restored on another Director appliance without changing the target
Director’s IP addresses.
Syntax
Restoring an Archive
To restore an archive (that is, to install an archive located on this Director
appliance), use the following command:
director (config)# archive {all | config | device-backup | eventlog | job-report} restore archive_name [key keyname]}
Prerequisites: Before restoring an archive, you must perform all of the following
tasks:
•
Fetch the archive to this Director.
For more information, see “Fetching an Archive” on page 35.
•
If the archive was encrypted with a key that is not already stored on this
Director, you must input the archive key.
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see “Specifying What to Archive” on page 32.
archive_name must match the name of a previously saved archive on this Director.
to display archive names, enter one of the following commands;
director (config)# archive {all | config | device-backup | eventlog | job-report} restore ?
director (config)# show archive {all | config | device-backup |
event-log | job-report}
If the archive was encrypted with an archive key, you must enter a value for the
key parameter.
For example,
director (config)# archive all restore sgmearchive-director-all2008.12.03-004256.tgz key mykey
102
Chapter 3: Configuration Mode Commands
(config) # arp
Synopsis
Adds a permanent entry to the Address Resolution Protocol (ARP) cache or sets
parameters for ARP.
Syntax
(config) # arp subcommands
Subcommands
(config) # arp ip_address MAC_address
Adds a permanent (static) entry to the ARP cache.
(config) # arp timeout seconds
Sets the ARP cache timeout value in seconds. The default value is 14400
seconds (4 hours).
Example
director (config) # arp timeout 28800
103
Director Command Line Interface Reference
(config) # banner
Synopsis
Changes the banner displayed on an SSH command session and serial console.
The default banner is similar to the following:
Copyright (c) 1997-2009, Blue Coat Systems, Inc.
Welcome to SG-ME 6.1.1.1 #45678 2012.01.05-013904
For configuring a banner for the Director Management Console, see “(config)
#login-banner” on page 143.
Syntax
(config) # banner input banner-text
The input parameter enables you to enter banner text. After input, enter the
banner text, ending with Control+D.
Subcommands
There are no subcommands of this command.
Example
director (config) # banner input
Enter your banner now.
Press Ctrl-D when finished, or Ctrl-C to abort.
Welcome to Director for Example Corp.
Director is running SGME 6.1 build 76543
director (config) # show banner
Welcome to Director for Example Corp.
Director is running SGME 6.1 build 76543
104
Chapter 3: Configuration Mode Commands
(config) # cdn
Synopsis
This command has been deprecated; use “(config) #content options” on page 111
instead.
105
Director Command Line Interface Reference
(config) # clear
Synopsis
Clears certain options. This command is also available in enable mode. See
“#clear” on page 38 for information.
106
Chapter 3: Configuration Mode Commands
(config) # cli
Synopsis
Sets Command Line Interface (CLI) options.
Syntax
(config) # cli [subcommands]
Subcommands
(config) # cli sg-cli-timeout #h #m #s
Sets the amount of time of user inactivity before the administrator is logged
out of the command line session on the ProxySG appliance. The timeout
applies to standard, enable, and configuration mode sessions. The default
value is 1440 minutes.
This setting applies to all users and is persistent across sessions (provided
you use the write memory command as discussed in “#write” on page 92).
It is only read when an administrator logs in, so if multiple administrators are
logged in when the timeout is changed, it will immediately affect only the
administrator who made the change. The others will be affected the next time
they log in.
(config) # show sg-cli-timeout
Display the timeout period set for CLI sessions on the ProxySG appliance.
(config) # cli timeout #h #m #s
Sets the amount of time of user inactivity before the administrator is logged
out of the command line session. The timeout applies to standard, enable, and
configuration mode sessions.
This setting applies to all users and is persistent across sessions (provided
you use the write memory command as discussed in “#write” on page 92).
It is only read when an administrator logs in, so if multiple administrators are
logged in when the timeout is changed, it will immediately affect only the
administrator who made the change. The others will be affected the next time
they log in.
(config) # show cli timeout
Display the timeout period set for CLI sessions.
The other subcommands for this command are discussed in “>cli” on page 16.
Example
director (config) # cli timeout 2h 30m
107
Director Command Line Interface Reference
(config) # clock
Synopsis
Use this command to set the current system time, and optionally also the date.
This command is not available if a local NTP server is running. Note that, unlike
most configuration commands, this command does not wait for a write memory
command to be committed to persistent storage.
Syntax
(config) # clock [subcommands]
Subcommands
(config) # clock set hh:mm[:ss] [yyyy/mm/dd]
Sets the time and, optionally, the date.
(config) # clock timezone continent country [state_or_province]
city
Sets the local timezone. A state or province is required for some countries (for
example, United States and Canada), but not for others (for example, Europe,
Australia).
Examples
director (config) # clock timezone america united_states california
los_angeles
director (config) # clock set 12:20:45 2012/07/30
108
Chapter 3: Configuration Mode Commands
(config) # configuration
Synopsis
Manipulates configuration files. A configuration includes the following:
•
Director’s network configuration (IP address, DNS servers, and so on)
•
Profiles, overlays, jobs, groups, and devices
•
Objects associated with profiles, overlays, jobs, and groups (for example,
substitution variables, URL lists, regular expression lists, and so on)
The following are not included in a configuration:
•
Alerts
•
SNMP (after restoring the archive, SNMP will be disabled and SNMP contact
information reverts to its default values)
•
NTP
Note: Configurations are stored on Director; they are not archived.
Syntax
director (config) # configuration {delete {filename | initial} |
destroy-old-files | move {{source_filename | initial}
destination_filename} | new filename [keep-console] | restorefactory-defaults | restore-sgme4-files | revert | switch-to
{filename | initial} write [to]}
Subcommands
(config) # configuration delete {filename | initial}
Deletes either the specified configuration file or the initial configuration.
Deleting the currently-active file is not permitted.
(config) # configuration destroy-old-files
Destroys old configuration files. This precludes downgrades.
(config) # configuration move {source_filename |
initial} destination_filename
Moves the specified configuration file from the first filename or the initial
configuration to the destination file name. This command can also be used to
rename a file.
(config) # configuration new filename [keep-console]
Create a new configuration file. The optional keep-console command
preserves the current network settings.
(config) # configuration restore-factory-defaults
Restore the configuration back to factory defaults. Use this command only in
if necessary; for example, if errors prevent you from using Director. You can
also use it to reset Director to defaults after testing Director in your
deployment.
After using this command, Director reboots.
109
Director Command Line Interface Reference
(config) # configuration restore-sgme4-files
Use this command only if you downgrade from SGME 5.3.x to SGME 4.2.2.1
to restore the SGME 4.2.2.1 configuration files.
(config) # configuration revert
Reverts the running state of the system back to the last-saved state.
(config) # configuration switch-to {filename | initial}
Discards the currently-running configuration and makes active the specified
configuration. Subsequent configuration saves (using configuration write
or write memory) will be written to this configuration.
Note: Changing configurations affects all users connected to Director using the
command line, the Management Console, and the serial console.
(config) # configuration write [to filename]
Commits all changes requested to persistent storage. Before this command is
executed, all changes are held only in memory, and are not committed, and
thus would be lost on a reboot. If the to filename option is used, the
configuration is saved to a new configuration file, which then becomes the
active configuration, to which all subsequent calls to the configuration
write command will save.
This command is the same as “#write” on page 92.
Example
director (config) # configuration switch-to fn-2
110
Chapter 3: Configuration Mode Commands
(config) # content options
Synopsis
Enables you to set performance options for content jobs. For related commands,
see:
•
“(config) #content url-list” on page 112
•
“#content” on page 41
Syntax
director (config)# content options {throttle delay delay_sec numcommands integer | timeout {completed-cmds seconds |
outstanding-cmds seconds}}
Sets options to manipulate the number of content commands that complete per
unit time.
where
delay_sec is the number of minutes to delay between sending batches of content,
integer is the number of content commands to send in one batch, and seconds is
the number of seconds to wait for commands to complete.
Defaults follow:
•
Outstanding commands timeout: 10,800 seconds (that is, three hours)
•
Completed commands timeout: 3,600 seconds (that is, one hour)
•
Number of commands in a batch: 25
•
Length of time between batches of commands: 10 seconds
Note: Older ProxySG models—such as the SG200—might not function properly if
the throttle options defaults are changed from their defaults (25 commands every
10 seconds). On these older models—because of slower processors and smaller
amounts of RAM—you should expect to process a maximum of 400,000 URLs.
The commands that are the equivalent of Director defaults follow:
director (config) # content options throttle delay 10 num-commands
25
director (config) # content options timeout completed-cmds 3600
director (config) # content options timeout outstanding-cmds 10800
111
Director Command Line Interface Reference
(config) # content url-list
Synopsis
Enables you to manipulate URL list objects. For related commands, see:
•
“#content” on page 41
•
“(config) #content options” on page 111
Syntax
director (config)# content url-list list_id {comment comment |
create | name name | input}
Subcommands
director (config)# content url-list list_id comment comment
Adds an optional comment to the URL list object.
director (config)# content url-list list_id create
Creates a URL list object with unique identifier list_id.
director (config)# content url-list list_id name name
Adds a “friendly” name to this URL list object.
director (config)# content url-list input
Enables you to input a URL list. Put each URL on a separate line. When
you’re finished, press Control+D to save the list or Control+C to cancel
without saving the list.
Note: Every URL must start with the protocol (also referred to as the schema);
for example, http://. URLs that start with www. or a similar prefix are not
valid and will result in job execution failure.
112
Chapter 3: Configuration Mode Commands
(config) # continue-on-errors
Causes a job to continue executing if errors are encountered. This command
should not be used in the command line; the command is used only by the
Management Console and is listed here for completeness.
113
Director Command Line Interface Reference
(config) # debug
Synopsis
System debugging information and commands. This command is also available in
enable mode. See “#debug” on page 48 for information about this command.
114
Chapter 3: Configuration Mode Commands
(config) # device device_id
Synopsis
This command manages device records, creating a record with the specified
device ID if one did not previously exist. Most of the commands in this submode
are also available by entering the configuration command device device_id.
Common Authentication Commands
For Director to connect to a device, you must enter the following commands at
minimum:
(config device device_id) # address hostname_or_ip_address
(config device device_id) # enable-password enable-password
(config device device_id) # web-config port port_number
(config device device_id) # protocol sshv2 port port_number
This command is required only if you use a port other than the default, 22.
(config device device_id) # front-panel-pin pin
This command is required only if a front panel PIN is set on the device.
Commands for SSH Simple Authentication
SSH Simple authentication means Director uses an unencrypted user name and
password to authenticate itself with the device. Because the user name and
password are not encrypted, Blue Coat strongly recommends you use SSH-RSA
authentication as discussed in the next section.
For Director to authenticate itself with a device non-securely using SSH Simple
authentication, you must enter the following commands in addition to the
commands discussed in “Common Authentication Commands” on page 115:
(config device device_id) # auth simple password password
(config device device_id) # auth simple username username
Commands for SSH-RSA Authentication
For a device to authenticate securely with Director using SSH-RSA, you have the
following options:
•
Add the device using SSH Simple authentication and upload keyrings to the
device to change it to SSH-RSA
The commands required to perform these tasks are discussed in this section.
•
Register the device with Director, which adds it and causes it to authenticate
using SSH-RSA in one step
This is discussed in Chapter 4, Registering Devices, in the Blue Coat Director
Configuration and Management Guide.
SSH-RSA communication authenticates Director with devices using a secure
channel and private/public key cryptography. To authenticate, Director uses a
reserved user name director and a keyring stored on the device.
For Director to use SSH-RSA authentication, you must enter the following
commands in addition to the commands discussed in “Common Authentication
Commands” on page 115:
115
Director Command Line Interface Reference
(config device device_id) # auth simple username username
(config device device_id) # auth simple password password
The auth simple username and auth simple password commands are
required for Director to use the device’s CLI to set up SSH-RSA
authentication.
(config device device_id) # auth rsa username director
This reserved user name is required for Director to authenticate the device.
(config device device_id) # auth rsa key {copy device_id sshv1} |
generate sshv2}
This command gives you the choice of copying a keyring from another device
or generating a new keyring for the device.
(config device device_id) # pushkey sshv2
(config device device_id) # authtype rsa
Syntax
(config) # device device_id
This changes the prompt to:
(config device device_id) #
Note: The device ID can be a maximum of 250 characters in length and cannot
include the following characters: {, }, <, >, (, ), #, or $.
Subcommands
See one of the following sections:
•
“address” on page 117
•
“auth rsa” on page 117
•
“authtype” on page 117
•
“comment” on page 118
•
“create” on page 118
•
“dnsname” on page 118
•
“enable-password” on page 118
•
“exit” on page 118
•
“front-panel-pin” on page 118
•
“help” on page 118
•
“dipv6address” on page 118
•
“name” on page 118
•
“no” on page 118
•
“overlay” on page 119
•
“protocol” on page 119
•
“pushkey” on page 119
116
Chapter 3: Configuration Mode Commands
•
“pushpassword” on page 119
•
“reconnect” on page 119
•
“serial-console-password” on page 120
•
“serial-number” on page 120
•
“state” on page 120
•
“substitution-variable” on page 120
•
“web-config port” on page 120
address
(config device device_id) # address hostname_or_ip_address
Sets the IP v4 address of this device.
To set the IP v6 address on the device, see “dipv6address” on page 118.
auth rsa
(config device device_id) # auth rsa {key {copy device_id sshv2} |
{generate sshv2} | knownhost key sshv2}
(config device device_id) # auth rsa key copy device_id2 sshv2
Sets the SSH-RSA key pair for connections to this device to be a copy of
the key used for device_id2. This command does not change any
settings for device_id2, so any future changes to the key for device_id2
will not be automatically be copied to this device.
(config device device_id) # auth rsa key generate sshv2
Creates an SSH-RSA private key for the device.
(config device device_id) # auth rsa knownhost key sshv2
key_length exponent key
Specifies or changes the known host public key for this device.
(config device device_id) # auth rsa username director
Sets the username that will be used to log in to a device if authtype is set to
rsa.
Important: The user name must be director or connection to Director will
fail.
(config device device_id) # auth simple {password password |
username username}
Sets the password that Director uses to log in to a device if the authtype
command is set to simple.
Important: For Director to connect to the device, you must supply both a user
name and a password. For example, if the device’s user name is admin and
the password is bluecoat, enter the following commands:
(config device device_id) # auth simple password bluecoat
(config device device_id) # auth simple username admin
authtype
(config device device_id) # authtype [rsa | simple]
117
Director Command Line Interface Reference
Sets the type of authentication used to connect to a specified device. simple is
standard username/password authentication. rsa is available only if the
protocol is sshv2 (that is, SSH-RSA).
comment
(config device device_id) # comment comment
Associates a comment with the device record.
create
(config device device_id) # create
Creates a new device record. Equivalent to the following command:
director (config) # device device_id create
dnsname
(config device device_id) # dnsname name
Enter the hostname for this device. This options allows you to use a human
readable name instead of a dotted IP address to access the device.
enable-password
(config device device_id) # enable-password enable-password
Sets the password used to access enable mode on this device.
exit
(config device device_id) # exit
Exits device submode and returns to configuration mode.
front-panel-pin
(config device device_id) # front-panel-pin pin
Specifies the front panel PIN for this device.
help
(config device device_id) # help
Displays help information.
dipv6address
(config device device_id) # ipv6address hostname_or_ip_address
Sets the IPv6 address of this device.
name
(config device device_id) # name friendly-name
Assigns a friendly name to this device.
no
(config device device_id) # no subcommands
(config device device_id) # no address
config device device_id) # no ipv6address hostname_or_ip_address
Removes the IP address or hostname from this device.
(config device device_id) # no auth rsa {key sshv2 | knownhost
key sshv2 | username}
118
Chapter 3: Configuration Mode Commands
Removes parameters for RSA device authorization.
(config device device_id) # no auth simple {password | username}
Removes parameters for simple device authorization.
(config device device_id) # no authtype
Resets the device authorization type to the default.
(config device device_id) # no comment
Removes the comment from this device.
(config device device_id) # no dnsname
Removes the hostname configured on this device.
(config device device_id) # no enable-password
Clears the enable password from this device record.
(config device device_id) # no front-panel-pin
Clears the front panel PIN from this device record.
(config device device_id) # no name
Removes the friendly name from this device protocol.
(config device device_id) # no protocol
Resets the protocol for this device to its default, which is telnet.
(config device device_id) # no web-config port
Resets the port for the Web configuration interface on this device to the
default, which is 8082.
overlay
director (config device device_id) # overlay
content_policy_overlay_id
This command is used with content filtering policy. This command is
available for the sadmin user only.
Associates the indicated Content Policy overlay with the device.
protocol
(config device device_id) # protocol sshv2 port port_number
Connect to this device using RSA-SSH on port_number. The default port
number is 22.
pushkey
(config device device_id) # pushkey sshv2
Logs into the device and adds Director’s RSA-SSH public key to its
authorized key list.
pushpassword
(config device device_id) # pushpassword {enable-password password
| front-panel-pin pin | password password}
Sets the enable password, front panel PIN, and login password on this device
and device record.
reconnect
119
Director Command Line Interface Reference
(config device device_id) # reconnect
Drops the existing connection and reinitiates connection to the device.
serial-console-password
(config device device_id) # serial-console-password password
Specifies the password to secure serial console on this device.
serial-number
(config device device_id) # serial-number serial#
Sets the hardware serial number of this device.
state
(config device device_id) # state {configured | not-registered |
registered}
Sets the state of this device as one of the following:
•
configured means the device is being managed by Director and has
already been configured using a profile or overlay.
•
not-registered means the device is not yet managed by Director
because it has not been registered.
•
registered means the device has been added to or registered with
Director.
substitution-variable
(config device device_id) # substitution-variable name input
Creates a substitution variable of name for this device. The input
subcommand enables you to enter a value for the substitution variable. After
input, enter the value of the substitution variable, ending with Control+D.
For more information about substitution variables, see Chapter 11, Managing
Substitution Variables, in the Blue Coat Director Configuration and Management
Guide.
A substitution variable name can be a maximum of 64 characters in length,
alphanumeric characters only. If there are any spaces, reserved characters, or
special characters, errors occur.
Reserved characters for SGOS include ? (question mark—reserved for
command help) or % (percent—reserved for errors). In addition, * (asterisk) is
a special character and cannot be used in a substitution variable.
Note: To create substitution variables for use with content filtering policy, see
“(config) #role-substitution-variable” on page 189 instead.
web-config port
(config device device_id) # web-config port port_number
Sets the device’s HTTPS Console port. To find this value, log in to the
ProxySG Management Console for the device and click Services >
Management Services. The port value displays in the right pane in the Port
column for HTTPS-Console.
120
Chapter 3: Configuration Mode Commands
(config) # device-acl
Synopsis
Associates a device or a custom group with a user group. Delegated users in this
user group can push block lists and allow lists to these devices or groups.
This command is used with content filtering policy. This command is available for
the sadmin user only.
For more information about content filtering policy commands, see “Content
Filtering Policy and Role-Based Access” on page 7.
Syntax
director (config) # [no] device-acl role delegated-admin user-group
user_group_name {device device_id | group custom_group_name}
For example, the following command associates the user group Finance_policy
with the custom group DevAustin:
director (config) # device-acl role delegated-admin user-group
Finance_policy group DevAustin
Preceding the command with the optional no subcommand disassociates the
device or custom group from the user group.
Related Commands
•
To create a user group,
director (config) # role delegated-admin user-group group_name
For more information, see “(config) #role” on page 187
•
To create a delegated user authorized locally,
director (config) # username username role delegated-admin
•
To create a delegated user authorized by RADIUS,
director (config) # username username auth-type radius
•
To associate delegated users with a user group,
director (config) # username username role delegated-admin usergroup group_name
See “(config) #username” on page 208.
•
To create a Content Policy overlay,
director (config) # remote-config overlay overlay_id policy_type
enable
director (config) # remote-config overlay overlay_id
director (config remote-config overlay "overlay_id") # input
For more information, see “overlay” on page 179.
•
To associate a Content Policy overlay with a device,
director (config) # device device_id overlay
content_policy_overlay_name
For more information, see “(config) #device device_id” on page 115
•
To create substitution variables,
121
Director Command Line Interface Reference
director (config) # [no] role-substitution-variable
variable_name (device device_id | group group_name} input
For more information, see “(config) #role-substitution-variable” on page 189
122
Chapter 3: Configuration Mode Commands
(config) # dmc request-timeout
Synopsis
Configures the length of time that requests made in Director Management
Console can be inactive before the request times out. (Introduced in SGME 6.1.8.1)
Syntax
(config) # dmc request-timeout <number_of_seconds>
where <number_of_seconds> is an integer greater than 30
Subcommands
There are no subcommands for this command.
Example
Set the request timeout to be 31 seconds and then verify the setting using the
#show command.
(config) # dmc request-timeout 31
(config) # show dmc request-timeout
DMC request timeout: 31
123
Director Command Line Interface Reference
(config) # dmc timeout
Synopsis
Configures the length of time the Director Management Console can be inactive
before the session is closed.
Syntax
(config) # dmc timeout time
Subcommands
(config) # no dmc timeout
Resets the timeout period for Director Mangement Console sessions to the
default timeout of 15 minutes.
(config) # show dmc timeout
Display the timeout period set for Director Mangement Console sessions.
124
Chapter 3: Configuration Mode Commands
(config) # exit
Synopsis
This command allows you to exit configuration mode and return to enable mode.
Syntax
(config) # exit
The exit command does not have any parameters or subcommands.
Example
director (config) # exit
director #
125
Director Command Line Interface Reference
(config) # file
Manipulates files on this system. This command is also available in enable mode.
126
Chapter 3: Configuration Mode Commands
(config) # folder folder_id
Synopsis
This command enables you to add jobs, profiles, overlays, regular expression lists,
and URL lists to folders; and enables you to nest folders. Like the device
command, entering folder folder_id starts folder mode.
Syntax
(config) # folder folder_id subcommands
Entering folder folder_id changes the prompt to the following:
director (config folder folder_id) #
Subcommands
This section discusses the following topics:
•
“Folder Submode Commands”
•
“Negating Folder Commands” on page 128
Folder Submode Commands
director (config folder folder_id) # [no] comment comment
Adds a comment to the folder.
Preceding the command with the optional no parameter removes the selected
comment, or without the optional comment parameter, removes all comments
from the folder.
director (config folder folder_id) # create
Creates the folder.
director (config folder folder_id) # exit
Returns to configuration mode.
director (config folder folder_id) # help
Displays help for subcommands.
director (config folder folder_id) # job job_id
Includes the specified Job ID in this folder.
director (config folder folder_id) # [no] name name
Gives the folder a friendly name.
Preceding the command with the optional no parameter removes the folder’s
friendly name.
director (config folder folder_id) # overlay overlay_id
Copies the specified overlay to this folder.
director (config folder folder_id) # [no] parent folder_id
Specifies the parent of this folder; in other words, makes this folder the child
of folder_id.
127
Director Command Line Interface Reference
Preceding the command with the optional no parameter removes the parent
folder from this folder, meaning this folder becomes a top-level folder.
director (config folder folder_id) # profile profile_id
Copies the specified profile to this folder.
director (config folder folder_id) # regex-list list_id
Copies the specified regular expression list to this folder.
director (config folder folder_id) # url-list list_id
Copies the specified URL list to this folder.
Negating Folder Commands
This section discusses how to negate certain folder commands. To negate these
commands, you must be in configuration mode and not in folder submode.
If you are currently in folder submode, enter exit to return to configuration mode
as shown in the following example:
director (config folder "MyFolder") # exit
director (config) #
Command syntax follows:
director (config) # no folder folder_id [comment | job job_id |
name | overlay overlay_id | parent | profile profile_id | regexlist list_id | url-list list_id]
With no optional parameter, deletes the specified folder. The contents of the
folder, if any, remain in other folders or, if this was the only folder, move to the
Unassigned folder. Other options follow:
(config) # no folder folder_id comment
Deletes the folder’s comment.
(config) # no folder folder_id job job_id
Deletes the specified job from the folder but does not delete the job itself.
(config) # no folder folder_id name
Deletes the folder’s friendly name.
(config) # no folder folder_id overlay overlay_id
Deletes the specified overlay from the folder but does not delete the
overlay itself.
(config) # no folder folder_id parent
Removes parent folders from this folder, making this folder a top-level
folder.
(config) # no folder folder_id profile profile_id
Deletes the specified profile from the folder but does not delete the profile
itself.
(config) # no folder folder_id regex-list list_id
Deletes the specified regular expression lists from the folder but does not
delete the list itself.
(config) # no folder folder_id url-list list_id
Deletes the specified URL list from the folder but does not delete the list
itself.
128
Chapter 3: Configuration Mode Commands
(config) # group group_id
Synopsis
This command allows you to manage groups of devices. Most of the commands
in this submode are also available by entering the configuration command group
group_id.
Syntax
(config) # group group_id
This changes the prompt to:
director (config group group_id) #
Subcommands
(config group “group_id”) # [no] comment comment
Sets the comment associated with a group. This can be used to hold longer,
more detailed information than the friendly name. Unlike the friendly name,
the comment is shown only when information about this group is specifically
requested.
Preceding the command with the optional no parameter removes the
comment from this group.
(config group group_id) # create
Creates a top-level group with this name.
(config group “group_id”) # [no] device device_id
Adds a device to this group.
Preceding the command with the optional no parameter removes a device
from this group but does not delete the device itself.
(config group group_id) # exit
Exits group submode and returns to configuration mode.
(config group group_id) # help
Displays help information.
(config group group_id) # name friendly_name
Sets the friendly name associated with a group. If the group already had a
name, the old name is overwritten.
(config group group_id) # [no] parent parent_group_id
Makes this group a child of another group.
Preceding the command with the optional no parameter makes this group a
top-level group.
(config group group_id) # [no] substitution-variable name [input
variable_value]
Adds a substitution variable to a custom group or a system group.
129
Director Command Line Interface Reference
The input command loads the value of the substitution variable into Director.
Enter the entire contents of the variable value, ending with Control+D.
Preceding this command with the optional no parameter removes the
substitution variable from the group. The input parameter is not valid if the
command is preceded by no.
For more information about substitution variables, see the Blue Coat Director
Configuration and Management Guide.
Example
director (config) # group g1
director (config group “g1”) # device 10.25.36.47
130
Chapter 3: Configuration Mode Commands
(config) # help
Lists all top-level commands currently available. This command is also available
in Standard and Enable modes. See “>help” on page 20 for more information.
131
Director Command Line Interface Reference
(config) # hostname
Synopsis
Sets this machine’s hostname.
Syntax
(config) # hostname hostname
Sets Director’s host name. When you change the host name, the prompts of all
logged in clients are changed as soon as you press another key.
Important: Make sure your DNS servers can resolve the host name you enter
to Director’s IP address.
Example
director (config) # hostname Director_2
director_2 (config) #
132
Chapter 3: Configuration Mode Commands
(config) # interface interface_number
Synopsis
The commands in this submode allow you to configure the specified interface.
Syntax
(config) # interface interface_number
This changes the prompt to:
director (config interface interface_number) #
Subcommands
See one of the following sections:
•
“Configuring an Interface”
•
“Binding an Access List to an Interface” on page 134
•
“Other Commands” on page 134
Configuring an Interface
This section discusses how to configure an interface’s duplex, IP address, and
speed settings; and how to disable an interface.
(config interface interface_number) # [no] duplex {half | full |
auto}
Set the duplex for this interface. Preceding the command with the optional no
parameter removes the duplex setting.
(config interface interface_number) # [no] ip address ip_address
netmask
Sets the IP address and netmask on this interface. Preceding the command
with the optional no parameter removes the IP address.
To set an interface’s default gateway and DNS servers, see “(config) #ip” on
page 135.
(config interface interface_number) # [no] ipv6address ip_address
netmask
Sets the IP v6 address and netmask on this interface. Preceding the command
with the optional no parameter removes the IP address.
To set an interface’s default gateway and DNS servers, see “(config) #ip” on
page 135.
(config interface interface_number) # [no] shutdown
Disables this interface. Preceding the command with the optional no
parameter enables the interface.
(config interface interface_number) # [no] speed {10 | 100 | 1000 |
auto}
Sets the speed for this interface. Note that if the speed command is set to
auto, duplex is also automatically set to auto. Preceding the command with
the optional no parameter restores the default auto setting.
133
Director Command Line Interface Reference
Binding an Access List to an Interface
This section discusses how to bind an existing access list to an interface. An access
list has no effect until it is bound to an interface. For more information about
access lists, see “(config) #access-list access_list_name” on page 97.
(config interface interface_number) # ip {access-group
access_list_name {in | out}}
Sets an access list to be associated with inbound or outbound traffic on an
interface. A check is done to verify that the access list exists and is of type
filter.
The following example binds an access list named permitOne to interface
ether-0 to filter inbound traffic.
director (config interface ether-0) # ip access-group permitOne
in
Other Commands
(config interface interface_number) # exit
Exits interface submode and returns to configuration mode.
(config interface interface_number) # help
Displays help information.
(config device interface_number) # show
Displays system information as discussed in “(config) #show” on page 191.
Entering show interfaces displays the list of interfaces along with
configuration information (for example, IP address, speed, and duplex) and
statistics (for example, number of packets received and number of bytes
received).
134
Chapter 3: Configuration Mode Commands
(config) # ip
Synopsis
Configures IP protocol settings, including default gateway, static routing, and
detailed IP protocol options.
Syntax
(config) # [no] ip {subcommands}
Subcommands
(config) # [no] ip access-list {list_name | extended list_name}
Entering ip access-list list_name changes to access-list submode (see
“(config) #access-list access_list_name” on page 97).
(config) # [no] ip default-gateway ip_address
Sets Director’s default gateway.
(config) # [no] ip default-gateway-v6 ip_address
Sets Director’s default IPv6 gateway.
(config) # [no] ip domain-list domain_name
Adds a domain name that will be used to the DNS suffix list. This list is used
to complete unqualified host names. Do not include a leading period
character in domain_name.
The specified domain name is added to the bottom of the list. If the domain
you enter was already in the list, this command has no effect.
(config) # [no] ip host hostname ip_address
Adds a static mapping between a host name and an IP address. Note that
multiple IPs for a single hostname are possible.
(config) # [no] ip icmp rate-limit milliseconds
Limits the rate at which ICMP errors are generated to at most one every
millisecond. You can enter a range from 0 to 60000.
(config) # [no] ip name-server ip_address
Adds a DNS server to the list of DNS servers used to resolve names. The DNS
server specified is put at the bottom of the list. If it was already in the list, this
command has no effect. You can add both IPv4 and IPv6 DNS servers.
(config) # [no] ip route network_prefix netmask gateway_address
Adds an entry to the static routing table. For example, to add a static route for
IP addresses 192.0.0.0 through 192.0.0.254 to the static routing table of an
appliance whose IP address is 192.10.29.1, enter the following command:
(config) # ip route 192.0.0.0 /24 192.10.29.1
(config) # [no] ip tcp {path-mtu-discovery | selective-ack | syncookies | sync-rexmits value | timestamp | unsync-rexmits value
| window-size size}
135
Director Command Line Interface Reference
Sets various TCP protocol parameters. Prefacing this command with the
optional no command sets the parameter back to its default.
The parameters are as follows:
path-mtu-discovery Enables TCP path-Maximum Transmission Unit
(MTU) discovery. For more information about path MTU discovery, see
RFC 1191.
selective-ack Enable the use of the selective-acknowledgement
(SACK) TCP option. This might increase WAN throughput when the peer
also uses this option. to be enabled. This option is enabled by default.
For more information, see RFC 2018.
syn-cookies Enable the SYN-cookie mechanism as a defense against
SYN-flood attacks. This option is disabled by default.
For more information, see this discussion of SYN cookies.
sync-rexmits value Set the number of retransmits while in an
unsynchronized state. If this number of retransmissions is reached, the
connection will be dropped. value must be between 1 and 100. The
default value is 3.
timestamp Enable the use of the timestamp option, which can improve
performance by allowing finer-grained estimates of round-trip time. It
can also aid in error detection on connections with large window sizes.
The is feature is enabled by default.
unsync-rexmits value Set the number of retransmits while in a
connected state before dropping the connection. I value must be between
1 and 100. The default value is 12.
window-size size Set the receive window size in bytes that will be
advertised in TCP connection setup. size must be in the range from 1024
to 1073725440. The default value is 16Kb.
For more information, see RFC 1323.
Example
director (config) # ip icmp rate-limit 5000
136
Chapter 3: Configuration Mode Commands
(config) # job job_id
Synopsis
The commands in this submode allow you to manage jobs. Most of the commands
in this submode are also available by entering the Configuration command job
job_id.
Syntax
(config) # job job_id
This changes the prompt to:
(config job job_id) #
Note: The job ID can be a maximum of 250 characters in length and cannot include
the following characters: {, }, <, >, (, ), #, or $.
Subcommands
•
“cancel” on page 137
•
“commands-type” on page 137
•
“comment” on page 138
•
“create” on page 138
•
“date-time-pairs” on page 138
•
“disable” on page 138
•
“execute” on page 138
•
“exit” on page 138
•
“help” on page 138
•
“input” on page 138
•
“name” on page 139
•
“no” on page 139
•
“saved-executions” on page 139
•
“time-of-day” on page 139
•
“type” on page 140
cancel
(config job job_id) # cancel
Cancels the currently running job_id.
commands-type
(config job job_id) # commands-type {configuration | content |
other}
Sets the job type as configuration, content, or other and determines how the
job displays in the Jobs tab page of the Management Console. For example, if
you use the following command:
(config job MyJob) # commands-type content
137
Director Command Line Interface Reference
When you log in to the Management Console and click the Jobs tab, the job
displays if you click either Content Jobs or All from the Show list in the Job
Library section.
comment
(config job job_id) comment comment
Assigns a comment to this job.
create
(config job job_id) create
Creates an empty job.
date-time-pairs
(config job job_id) date-time-pairs yyyy/mm/dd hh:mm[:ss]
Configures the parameters for the date-time-pairs job type.
disable
(config job job_id) disable
Disables this job.
email
(config job job_id) email {from-address e-mail address | to-address
one or more e-mail addresses}
Specifies sender and recipient e-mail addresses for notifications for the job.
You can specify multiple recipients by entering the e-mail addresses as
comma-separated values. Because using this command overwrites any
previous entries, it might be more efficient to maintain the addresses in the
Director Management Console. Alternatively, you could keep a commaseparated list of addresses in a text file and copy and paste it into the CLI
when you need to add or remove recipients.
Note: Blue Coat recommends that you double-check the e-mail addresses before
entering them. The CLI does not validate your entries.
execute
(config job job_id) execute
Immediately executes the commands in this job.
exit
(config job job_id) exit
Exits job submode and returns to configuration mode.
help
(config job job_id) help
Displays help information.
input
(config job job_id) input job-contents
Enter the commands to execute in the job. When you are finished, press
Control+D to save the job or Control+C to cancel without saving any
commands.
138
Chapter 3: Configuration Mode Commands
name
(config job job_id) name friendly_name
Sets the friendly name associated with this job. Although the friendly name
cannot be used in place of a Job ID when a Job ID is required in a command,
the friendly name identifies the job in the Management Console.
no
(config job job_id) no [subcommands]
The no command negates the following job configuration settings:
(config job job_id) no comment
Removes all comments from this job.
(config job job_id) no date-time-pairs {all | yyyy/mm/dd
hh:mm[:ss]}
Specifying a particular date-time pair removes only that date-time pair
from the job, or use the all parameter to remove all date-time pairs.
(config job job_id) no disable
Enables this job.
(config job job_id) no execution {all | id execution_id}
Deletes either all reports for this job or deletes the job report with the
specified execution ID.
(config job job_id) no name
Removes the friendly name from this job.
(config job job_id) no saved-executions
Resets the number of saved job reports to unlimited. In other words, this
command will never cause old job reports to be deleted.
(config job job_id) no time-of-day {absolute {start | stop} |
day {all | fri | mon | sat | sun | thu | tue | wed |
weekdays} | time {all | hh:mm[:ss]}
Removes certain job start/stop/repeat time parameters from this job.
saved-executions
(config job job_id) saved-executions number_of_reports [force]
Sets the number of job reports to save for this job. To save an unlimited
number of reports, enter 0.
If Director produces a new report for this job and the total saved reports are
greater than this value, the oldest job report is deleted. Reports are deleted in
order of oldest to newest.
You cannot set the value to be less than the existing number of reports unless
you use the force option. If you use the force option and the value is set to
be less than the current number of saved reports, reports are deleted until
they total the new value.
time-of-day
(config job job_id) time-of-day {absolute {start | stop} yyyy/mm/dd
hh:mm[:ss] | day {all | fri | mon | sat | sun | thu | tue | wed
| weekdays} | time hh:mm[:ss]}
139
Director Command Line Interface Reference
Sets start/stop/repeat times for this job.
type
(config job job_id) type {date-time-pairs | time-of-day}
Selects the type of time specification to be used for this job:
•
date-time-pairs means the job runs at the dates and times you specify.
Recurrence options are not available; in other words, the job runs only at
the dates and times you specify.
For more information about configuring date-time pairs, see “(config job
job_id) date-time-pairs yyyy/mm/dd hh:mm[:ss]” on page 138.
•
time-of-day means the job runs at the times and days of the week you
specify; in other words, recurrence is supported.
For more information about configuring time-of-day options, see “(config
job job_id) time-of-day {absolute {start | stop} yyyy/mm/dd hh:mm[:ss]
| day {all | fri | mon | sat | sun | thu | tue | wed | weekdays} | time
hh:mm[:ss]}” on page 139.
Example
director (config) # job j1
Director (config job j1) # type date-time-pairs
140
Chapter 3: Configuration Mode Commands
(config) # lcd
Synopsis
Sets the LCD panel PIN.
Syntax
(config) # lcd pin 4_digit_pin_number
Sets the PIN for accessing the LCD panel.
Example
director (config) # lcd pin 2331
141
Director Command Line Interface Reference
(config) # license
Synopsis
Allows you to import a license file in to the Blue Coat Director. A valid license is
required to manage the devices in your network.
Syntax
(config) # license {input | passphrase}
Subcommands
(config) # license input
The input parameter enables you to copy and paste the contents of your
license file. You will be prompted to enter the passphrase you entered when
generating the license file on the Blue Coat Licensing Portal. This passphrase
is required to decrypt the license file and complete the license installation.
Enter Control+D when finished.
(config) # license passphrase passphrase
Enter the passphrase you entered when generating the license file on the Blue
Coat Licensing Portal. If the passphrase includes spaces, enclose the
passphrase within quotation marks.
(config) # show license
Displays the license that you have installed.
Example
(config) # license input
Enter pass phrase here:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Enter your license file contents now.
Press Ctrl-D when finished, or Ctrl-C to abort.
uynffeu645837ty8utngnm 4yr943rnftv8anv9inv......
(config) # license passphrase “life is good”
(config) # show license
Serial number:0000290001
Component name: Director 6
License type: Try and Buy
Expiration date: 2012-01-24
Expired: No
Days left: 42
Max device count: 300
Actual device count:113
142
Chapter 3: Configuration Mode Commands
(config) # login-banner
Synopsis
Allows you to configure a login banner that displays when users access the
Director Management Console. Input login banner text in the English language
only; support for any other language has not been tested.
For configuring a banner for SSH or serial console access, see “(config) #banner”
on page 104
Syntax
(config) # [no] login-banner {acceptance-required | enable | fetchlogo | input | logo-url}
Subcommands
(config) # login-banner acceptance-required
Mandates that users must accept the login-banner prior to accessing the
Director Management Console. Users who decline the banner are not
permitted access to the Management Console.
(config) # login-banner enable
Enables the login banner. The text that you entered is displayd on login.
(config) # login-banner fetch-logo url
Allows you to enter an FTP server or an HTTP server URL from which the
Director can fetch a logo for the login banner. The image formats supported
are jpg, jpeg, gif, png, and bmp.
(config) # login-banner logo-url url
Sets the logo for the login banner.
(config) # login-banner input <enter>
banner-text
The input parameter enables you to enter banner text. Enter the banner text,
and press Control+D when finished.
(config) # show login-banner
Dislays the login banner that you have configured.
Example
director (config) # login-banner fetch-logo ftp://10.125.38.21/
Common/companylogo.jpg
director (config) # login-banner logo-url ftp://10.125.38.21/
Common/companylogo.jpg
143
Director Command Line Interface Reference
(config) # line-vty
Synopsis
Configures the number of lines visible on a terminal session. The default is 24.
This command is also available in Enable mode. See “#line-vty” on page 55 for
information.
144
Chapter 3: Configuration Mode Commands
(config) # logging
Synopsis
Configures audit and console logging.
Provided you specify an external server that uses the Secure Copy Protocol (SCP),
audit logs are transferred from Director’s /var/logs/messages directory to the
/local/logs/scplogs directory using a cron job. Another cron job transfers logs
from /local/logs/scplogs to the external server, after which the /local/logs/
scplogs directory is cleared. You also have the option of transferring logs and
clearing the directory manually.
Details about audit logging follow:
•
Stored in subdirectories of /local/logs/scplogs (for example, the contents
of backup jobs are stored in /local/logs/scplogs/backups).
•
Event logs, stored in the /var/log/messages file, are transferred every hour
to the /local/logs/scplogs/messages directory using a cron job.
•
A cron job runs every five minutes to transfer audit logs from subdirectories
of /local/logs/scplogs to an external server using the Secure Copy
Protocol (SCP), if a server is configured.
•
After the files are transferred, the logs are deleted; however, if no external
server is specified, no transfer takes place.
•
After the contents of the audit log directory reach 1GB in size, the overflow
policy is enacted. The overflow policy can be set to delete the oldest log files
first (the default), to disable commands that trigger audit logging, or to stop
creating new audit log files.
Syntax
(config) # logging subcommands
Subcommands
(config) # logging hostname_or_ip_address
Sends logging data to the specified external server. The server must support
the SCP protocol.
(config) # logging console {emerg | alert | crit | err | warning |
notice | notice_minor}
Sets the level at which messages are sent to console sessions. emerg results in
the fewest log message being sent to the console; notice_minor (the default)
results in the most log messages.
(config) # logging dump-contents {clear | overflow-policy {delete |
stop-logging | stop-processing} | url scp_server_url}
where scp_server_url is in the format scp://ip_or_hostname/path
Moves log messages to the SCP server specified by the url subcommand with
the following options:
(config) # logging dump-contents clear
145
Director Command Line Interface Reference
Clears (that is, deletes) the log messages in Director’s /local/logs/
scplogs directory. Use this command only after moving the log files to an
external server.
(config) # logging dump-contents overflow-policy {delete |
stop-logging | stop-processing}
Sets policy to apply when the /local/logs/scplogs directory has 1GB
or less available space as one of the following:
delete Deletes the oldest files first.
stop-logging Stop logging until the /local/logs/scplogs directory
has more than 1GB of available space.
stop-processing Stops processing any commands that trigger audit
logging.
(config) # logging local {warning | notice | notice_minor}
Sets the level at which messages are saved locally.
(config) # logging trap {emerg | alert | crit | err | warning |
notice | notice_minor}
Sets the level at which messages are sent to syslog servers. emerg results in
the fewest log message being sent to syslog servers; notice_minor results in
the most log messages. Trap messages for Director events are limited to
startup, shutdown, and standby events. Standby events are discussed in the
Blue Coat Director Configuration and Management Guide.
Example
director (config) # logging console warning
146
Chapter 3: Configuration Mode Commands
(config) # mail-config
Synopsis
Specify an outgoing Simple Mail Transport Protocol (SMTP) server to e-mail the
following types of information:
•
Performance analysis reports
Includes bandwidth savings, effective throughput, and acceleration
information available for proxies.
•
Health reports
Enables you to monitor CPU and memory usage of devices.
•
Activate user accounts with LDAP authentication
For more information about these reports, see the Blue Coat Director Configuration
and Management Guide.
Syntax and Subcommands
director (config) # [no] mail-config {smtp_server_host-or-ip
listen_port} [auth {enable | disable}] {user-credentials
[username username password password]}
Preceding the command with the optional no parameter removes the
specified mail configuration.
Parameter
Description
smtp_server_host-or-ip
SMTP server’s fully qualified host name
or IP address.
Guidelines for Simple Mail Transfer
Protocol (SMTP) servers follow:
• You can specify an SMTP mail server
by either a fully qualified host name
or IP address
Make sure the SMTP server meets all of
the following availability requirements:
• It must be reachable by Director
• It must be capable of sending emails to all addresses you specify
In other words, you can choose either a
corporate server or an external, publicly
reachable SMTP server provided the
server meets the preceding requirements.
• SSL and Transport Layer (TLS)
encryption are not supported
• User name/password authentication
is supported
port
specifies the SMTP server’s listen port
147
Director Command Line Interface Reference
Parameter
Description
auth
(optional) determines whether or not
the SMTP server requires user name
and password authentication.
The following example configures Director to use the server smtp.example.com
that listens on port 55 and specifies the server requires authentication:
director (config) # mail-config smtp.example.com 55 auth enable
Note: Changes you make to the SMTP server configuration with this command do
not automatically display in the Management Console. To view the new parameters,
close and restart the Management Console as discussed in the Blue Coat Director
Configuration and Management Guide.
Related Command
To set up the report e-mails and specify the user name and password (if any) for
SMTP server authentication, see “generate-report health” on page 56 or
“generate-report performance” on page 57.
148
Chapter 3: Configuration Mode Commands
(config) # mc-migration
Synopsis
(Introduced in SGME 6.1.18.1) Generate a metadata file containing all of the
devices managed in Director, and then use the metadata to import the devices to
Blue Coat Management Center.
Syntax
(config) # mc-migration [subcommands]
Subcommands
This section discusses the following subcommands:
delete
(config) # mc-migration delete <file>
where <file> is the name of the metadata file.
Delete an existing metadata file.
generate
(config) # mc-migration generate
Generate a metadata file including all managed devices. The metadata is
encrypted and compressed in a tgz.gpg file, for example, SGME-Director-to-MCMigration-2015.03.13-154907.tgz.gpg.
The CLI prompts you to enter a passphrase. Enter a passphrase consisting of at
least four characters and press the ENTER key. Be sure to record the passphrase;
you need it to import the devices to Management Center.
upload
(config) # mc-migration upload <file> <server> [username username]
where:
•
<file> is the name of the metadata file.
•
<server> is the hostname or IP address of an external server:
http://<hostname[:port]>/<path and filename>
ftp://<hostname>/<path and filename>
scp://<hostname>//<path and filename>
Upload the metadata file to your external server. When you type this
subcommand, the CLI prompts you to enter a passphrase.
Additional Information
For information on importing devices and other features in Management Center,
refer to documentation at:
https://bto.bluecoat.com/documentation/All-Documents/
Management%20Center
149
Director Command Line Interface Reference
(config) # monitoring
Synopsis
Health monitoring commands that maintain the health status of all the devices
managed by Director. It also keeps a track of all the alerts sent by a device and
allows these alerts to managed by a Director administrator.
Additional parameters are available in enable mode as discussed in
“#monitoring” on page 56.
To view alert metrics you set up with these commands, see Chapter 10,
Monitoring Devices, in the Blue Coat Director Configuration and Management Guide.
Subcommands
director (config) # monitoring {{alerts {acknowledge {alert
alert_id | all | device device_id | group group_id | input
alert_ids}} | {add-comment alert alert_id comment comment} |
{delete {alert alert_id | all | device device_id | group
group_id | input alert_ids}} | {unacknowledge {alert alert_id |
all | device device_id | group group_id} | input alert_ids}} |
{diagnose {device-state subcommands | standby-state
subcommands}}
This section discusses the following subcommands:
•
“alerts” on page 150
•
“db reset” on page 151
•
“diagnose” on page 151
alerts
The alerts subcommand enables you to acknowledge alerts, add comments to
alerts, delete alerts, and unacknowledge alerts.
director (config) # monitoring alerts {acknowledge {alert alert_id
| all | device device_id | group group_id | input input}} | addcomment alert alert_id comment comment} | {delete {alert
alert_id | all | device device_id | group group_id} | input
input}} | {unacknowledge {alert alert_id | all | device
device_id | group group_id | input alert_ids}}}
director (config) # monitoring alerts acknowledge {alert
alert_id | all | device device_id | group group_id | input
alert_ids}
Sets the status of alerts to acknowledge for a single alert_id, all alerts, for a
particular device_id or for all devices in a group_id.
To acknowledge, unacknowledge, or delete several alerts at one time, use
the input command to specify the alert IDs. An example follows:
director (config) # monitoring alerts delete input
Enter your alert id now.Press Ctrl-D when finished, or CtrlC to abort.
director (config) # monitoring alerts add-comment alert alert_id
comment comment
150
Chapter 3: Configuration Mode Commands
Adds an optional comment—up to 512 bytes in length—to a particular
alert_id.
director (config) # monitoring alerts delete {alert alert_id |
all | device device_id | group group_id | input list_of_ids}
Deletes a single alert_id, all alerts in the system, all alerts for a particular
device_id, or all alerts for all devices in a group_id.
Using the optional input parameter enables you to enter a list of IDs to
delete. When you are finished, press Control+D to delete the alerts or
Control+C to cancel without deleting any alerts.
director (config) # monitoring alerts unacknowledge {alert
alert_id | all | device device_id | group group_id}
Sets the status of alerts to unacknowledge for a single alert_id, all alerts,
for a particular device_id or for all devices in a group_id.
db reset
director (config) # monitoring db reset
Use to reset the database only if advised to do so by Blue Coat Support.
diagnose
director (config) # monitoring diagnose {device-state {added |
auto-registered | auto-registered-failed | connected | critical
| deleted | disconnected | ok | warning} | {job-state {finished
| started}}{standby-state {forced-active | forced-primary |
forced-secondary | forced-standalone | partner-invalid |
partner-lost | partner-regained | partner-valid | primaryinactive | secondary-reserve | sync-failed | sync-regained}}
Diagnostic command that sends a trap to SNMP trapsinks (that is, the host
names or IP addresses to which SNMP traps are sent). When this trap is sent,
the varbinds (that is, variable bindings) in the body of the trap have the
following fixed values that cannot be changed:
sgHostname = "0.0.0.0"
sgSerialNumber = "0000000000"
sgDeviceId = "test-SG-id"
sgDeviceName = "test-SG-name"
Discussion of the subcommands follows:
director (config) # monitoring diagnose device-state {added |
auto-registered | auto-registered-failed}
These commands apply to adding or registering devices (that is, ProxySG
appliances) with Director as discussed in the Blue Coat Director
Configuration and Management Guide.
director (config) # monitoring diagnose device-state {connected
| critical | deleted | disconnected | ok | warning}
These commands apply to the state of devices managed by Director (for
example, disconnected means a device is not reachable from Director).
director (config) # monitoring diagnose job-state {finished |
started}
These commands apply to the state of Director jobs. For example, when a
job finishes, the job-state-finished trap sends a notification message.
151
Director Command Line Interface Reference
director (config) # monitoring diagnose standby-state {forcedactive | forced-primary | forced-secondary | forcedstandalone | partner-invalid | partner-lost | partnerregained | partner-valid | primary-inactive | secondaryreserve | sync-failed | sync-regained}
These commands apply only to two redundant Director 510 appliances
configured as primary and secondary. This is also referred to as Director
standby. For more information about standby, refer to Chapter 12,
Configuring Director Redundancy, in the Blue Coat Director Configuration
and Management Guide.
152
Chapter 3: Configuration Mode Commands
(config) # no
Synopsis
Negates certain configuration options.
Syntax
(config) # no [subcommands]
Subcommands
This section discusses the following subcommands:
•
“access-list” on page 154
•
“arp” on page 154
•
“cli” on page 154
•
“clock” on page 154
•
“content” on page 154
•
“device” on page 155
•
“enable” on page 156
•
“folder” on page 156
•
“group” on page 156
•
“hostname” on page 156
•
“interface” on page 156
•
“ip” on page 157
•
“job” on page 157
•
“lcd pin” on page 158
•
“logging” on page 158
•
“ntp” on page 158
•
“radius-server” on page 159
•
“remote-config” on page 159
•
“require-config-lock enable” on page 160
•
“session” on page 160
•
“snmp-server” on page 160
•
“ssh” on page 161
•
“ssl” on page 161
•
“tacacs-server” on page 161
•
“telnet-management” on page 162
•
“username” on page 162
153
Director Command Line Interface Reference
access-list
For a complete discussion of access-list commands, including no commands,
see “(config) #access-list access_list_name” on page 97.
arp
(config) # no arp {ip_address | timeout}
Removes a permanent entry from the ARP cache or resets the ARP-cache
timeout.
cli
(config) # no cli subcommands
(config) # no cli capture
Disables capturing of CLI output to a file.
(config) # no cli help disable
Reenables the help system.
(config) # no cli print-message-codes
Specifies not to print error codes along with each error message.
(config) # no cli prompt-override
Removes the CLI prompt override.
(config) # no cli raw-input
Disables Raw Input mode (help, completion, and command line editing
would be reenabled).
(config) # no cli timeout
Resets the command line timeout to the default. For more information
about the command line timeout, see “(config) #cli” on page 107.
clock
(config) # no clock timezone
Resets the local time zone to Coordinated Universal Time (UTC).
content
(config) # no content [subcommands]
(config) # no content options timeout {completed-cmds |
outstanding-cmds}
Resets the timeout for completed or in-progress (outstanding) content
management commands to the default value.
(config) # no content priority one-time options
For syntax, see “[no] content priority one-time” on page 43.
(config) # no regex-list list_id [comment | name]
Deletes the specified regular expression list. The optional comment and
name subcommands delete only the optional comment from the regular
expression list or the list’s “friendly” name.
(config) # no url-list list_id [comment | name]
154
Chapter 3: Configuration Mode Commands
Deletes the specified URL list. The optional comment and name
subcommands delete only the optional comment from the URL list or the
list’s “friendly” name.
device
(config) # no device device_id [address | auth {rsa {key sshv2 |
knownhost key sshv2 | username} | simple {username | password} |
authtype | comment | enable-password | name | protocol sshv2
port | serial-console-password | serial-number | substitutionvariable name1 name2 ... namen | web-config port]
With no optional parameter specified, removes the specified device, meaning
it will no longer be managed by Director.
Optional parameters follow:
(config) # no device device_id address
Removes the IP address or host name from the specified device record.
(config) # no device device_id auth {rsa {key sshv2 | knownhost
key sshv2 | username} | simple {username | password}}
Negates certain device authorization parameters for the specified device
record (but not from the device itself). Examples follow:
(config) # no device device_id auth rsa key sshv2 deletes RSA
keys from the device record. This command can be used only with
devices that use the SSH-RSA protocol to authenticate with Director.
(config) # no device device_id auth rsa knownhost key sshv2
deletes public keys from the device record. This command can be used
only with devices that use the SSH-RSA protocol to authenticate with
Director.
(config) # no device device_id auth simple username deletes the
user name for the record of a device that uses simple authentication with
Director.
(config) # no device device_id authtype
Sets the device’s authentication type to simple.
(config) # no device device_id comment
Removes the comment from the device record.
(config) # no device device_id enable-password
Removes the device’s enable password.
(config) # no device device_id name
Removes the device’s friendly name.
(config) # no device device_id overlay overlay_id
Removes the specified overlay from the device.
(config) # no device device_id protocol sshv2 port
Sets the port used for SSH v2 communication with the device to its
default, port 22.
(config) # no device device_id serial-console-password
155
Director Command Line Interface Reference
Removes the serial console password from the device record. To set the
serial console password to a different value, use the following command
discussed in “(config) #device device_id” on page 115:
(config device device_id) # serial-console-password password
(config) # no device device_id serial-number
Removes the hardware serial console password from the device record.
Because a hardware serial number is required to register and manage a
device, you must supply a new serial number as discussed in “(config)
#device device_id” on page 115.
(config) # no device device_id substitution-variable name1 name2
... namen
Removes the indicated substitution variables from the device record.
(config) # no device device_id web-config port
Removes from the device record the port used to access the device’s
Management Console. Because a port is required to register and manage
a device, you must enter a new port as using the following command as
discussed in “(config) #device device_id” on page 115:
(config device device_id) # web-config port port_number
enable
(config) # no enable password
Removes the device’s enable password.
folder
See “Negating Folder Commands” on page 128.
group
See “(config) #group group_id” on page 129.
hostname
(config) # no hostname
Removes Director's host name.
interface
(config) # no interface interface_number [duplex | ip {access-group
{in | out} | address [ip_address netmask]} shutdown | speed}
With no optional parameters, removes all configuration information for the
specified interface; if the specified interface is dynamic (for example, a bridge
interface) the interface is completely removed from the system.
(config) # no interface interface_number [duplex]
Resets the duplex for the specified interface to its default.
(config) # no interface interface_number [ip {access-group {in |
out} | address [ip_address netmask]}]
Either removes an access group from the specified interface or removes
all IP addresses or the specified IP address and netmask from the
specified interface.
For example, the following command removes all IP addresses from an
interface:
156
Chapter 3: Configuration Mode Commands
(config) # no interface interface_number ip address
(config) # no interface interface_number [shutdown]
Re-enables this interface.
(config) # no interface interface_number [speed]
Resets the speed of this interface to its default, which is auto.
ip
(config) # no ip [subcommands]
(config) # no ip default-gateway
Removes the default gateway.
(config) # no ip domain-list domain_name
Removes the specified domain name.
(config) # no ip host hostname ip_address
Removes a static host mapping.
(config) # no ip icmp rate-limit
Resets the parameters for ICMP to the default values.
(config) # no ip name-server ip_address
Removes a DNS server.
(config) # no ip route network_prefix netmask [gateway-address
gateway_ip_address]
Either removes all entries or removes the specified gateway IP address
from the static routing table.
(config) # no ip tcp {path-mtu-discovery | selective-ack | syncookies | sync-rexmits | timestamp | unsync-rexmits |
window-size}
Resets parameters for TCP, as follows: the path-mtu-discovery
command disables path MTU discovery, the selective-ack command
disables selective ACKs, the syn-cookies command disables the SYNcookie mechanism, the sync-rexmits command resets the number of
retransmissions in the connected state to the default, the timestamp
command disables TCP timestamps, the unsync-rexmits command
resets the number of retransmissions in the unconnected state to the
default, and the window-size command resets the TCP window size to
the default.
job
(config) # no job job_id
Removes the specified job.
(config) # no job job_id [comment]
Removes the comment from this job.
(config) # no job job_id [date-time-pairs yyyy/mm/dd hh:mm[:ss]]
Negates certain parameters for the date-time-pairs job type for the
specified job.
(config) # no job job_id [disable]
157
Director Command Line Interface Reference
Enables the specified job.
(config) # no job job_id [execution {all | execution_id}]
Either deletes all reports for the specified job or deletes a job report with
the specified execution ID for the specified job.
(config) # no job job_id [name]
Removes the friendly name from the specified job.
(config) # no job job_id [saved-executions]
Makes the number of saved job reports unlimited.
(config) # no job job_id [time-of-day {absolute {start | stop} |
day {all | fri | mon | sat | sun | thu | tue | wed |
weekdays} | time time hh:mm[:ss]}]
The absolute command removes start and end dates/times for the job
specified, the day command removes a day on which the specified job
executes, and the time command removes a time on which the specified
job executes.
lcd pin
(config) # no lcd pin
Resets the PIN for accessing the LCD panel to its default.
logging
(config) # no logging
(config) # no logging hostname_or_ip_address
Removes a syslog daemon server from the list of servers to which log
messages are sent.
(config) # no logging console
Disables most console logging.
(config) # no logging dump-contents
Stops audit logs from being transferred to the external server.
(config) # no logging local
Disables all local logging.
(config) # no logging trap
Disables logging to external servers.
ntp
(config) # no ntp
(config) # no ntp enable
Disables NTP on this machine.
(config) # no ntp peer hostname_or_ip_address [prefer | version]
Removes the NTP peer specified, specifies not to prefer the NTP peer
specified over others (the prefer option), or resets the expected NTP
version for the NTP peer specified to the default (the version option).
(config) # no ntp server hostname_or_ip_address [prefer |
version]
158
Chapter 3: Configuration Mode Commands
Removes the NTP server specified, specifies not to prefer the NTP server
specified over others (the prefer option), or resets the expected NTP
version for the NTP server specified to the default (the version option).
radius-server
(config) # no radius-server
(config) # no radius-server host hostname_or_ip_address [acctport | auth-port | key | request-stype | response-stype |
retransmit | timeout]
Negates the RADIUS parameters for the specified hostname or IP
address.
(config) # no radius-server key
Disables the authentication and encryption key for RADIUS servers.
(config) # no radius-server request-stype
Resets global RADIUS server request service-type to the default.
(config) # no radius-server response-stype
Resets global RADIUS server response service-type to the default.
(config) # no radius-server retransmit
Specifies not to retry RADIUS servers before declaring failure.
(config) # no radius-server timeout
Resets global RADIUS server timeout to the default.
remote-config
(config) # no remote-config
(config) # no remote-config backup un-pinned
Removes all un-pinned backups from all ProxySG on the management
node.
(config) # no remote-config backup device device_id backup_id
[comment | name | pin]
You can delete the specified backup, remove the backup’s comment (the
comment option), remove the backup’s friendly name (the name option),
or enable the backup to be automatically rotated out (the pin option).
(config) # no remote-config help device
Disables using a device for command completion and help.
(config) # no remote-config license-key
Deletes the BlueTouch Online user name and password, if any, entered
when you upgraded a device license. (BlueTouch Online was previously
referred to as WebPower.)
(config) # no remote-config overlay overlay_id [command
sequence_number | comment | name]
You can remove the specified overlay, remove the specified command
from the specified overlay (the command option), remove the comment
string from the specified overlay (the comment option), or remove the
friendly name from the specified overlay (the name option).
159
Director Command Line Interface Reference
(config) # no remote-config profile profile_id [command
sequence_number | comment | name]
You can remove the specified profile, remove the specified command
from the specified profile (the command option), remove the comment
string from the specified profile (the comment option), or remove the
friendly name from the specified profile (the name option).
require-config-lock enable
(config) # no require-config-lock enable
Disables the explicit configuration lock. It sets the configuration in the
user interface to implicitly acquire the configuration lock, as required, to
make changes to the configuration settings. The Acquire Lock button
does not display on the user interface when the CLI is set to no requireconfig-lock enable.
session
(config) # no session session-ip username username
Kills the Management Console session running on the specified IP address
and user name. This command ends the session immediately, causing the user
to lose any work in progress but not yet saved.
Entering no session ? displays the list of currently logged-in users and the
IP addresses used by Director Management Console sessions.
Because you can run a maximum of five Management Console sessions at one
time, use this command to log off Management Console users to permit
another user to log in.
snmp-server
(config) # no snmp-server
(config) # no snmp-server community
Resets the community name to the default (public) on this node.
(config) # no snmp-server contact
Clears the SNMP contact string on this node.
(config) # no snmp-server enable [authtraps | inform | traps]
Disables the SNMP server, or, if you enter one of the command options,
either disables receiving of SNMP authorization traps or disables sending
of SNMP informs or traps on this node. SNMP traps are limited to
Director startup and shutdown events.
(config) # no snmp-server host hostname
Stops sending SNMP notifications to a host.
(config) # no snmp-server inform default-community
Resets the default community name used to send SNMP informs to hosts
without a community string override to its default (public).
(config) # no snmp-server location
Clears the SNMP location string on this node.
(config) # no snmp-server traps default-community
Reset the default community name to use for sending traps to its default.
160
Chapter 3: Configuration Mode Commands
(config) # no snmp-server traps default-version
Reset the default version to use for sending traps to its default.
ssh
(config) # no ssh
(config) # no ssh client user username authorized-key rsakey
{all | sshv1 key_length exponent key | sshv2 key}
Removes either all known host public keys for the specified user account
or removes an SSHv1 or 2 authorized key for this user account.
(config) # no ssh client user username known-host
hostname_or_ip_address
Removes a known host public key for the specified user.
(config) # no ssh server auth {allowpassword | allowrsa |
permitemptypassword}
allowpassword Disallows users from authenticating using a password
RSA.
allowrsa Disallows users from authenticating using RSA.
permitemptypassword
This setting prevents Director from sending requests to the RADIUS
server without a password. Use this command if users receive account
locked out errors attempting to log in to a Director appliance.
For more information, see “ssh server” on page 196.
Note: This command persists across Director reboots.
(config) # no ssh server enable {sshv1 | sshv2}
Disables either the SSHv1 server or the SSHv2 server on this machine.
(config) # no ssh server hostkey rsakey {sshv1 | sshv2}
Deletes the RSA host key either for SSHv1 or SSHv2.
(config) # no ssh server knownhost hostname_or_ip_address
Removes known host entries.
ssl
(config) # no ssl
(config) # no ssl registration-password
Clears the registration password.
tacacs-server
(config) # no tacacs-server [subcommands]
(config) # no tacacs-server host hostname [key | port | singleconnection | timeout]
Either removes this host from the list of TACACS servers or, if you specify
an option, does one of the following for the specified host: the key
command removes the key override, the port command resets the port to
the default, the single-connection command disables Single
Connection mode, and the timeout command removes the timeout
override.
161
Director Command Line Interface Reference
(config) # no tacacs-server key
Resets the key to the default.
(config) # no tacacs-server timeout
Resets the communication timeout to the default.
telnet-management
(config) # no telnet-management {args | enable}
Prevents sending Telnet arguments to the server (args parameter) or disables
the use of the Telnet server (enable parameter).
username
(config) # no username username
Removes the specified user account from the system.
(config) # no username username [password]
Specifies not to require a password for the specified user to log in.
(config) # no username username [privilege]
Resets the specified user’s privilege level to the default (15), which is the
maximum value.
Example
director (config) # no ssh server auth allowpassword
162
Chapter 3: Configuration Mode Commands
(config) # ntp
Synopsis
Enables and disables the ntpd (NTP daemon) and Network Time Protocol (NTP)
settings.
Syntax
(config) # [no] ntp enable
Enables NTP on Director. Preceding the command with the optional no
subcommand disables NTP. Also see “(config) #ntpdate” on page 164.
(config) # ntp peer ip_address_or_hostname [prefer | version
version_number]
Either adds an NTP peer or changes the settings for the specified NTP peer.
(config) # ntp server [prefer | version version_number]
Either adds an NTP server or changes the settings for the specified NTP
server.
Example
director (config) # ntp enable
163
Director Command Line Interface Reference
(config) # ntpdate
Synopsis
Sets the system clock from a remote NTP server.
Syntax
(config) # ntpdate ip_address_or_hostname
Sets the system clock from a specified NTP server.
Differences between this command and ntp include:
•
ntpdate synchronizes the clock with an NTP server one time whereas
ntp starts and stops the ntpd service, and the ntpd keeps Director’s clock
in synchronization constantly.
•
ntp has an algorithm that calculates and fixes the drift in your server's
clock, whereas ntpdate does not keep any state to perform this service
for you so will not provide the same kind of accuracy.
•
If Director’s clock is inaccurate by several hours, and you are using ntp,
you should restart Director. On restart, ntp uses ntpdate to reset the
system clock.
Important: Do not use ntpdate if the ntpd is running. Doing so can result in
unpredictable performance. Instead, use the reload command to restart Director as
discussed in “(config) #reload” on page 175.
For more information, see one of the following articles. Note that the Director
ntp and ntpdate commands do not support optional command-line switches
discussed in these articles. Director’s commands support only the parameters
discussed in this book.
•
Compare NTP and NTPDATE—ServerFault
•
Sample NTPATE man page
Because the system time is not stored in the configuration file, this command
does not wait for a write memory command to be committed to persistent
storage.
Example
director (config) # ntpdate 10.25.36.47
164
Chapter 3: Configuration Mode Commands
(config) # ping
Synopsis
Sends ICMP echo request packets. This command is also available in Standard
and Configuration modes. See “>ping” on page 22 for more information.
165
Director Command Line Interface Reference
(config) # push-policy
Synopsis
See “#push-policy” on page 61.
166
Chapter 3: Configuration Mode Commands
(config) # ldap-server
Synopsis
Configures your LDAP server settings.
Director enables you to use the following authentication schemes for user access
to Director:
•
LDAP: Supports authentication to an AD server. Authorization is defined
locally on the Blue Coat Director.
•
RADIUS: Supports authentication and authorization.
•
TACACS: Supports authentication only. All users authenticated by TACACS
have privilege level 15 access.
For more information, see “(config) #tacacs-server” on page 201.
•
Local: Supports authentication and authorization.
For more information, see “(config) #username” on page 208.
To use a combination of the preceding authentication and authorization
mechanisms, see “(config) #aaa authentication login default” on page 94.
Syntax
(config) # ldap-server {{admin-mail email_address} | anonymous
{enable |disable} | bind-password bind_password | bind-username
bind_username | ca-certificate input certificate_details |
default-admin-privilege {enable | disable} | distinguished-name
Base_DN | primary-server hostname port port_number | alternateserver hostname port port_number | referrals {enable | disable}
| ssl {enable | disable} | test-ldap | timeout nnh nnm nns |
username username userprincipalname userprincipalname | version
{2 | 3}}
(config) # no ldap-server {admin-mail | bind-password | bindusername | ca-certificate | distinguished-name | primary-server
{port} | alternate-server {port} | timeout nnh nnm nns |
username username userprincipalname userprincipalname}
Removes the LDAP configuration for the specified attribute.
(config) # test-ldap-configuration username username password
password
Tests your LDAP configuration, see “test-ldap” on page 170.
Subcommands
See one of the following sections for more information:
•
“admin-mail” on page 168
•
“anonymous” on page 168
•
“bind-password” on page 168
•
“bind-username” on page 168
•
“ca-certificate” on page 168
167
Director Command Line Interface Reference
•
“default admin-privilege” on page 168
•
“distinguished-name” on page 169
•
“primary-server” on page 169
•
“alternate-server” on page 169
•
“referrals” on page 169
•
“ssl” on page 169
•
“timeout” on page 169
•
“username” on page 169
•
“version” on page 170
admin-mail
(config) # ldap-server admin-mail email-address
Sets the email address for contacting the administrator when a new LDAP
user logs in to the appliance.
anonymous
(config) # ldap-server anonymous {enable |disable}
Enables or disables an anonymous bind connection to the LDAP server.
If enabled, you do not need to enter the bind username and bind password
for querying the LDAP server
bind-password
(config) # ldap-server bind-password bind_password
Sets the password that allows you to bind to the LDAP server for
authenticating users.
bind-username
(config) # ldap-server bind-username bind_username
Sets the username that allows you to bind to the LDAP server for
authenticating users. Specify the domain for the bind user account. For
example: Domain\Administrator
This user should have permissions to start querying for users starting
at the Base DN and then through each node in the subsequent
hierarchy that you have set up on your directory server.
ca-certificate
(config) # ldap-server ca-certificate input certificate_details
Ctrl D when done
Allows you to import the SSL certificate required to set up secure LDAP. To
enable trust between the LDAP server and the Director, you must import the
trusted root certificate signed by the issuing Certificate Authority in to the
Director.
default admin-privilege
director (config) # ldap-server default-admin-privilege {enable |
disable}
168
Chapter 3: Configuration Mode Commands
Sets the default access privilege for all new LDAP users to privilege 15 access
on the Director.
distinguished-name
director (config) # ldap-server distinguished-name Base DN
Sets the Distinguished Name (DN) that uniquely identifies each entry on a
global level. The Base DN is a concatenation of the directory tree structure; it
defines the tree in the LDAP directory that contains the users you wish to
authenticate, and it serves as the starting point for the search.
primary-server
director (config) # ldap-server primary-server ip_address or
hostname port port number
Sets the IP address and port, or hostname for the primary LDAP server. For
simple LDAP the default port is 389; For secure LDAP the default port is 636.
Note: For secure LDAP, you must specify the hostname. Use the common
name (CN) defined in your CA certificate as the hostname for your AD
server. If you do not enter the same hostname, authentication will fail
because the Director will be unable to connect with the server.
alternate-server
director (config) # ldap-server alternate-server ip_address or
hostname port port number
Sets the IP address and port, or hostname for the alternate LDAP server.
referrals
director (config) # ldap-server referrals {enable | disable}
Enables or disables LDAP referrals; LDAP referral is only supported on
LDAPv3. When you enable referral, if the configured LDAP server does not
contain the directory information for authenticating the user, the LDAP
server can return a referral to another server. The Blue Coat Director can
follow the referral to authenticate the user.
ssl
director (config) # ldap-server ssl {enable | disable}
Enables or disables secure LDAP or LDAP over SSL.
timeout
director (config) # ldap-server timeout nnh nnm nns
where nn is number, h is hour, m is min, s is sec
Determines the length of time that the Blue Coat Director waits for a response
from the LDAP server. When this value is reached, the Director closes the
connection to the server. The default value is 120 seconds.
username
director (config) # ldap-server username username userprincipalname
userprincipalname
169
Director Command Line Interface Reference
Allows you to add the specified username to the Blue Coat Director. The
userprincipalname is a user attribute that is specified in the Active Directory
server; this attribute uniquely identifies a user across multiple domains and
in AD it is typically the name of a user in an e-mail address format.
By default, when attempts to log in to the Director, an account with the
username is created. You must enable the account to allow access to the user.
To enable a user acccount:
director (config) # ldap-server username username
userprincipalname userprincipalname enable
version
director (config) # ldap-server version {2 | 3}
Defines the LDAP version to use for communicating with the LDAP server.
test-ldap
director (config) # test-ldap-configuration username username
password password
Validates your LDAP configuration.
The Test LDAP button performs the following checks:
•
•
Verifies that the Blue Coat Director can connect to the configured primary
and alternate AD server's IP address and port. This test includes these
things, if configured.
•
DNS name resolution.
•
Connectivity test to the primary and alternate hosts.
•
Ability to connect over SSL using the certificate details provided.
Verifies that the Blue Coat Director is able to authenticate the user against
the AD server. This check validates that the Blue Coat Director can
complete either of the following:
•
Perform an anonymous bind
•
Use the bind credentials defined in your settings to query the Base
DN.
Note: If you have configured both a primary and an alternate server,
the authentication validation is performed only against the primary
server; the alternate server is used for authentication only if the
primary server is unavailable.
To explicitly test the settings for the alternate server, you must replace
the IP address and port for your primary server with those of the
alternate server, or temporarily block access to the primary AD server.
Example:
director (config) # test-ldap-configuration username <need username
in the format that the admin must enter here> password test
Server Connection:
Primary Server: Ok
170
Chapter 3: Configuration Mode Commands
Alternate Server: Ok
Authentication:
User authentication: Failed
Reason: the AD server could not authenticate the user because the
password is incorrect.
171
Director Command Line Interface Reference
(config) # radius-server
Synopsis
Configures RADIUS server settings.
Director enables you to use the following authentication schemes for user access
to Director:
•
LDAP: Support authentication to an AD server. Authorization is defined
locally on the Blue Coat Director.
For more information, see “(config) #ldap-server” on page 167.
•
RADIUS: Supports authentication and authorization.
•
TACACS: Supports authentication only. All users authenticated by TACACS
have privilege level 15 access.
For more information, see “(config) #tacacs-server” on page 201.
•
Local: Supports authentication and authorization.
For more information, see “(config) #username” on page 208.
To use a combination of the preceding authentication and authorization
mechanisms, see “(config) #aaa authentication login default” on page 94.
Syntax
(config) # radius-server {{host hostname_or_ip_address} | key
shared_key}} [[auth-port port_number | acct-port port_number |
request-stype type | response-stype type | retransmit
number_of_tries | timeout #h #m #s]]
Subcommands
See one of the following sections for more information:
•
“host” on page 172
•
“key” on page 173
•
“acct-port” on page 173
•
“auth-port” on page 173
•
“request-stype” on page 173
•
“response-stype” on page 173
•
“retransmit” on page 173
•
“timeout” on page 173
host
(config) # radius-server host hostname_or_ip_address key shared_key
Adds the specified host to the list of RADIUS hosts using required
subcommands only. When you specify a RADIUS server, you must also
specify a shared key—either explicitly with the key subcommand or by
specifying a default key as shown in the following subcommand.
172
Chapter 3: Configuration Mode Commands
key
(config) # radius-server key shared_key
Specifies a default shared key to be used if you add a RADIUS server without
the key subcommand.
acct-port
(config) # radius-server host hostname_or_ip_address key shared_key
[acct-port port_number]
Sets the port number to use for accounting requests to the specified RADIUS
host
auth-port
(config) # radius-server host hostname_or_ip_address key shared_key
[auth-port port_number]
Sets the port number to use for authorization requests to the specified
RADIUS host.
request-stype
(config) # radius-server host hostname_or_ip_address key shared_key
[request-stype request_stype_1-11]
Sets the global RADIUS-host communication request service-type. Can be
overridden on a per-host basis. The service-type specified is be used in the
request packet sent to the RADIUS host.
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the requeststype subcommand.
response-stype
(config) # radius-server host hostname_or_ip_address key shared_key
[response-stype response_stype_1-11]
Sets the global RADIUS-host communication response service-type to
privilege-level mapping with all RADIUS hosts. Can be overridden on a perhost basis. The service-type is expected in the RADIUS-host response. If a
match is found, the mapping privilege-level provided is used for the user
logging in.
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the responsestype subcommand.
retransmit
(config) # radius-server host hostname_or_ip_address key shared_key
[retransmit number_of_tries]
Sets the number of times the node will retry this RADIUS host before giving
up. To disable retransmission for this host, set it to 0 (zero).
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the retransmit
subcommand.
timeout
(config) # radius-server host hostname_or_ip_address key shared_key
[timeout #h #m #s]
173
Director Command Line Interface Reference
Sets the timeout on communication with all RADIUS hosts in the form nh nm
ns, where n is a number and h, m, and s set the hour, minute and second. You
can enter one, two, or all three time parameters. Can be overridden on a perhost basis.
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the timeout
subcommand.
174
Chapter 3: Configuration Mode Commands
(config) # reload
Synopsis
Reboots or shuts down this machine. This command is also available in enable
mode. See “#reload” on page 62 for more information.
175
Director Command Line Interface Reference
(config) # remote-config
Synopsis
This command allows you to configure and manage remote devices.
Syntax
(config) # remote-config subcommands
Subcommands
This section discusses the following subcommands:
•
“associate-overlay” on page 176
•
“associate-profile” on page 176
•
“backup” on page 176
•
“clear-byte-cache” on page 178
•
“clear-dns-cache” on page 178
•
“clear-object-cache” on page 178
•
“diff” on page 178
•
“dissociate-overlay” on page 178
•
“dissociate-profile” on page 178
•
“download-system url” on page 178
•
“execute” on page 179
•
“help device” on page 179
•
“license-key” on page 179
•
“overlay” on page 179
•
“profile” on page 181
•
“reboot” on page 182
•
“reconnect” on page 183
•
“validate-system version” on page 183
associate-overlay
(config) # remote-config associate-overlay <overlay_id> <type
device | group> <device_id | group_id>
(Introduced in SGME 6.1.10.1) Associate an overlay to device or group of
devices.
associate-profile
(config) # remote-config associate-profile <profile_id> <type
device | group> <device_id | group_id>
(Introduced in SGME 6.1.10.1) Associate a profile to device or group of
devices.
backup
176
Chapter 3: Configuration Mode Commands
(config) # remote-config backup
Changes the prompt to (config remote-config backup)
(config remote-config backup) # addr-device ip_address_or_hostname
| addr6-device ip_address
Takes a snapshot of the configuration for the specified device address. If
necessary, removes the oldest backup to make room for this newest one.
(config remote-config backup) # all
Takes a snapshot of the configuration for all devices. If necessary, removes the
oldest backup to make room for this newest one.
(config remote-config backup) # [no] device device_id [backup_id
{comment backup_comment | name backup_name | pin}]
Takes a snapshot of the configuration for the specified device. If necessary,
removes the oldest backup to make room for this newest one.
Prefacing the command with no removes the indicated device backup.
The optional commands add a comment or friendly name for the specified
device backup, or promote the specified automatic backup to permanent
status, meaning this backup will not be automatically removed when old
backups are deleted. The system will not allow you to pin the last unpinned
backup slot. The final slot must be reserved for automatic backups.
(config remote-config backup) # exit
Exits backup submode and returns to configuration mode.
(config remote-config backup) # group group_id
Takes a snapshot of the configuration for the specified group of devices. If
necessary, removes the oldest backup to make room for this newest one.
(config remote-config backup) # help
Displays help information.
(config remote-config backup) # model model
Takes a snapshot of the configuration for tall devices with the specified
appliance model. To display a list of valid models, enter model ?. If necessary,
the command removes the oldest backup to make room for this newest one.
(config remote-config backup) # no un-pinned
Deletes all backups that are not pinned.
(config remote-config backup) # options max-backups
max_backups_value
Master count of total automated backups allowed per device. If
max_backups_value is less than the number of automated backups currently
saved for any given device, warning messages display and
max_backups_value is automatically set to the lowest possible value. For
example, if a device already has seven backups, and you try to set maxbackups to 5, it will instead be set to 7.
The same check is made to make sure a given device will not end up with all
its possible backups pinned. For example, if a device has five pinned backups,
and you try to set max-backups to 5, it will instead be set to 6.
177
Director Command Line Interface Reference
(config remote-config backup) # restore device device_id backup_id
Restores the specified backup to the specified device.
(config remote-config backup) # os-version sgos_version
Takes a snapshot of the configuration for tall devices with the specified SGOS
version. To display a list of valid versions, enter os-version ?. If necessary,
the command removes the oldest backup to make room for this newest one.
clear-byte-cache
(config) # remote-config clear-byte-cache {all | device device_id |
group | group_id | model model | os-version sgos_version}
Clears the byte cache on all devices, a specific device, or on a group on
devices.
clear-dns-cache
(config) # remote-config clear-dns-cache {all | device device_id |
group | group_id | model model | os-version sgos_version}
Clears the DNS cache on all devices, a specific device, or on a group on
devices.
clear-object-cache
(config) # remote-config clear-object-cache {all | device device_id
| group | group_id | model model | os-version sgos_version}
Clears the object cache on all devices, a specific device, or on a group on
devices.
diff
Compares backups, overlays, or profiles using a diff utility and formats the
output in one of the following ways:
•
context format uses an identification line for each file, containing the
filename and modification date.
•
unified (default) uses plus and minus signs to indicate differences: each line
that occurs only in the left file is preceded by a minus sign, each line that
occurs only in the right file is preceded by a plus sign, and common lines are
preceded by a space.
This command is discussed in “#remote-config” on page 63.
dissociate-overlay
(config) # remote-config dissociate-overlay <overlay_id> <type
device | group> <device_id | group_id>
(Introduced in SGME 6.1.10.1) Dissociate an overlay from a device or group of
devices.
dissociate-profile
(config) # remote-config dissociate-profile <profile_id> <type
device | group> <device_id | group_id>
(Introduced in SGME 6.1.10.1) Dissociate a profile from a device or group of
devices.
download-system url
This command is discussed in “#remote-config” on page 63.
178
Chapter 3: Configuration Mode Commands
execute
This command is discussed in “#remote-config” on page 63.
help device
(config) # remote-config help device device_id
Sets the specified device to be the designated device for command completion
help. When the user needs help while constructing an SGOS command, the
Director will communicate with this device to retrieve command help and to
complete help commands.
If this value is not set, a message displays if you attempt to access device help.
license-key
This command is discussed in “#remote-config” on page 63.
overlay
(config) # remote-config overlay overlay_id [comment | copy
new_overlay_id | create | execute subcommands | input | name
name | policy_type {enable | disable} | reference {device
device_id | url url} | policy_type {enable | disable} | refresh
[device device_id | url url]]
To enter overlay submode, enter (config) # remote-config overlay
overlay_id
(config remote-config overlay overlay_id) # comment overlay_comment
Assigns a comment string to this overlay.
(config remote-config overlay overlay_id) # copy new_overlay_id
Copies the entered overlay.
(config remote-config overlay overlay_id) # create
Creates a new overlay with this ID.
(config remote-config overlay overlay_id) # execute
(config remote-config overlay overlay_id) # execute addr-device
ip_address_or_hostname | model model | os-version
sgos_version [errors-only]
Executes the overlay on the device with the specified address. The
errors-only option specifies to display only errors. These errors could
be Director errors or errors the device generates executing the commands.
Device-generated errors display the % (percent) character on the
beginning of a line of device output.
(config remote-config overlay overlay_id) # execute all [errorsonly]
Executes the overlay on all groups and devices. The errors-only option
specifies to display only errors. These errors could be Director errors or
errors the device generates executing the commands. Device-generated
errors display the % (percent) character on the beginning of a line of
device output.
(config remote-config overlay overlay_id) # execute device
device_id
179
Director Command Line Interface Reference
Executes the overlay on the specified device. The errors-only option
specifies to display only errors. These errors could be Director errors or
errors the device generates executing the commands. Device-generated
errors display the % (percent) character on the beginning of a line of
device output.
(config remote-config overlay overlay_id) # execute group
group_id
Executes the overlay on the specified group of devices. The errors-only
option specifies to display only errors. These errors could be Director
errors or errors the device generates executing the commands. Devicegenerated errors display the % (percent) character on the beginning of a
line of device output.
(config remote-config overlay overlay_id) # execute {model model
| os-version sgos_version group_id}
Executes the overlay on devices of the specified model or running the
specified version of SGOS. The errors-only option specifies to display
only errors. These errors could be Director errors or errors the device
generates executing the commands. Device-generated errors display
the % (percent) character on the beginning of a line of device output.
(config remote-config overlay overlay_id) # exit
Exits overlay submode and returns to configuration mode.
(config remote-config overlay overlay_id) # help
Displays help information.
(config remote-config overlay overlay_id) # input
This command loads an overlay into the Director. Enter the entire contents of
the overlay, ending with Control+D. The commands you enter replace the
entire overlay.
Be careful when using the input command that you do not include any
device-specific commands that could destabilize the Director's connection to
the device, such as setting the device's IP address.
(config remote-config overlay overlay_id) # name name
Sets the friendly name associated with an overlay. If the overlay already had a
name, the old one is overwritten.
(config remote-config overlay overlay_id) # no {comment | name |
reference}
Removes from the overlay its comment, friendly name, or reference device.
(config remote-config overlay overlay_id) # policy_type {enable |
disable}
This command is used with content filtering policy. This command is
available for the sadmin, admin, and all privilege 15 users.
The enable subcommand creates a Content Policy overlay. That is, the
overlay has manual settings that make it usable with content filtering policy.
The disable subcommand changes the overlay type to be a normal overlay,
and not the content policy overlay.
180
Chapter 3: Configuration Mode Commands
(config remote-config overlay overlay_id)# reference {device
device_id | url}
This command determines the reference device or URL for the overlay. The
reference is used to get refreshables and, if you specify a reference device, to
start the Management Console viewer to add configurable settings for the
overlay.
(config remote-config overlay overlay_id) # reference device
device_id
Sets the reference device to device_id. Refreshables are fetched from this
device ID and the device’s Management Console viewer can be used to
get configurable settings.
(config remote-config overlay overlay_id) # reference url url_id
Sets the reference to a URL. Refreshables for the overlay are stored in a
text file at this URL.
(config remote-config overlay overlay_id) # refresh [device
device_id | url url]
(config remote-config overlay overlay_id) # refresh
Fetches refreshables for the overlay from the reference.
(config remote-config overlay overlay_id) # refresh device
device_id
Fetches refreshables for the overlay from a device.
(config remote-config overlay overlay_id) # refresh url url
Fetches refreshables for the overlay from a URL.
profile
(config) # remote-config profile profile_id [comment | copy
new_profile_id | create | execute subcommands | input | name
name | reference {device device_id | url url} | refresh [device
device_id | url url]]
To enter profile submode, enter (config) # remote-config profile
profile_id
(config remote-config profile profile_id) # comment
Adds a comment to this profile.
(config remote-config profile profile_id) # copy new_profile_id
Copies this profile.
(config remote-config profile profile_id) # create
Creates a new profile with this profile ID.
(config remote-config profile profile_id) # execute {addr-device
ip_address_or_hostname | all | device device_id | group group_id
model model | os-version sgos_version} [errors-only]
Pushes out a profile to the specified device, group of devices; or to devices of
the specified model or running the specified version of SGOS. This will make
the configuration on the device be exactly that of the profile; that is, the
devices' configurations are reset, and then the configuration commands in the
profile are applied.
181
Director Command Line Interface Reference
The errors-only option specifies to display only errors. These errors could
be Director errors or errors the device generates executing the commands.
Device-generated errors display the % (percent) character on the beginning of
a line of device output.
(config remote-config profile profile_id) # exit
Exits profile submode and returns to configuration mode.
(config remote-config profile profile_id) # help
Displays help information.
(config remote-config profile profile_id) # input
This command loads a profile into Director. Enter the entire contents of the
profile, ending with Control+D. The commands you enter replace the entire
profile.
Be careful when using the input command that you do not include any
device-specific commands that could destabilize Director's connection to the
device, such as setting the device's IP address.
(config remote-config profile profile_id) # name name
Assigns a friendly name to this profile.
(config remote-config profile overlay_id) # no {comment | name |
reference}
Removes from the profile its comment, friendly name, or reference device.
(config remote-config profile profile_id) # reference
(config remote-config profile profile_id) # reference device
device_id
Sets the reference-device to a device.
(config remote-config profile profile_id) # reference url url_id
Sets the reference-url to a URL.
(config remote-config profile profile_id) # refresh [device
device_id | url url]
This command determines the reference device or URL for the profile. The
reference is used to get profile data. If you specify a URL, profile data is stored
in a text file at this URL.
(config remote-config profile profile_id) # refresh
Fetches the overlay from the reference.
(config remote-config profile profile_id) # refresh device
device_id
Fetches the profile data from a device.
(config remote-config profile profile_id) # refresh url url
Fetches the profile data from a URL, where url is in one of the formats
discussed in “URL Syntax” on page 12.
reboot
(config) # remote-config reboot [addr-device ip_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version]
182
Chapter 3: Configuration Mode Commands
(config) # remote-config reboot addr-device ip_or_hostname
Reboots the device with the specified IP address or hostname.
(config) # remote-config reboot all
Reboots all known devices.
(config) # remote-config reboot device device_id
Reboots the specified device.
(config) # remote-config reboot group group_id
Reboots all devices in the specified group.
(config) # remote-config reconnect {model model | os-version
sgos_version}
Reboots all devices of the specified model or that run the specified
version of SGOS.
reconnect
(config) # remote-config reconnect {addr-device ip_or_hostname |
all | device device_id | group group_id | model model | osversion sgos_version}
Reconnects to devices specified as follows:
(config) # remote-config reconnect addr-device
ip_or_hostname
Reconnects to a specific device at the specified host name or IP address.
(config) # remote-config reconnect all
Reconnects to all known devices.
(config) # remote-config reconnect device device_id
Reconnects to a specific device_id.
(config) # remote-config reconnect group group_id
Reconnects to all devices in group_id.
(config) # remote-config reconnect {model model | os-version
sgos_version}
Reconnects to all devices of the specified model or that run the specified
version of SGOS.
validate-system version
(config) # remote-config validate-system version version {addrdevice ip_address_or_hostname | all | device device_id | group
group_id model model | os-version sgos_version}
Validates the image version of a certain device or group of devices.
Example
director (config) # remote-config backup restore device 10.25.36.47
bu2director
director (config) # remote-config backup addr6-device
2001:5c0:9168::161
183
Director Command Line Interface Reference
Backup complete for device "82". ID 82-2012.03.05-124232
184
Chapter 3: Configuration Mode Commands
(config) # require-config-lock enable
Synopsis
Requires Management Console users to explicitly acquire the configuration lock
before making changes to Director’s running configuration. This command
causes the Acquire Lock button to display in the Director Management Console.
To release the configuration lock, enter no require-config-lock enable as
discussed in “(config) #require-config-lock enable” on page 185. When you
release the configuration lock, any changes you made to Director’s configuration
are committed.
To show the current state of the configuration lock enter show require-configlock as discussed in “(config) #require-config-lock enable” on page 185.
For more information, see the discussion of configuration changes in Appendix A,
Administering Director, in the Blue Coat Director Configuration and Management
Guide.
185
Director Command Line Interface Reference
(config) # restore-db userdb
Synopsis
This command is related to content filtering policy. This command is available for
the sadmin user only and should be used only when advised to do so by Blue
Coat Support.
Enables you to restore the user database (which contains information about the
associations between delegated users, user groups, and Content Policy overlays).
However, it does not restore the devices, groups, or user groups themselves.
Backups are made automatically once a day.
Syntax
director (config) # restore-db userdb backup_name
Restores the daily backup you select. For example,
director (config) # restore-db userdb userdb-backup-Wed
186
Chapter 3: Configuration Mode Commands
(config) # role
Synopsis
Creates a user group for use with content filtering policy. This command is
available to the sadmin user only. Users associated with this group can apply
content filtering policy to devices or custom groups also associated with the user
groups.
For more information about content filtering policy commands, see “Content
Filtering Policy and Role-Based Access” on page 7.
Syntax
director (config) # role delegated-admin user-group user_group_name
Creates the specified user group. The user group name can be a maximum of 45
alphanumeric characters in length.
Related Commands
•
To create a delegated user authorized locally,
director (config) # username username role delegated-admin
•
To create a delegated user authorized by RADIUS,
director (config) # username username auth-type radius
User Groups
•
To associate delegated users with a user group,
director (config) # username username role delegated-admin usergroup group_name
See “(config) #username” on page 208.
•
To associate a user group with a device or with a custom group,
director (config) # [no] device-acl role delegated-admin usergroup user_group_name {device device_id | group
custom_group_name}
For more information, see “(config) #device-acl” on page 121
•
To set the policy type for a user-group to local,
director (config) # role delegated-admin user-group
user_group_name set-policy-type local
•
To set the policy type for a user-group to central,
director (config) # role delegated-admin user-group
user_group_name set-policy-type central central_file_path
username username password password
•
To set whether changes to the central policy file is automatically or manually
sent to the devices,
director (config) # role delegated-admin user-group
user_group_name set-policy-type central send-sg-commands
{enable | disable}
Overlays
•
To create a Content Policy overlay,
187
Director Command Line Interface Reference
director (config) # remote-config overlay overlay_id policy_type
enable
director (config) # remote-config overlay overlay_id
director (config remote-config overlay "overlay_id") # input
For more information, see “overlay” on page 179.
•
To associate a content policy overlay with a user group,
director (config) # role delegated-admin user-group
user_group_name overlay content_policy_overlay_name
•
To disassociate an overlay from a user group,
director (config) # no role delegated-admin user-group
user_group_name overlay
•
To associate a Content Policy overlay with a device,
director (config) # device device_id overlay
content_policy_overlay_name
For more information, see “(config) #device device_id” on page 115.
Substitution Variables
•
To create substitution variables,
director (config) # [no] role-substitution-variable
variable_name {device device_id | group group_name} input
For more information, see “(config) #role-substitution-variable” on page 189
List Settings
•
To enable or disable the list settings for the delegated users.
director (config) # role delegated-admin user-group
user_group_name {all | user user_name } list-settings
{allow_urls|block_urls|allow_categories|block_categories}
{enable|disable}
The all option can be used to apply the settings for all the users in the user
group.
Categories
•
To associate a set of categories to the delegated user from the master category
list,
director (config) # role delegated-admin user-group
user_group_name {all | user user_name } categories input
The all option can be used to apply the settings for all the users in the user
group.
188
Chapter 3: Configuration Mode Commands
(config) # role-substitution-variable
Synopsis
Enables you to define substitution variables and values for use with content
filtering policy for selected devices. This command is used with content filtering
policy.
If the target is a device or group, only a delegated user can run the command. If
non-delegated users try to execute these commands error occur.
If the target is a user-group, this command is available available for the delegated
and non-delegated users. When executed, substitution variables are created with
the prefix of user-group.
These substitution variables are common to all users that belong to a particular
user group. Any user belonging to the same user group can create, edit, view, and
delete those substitution variables.
Syntax and Subcommands
director (config) # [no] role-substitution-variable variable_name
(device device_id | group group_name} input
Creates a substitution variable named variable_name for the specified device ID.
Use the input subcommand to specify a value for the substitution variable.
Prefacing the command with the optional no parameter removes the specified
substitution variable.
If a delegated user runs the command, variable_name is prefixed with the name of
the user’s user group.
If admin, sadmin, or another privilege 15 user runs the command and the target
type is user-group, the group is not added to the start of the substitution variable
name because these users do not belong to delegated user groups. The
substitution variable is created with the user-group-name as a prefix.
If admin, sadmin, or another privilege 15 user runs the command and the target
type is device or group, the command will not execute. See “(config) #device
device_id” on page 115 or “(config) #group group_id” on page 129 instead.
For example,
director (config) # role-substitution-variable
HR_policy_url_blocklist device QA142 input
For non-delegated admin normal substitution variable will be
created.
Enter your value now.
Press Ctrl-D when finished, or Ctrl-C to abort.
www.example.com^D
Related Commands
•
To create a user group,
director (config) # role delegated-admin user-group group_name
For more information, see “(config) #role” on page 187
•
To create a delegated user authorized locally,
189
Director Command Line Interface Reference
director (config) # username username role delegated-admin
•
To create a delegated user authorized by RADIUS,
director (config) # username username auth-type radius
•
To associate delegated users with a user group,
director (config) # username username role delegated-admin usergroup group_name
See “(config) #username” on page 208.
•
To create a Content Policy overlay,
director (config) # remote-config overlay overlay_id policy_type
enable
director (config) # remote-config overlay overlay_id
director (config remote-config overlay "overlay_id") # input
For more information, see “overlay” on page 179.
•
To associate a Content Policy overlay with a device,
director (config) # device device_id overlay
content_policy_overlay_name
For more information, see “(config) #device device_id” on page 115.
•
To input values to the substitution variables of a user group,
director (config) # role-substitution-variable {allow_urls |
block_urls | allow_categories | block_categories} user-group
user-group-name input
•
To remove substitution variables from a user group,
director (config) # no role-substitution-variable {allow_urls |
block_urls | allow_categories | block_categories} user-group
user-group-name
190
Chapter 3: Configuration Mode Commands
(config) # show
Synopsis
Displays running system information. This command is also available in enable
mode. See “#show” on page 69 for information.
All subcommands of the show command are discussed in “#show” on page 69
except show ssl, which is discussed in the following section.
Subcommands
director (config) # show categories-list
For admin and super-admin users this displays all the categories from the
master category list. For the delegated users it displays the categories
associated with them. If the categories are not associated to particular
delegated user, and the categories are associated to all the users in the
usergroup, those categories are displayed.
director (config) # show devices <device_id> associated-overlays
(Introduced in SGME 6.1.10.1) Show associated overlays for this device.
director (config) # show devices <device_id> associated-profiles
(Introduced in SGME 6.1.10.1) Show associated profiles for this device.
director (config) # show dmc timeout
Display the timeout period set for Director Mangement Console sessions.
usergroup, those categories are displayed.
director (config) # show groups <group_id> associated-overlays
(Introduced in SGME 6.1.10.1) Show associated overlays for this group.
director (config) # show groups <group_id> associated-profiles
(Introduced in SGME 6.1.10.1) Show associated profiles for this group.
director (config) # show list-settings
Displays the list settings for the logged in user. If the list settings are not set
for the user, the list settings are inherited from the user-group the delegated
user belongs to.
director (config) # show role delegated-admin user-groups policyfile-association
Displays the user group associated with central policy file.
director (config) # show role delegated-admin user-group usergroup-name {all | user username } list-settings
Displays the list settings of the delegated users.
director (config) # show role delegated-admin user-group usergroup-name {all|user username } categories
Displays the categories assigned to the users. The all option displays the
categories of the user group level. If categories are not set for the user, the
categories are inherited from the user-group the delegated user belongs to.
191
Director Command Line Interface Reference
director (config) # show role-substitution-variable user-group
user-group-name
Displays the substitution variables for a user group.
director (config) # show ssl
director (config) # show ssl appliance-certificate
Displays the Director’s appliance certificate.
director (config) # show ssl appliance-certificate-request
Displays the request for the Director’s appliance certificate or creates one
if it did not already exist.
192
Chapter 3: Configuration Mode Commands
(config) # slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director command line. This command is also
available in standard and enable modes. See “>slogin” on page 26 for
information.
Important: When the slogin command is run from configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
193
Director Command Line Interface Reference
(config) # snmp-server
Synopsis
Configures Simple Network Management Protocol (SNMP) server options. For
general information about SNMP, see RFC 2578, RFC 3411, RFC 1901, and RFC
1157.
Syntax
(config) # snmp-server {community community_name} | contact
contact_string | enable [authtraps | inform | traps] | host
hostname {inform community_string | version version
community_string} | location location_string | traps {defaultcommunity | default-version | device-state | job-state |
standby-state }
Subcommands
(config) # snmp-server community community_name
Sets the SNMP server community name on this node. By default, Director has
no SNMP community name. The community name must be an alphanumeric
string of up to 16 characters in length; special characters like underscore (_),
asterisk (*), pound (#), and so on are not supported.
(config) # snmp-server contact contact_string
Sets the SNMP contact string on this node.
(config) # snmp-server enable [authtraps | inform | traps]
Without an optional parameter, enables the SNMP server on this node.
Following is a description of optional parameters:
(config) # snmp-server enable authtraps
Enables receiving authorization traps on this node.
(config) # snmp-server enable inform
Enables sending of SNMP informs on this node. Unlike a trap, an inform
message is confirmed (that is, a response message is sent back).
(config) # snmp-server enable traps
Enables sending of SNMP traps on this node. SNMP traps are limited to
Director startup and shutdown events.
(config) # snmp-server host hostname inform community_string
Adds a host from the list of hosts to which to send SNMP informs.
(config) # snmp-server host hostname traps {community_string |
version version_1_or_2c community_string}
Adds a host from the list of hosts to which to send SNMP traps. If a version
number is specified, the version number overrides the default settings of the
traps version (which is 2c).
(config) # snmp-server inform default-community community_name
Changes the community used to send SNMP informs to hosts that do not
have a community string override.
194
Chapter 3: Configuration Mode Commands
(config) # snmp-server location location_string
Sets the SNMP location string on this node.
(config) # snmp-server traps [default-community | default-version |
device-state | job-state | standby-state]
Sets the following SNMP trap options:
(config) # snmp-server traps default-community community-name
Sets the default community name to use.
(config) # snmp-server traps default-version version
Sets the default version to use.
(config) # snmp-server traps device-state [added | all | autoregistered | auto-registered failed | connected | critical |
deleted | disconnected | ok | warning] enable
Enables device-state traps.
(config) # snmp-server traps job-state [all | finished |
started] enable
Enables job-state traps.
(config) # snmp-server traps standby-state [all | forced-active
| forced-primary | forced-secondary | forced-standalone |
partner-invalid | partner-lost | partner-regained | partnervalid | primary-inactive | secondary-reserve | sync-failed |
sync-regained] enables
Enables standby-state traps.
Example
director (config) # snmp-server enable inform
195
Director Command Line Interface Reference
(config) # ssh
Synopsis
Manipulates Secure Shell (SSH) settings that you use to log in to a remote host
from Director (ssh client) or that you use to log in to Director remotely using an
SSH application (ssh server).
Syntax
(config) # ssh {client subcommands | server subcommands}
Subcommands
The ssh command has the following subcommands:
•
“ssh client” on page 196
•
“ssh server” on page 196
ssh client
Sets options to be used when you log in to a remote host from Director using the
slogin command as discussed in “>slogin” on page 26.
(config) # ssh client user username {authorized-key rsakey {sshv1
key_length exponent key [comment] | sshv2 key} | knownhost
hostname_or_ip_address rsakey key_length exponent key}
(config) # ssh client user username authorized-key rsakey {sshv1
key_length exponent key [comment] | sshv2 key
Adds to the list of RSA public keys that can be used to log in to the
specified user's account.
Note: You cannot assign an RSA key to a disabled user account.
(config) # ssh client user username knownhost
hostname_or_ip_address rsakey key_length exponent key
Specifies a known host with its public key for the specified user account.
ssh server
Sets options to be used when you log in to Director using an SSH application.
(config) # ssh server auth {allowpassword | allowrsa |
permitemptypassword}
allowpassword enables users to log in to a remote host using a password.
allowrsa enables users to log in to a remote host using RSA encryption.
permitemptypassword (default setting) allows Director to send empty
passwords for TACACS, LDAP, and local user accounts. RADIUS is an
exception; to prevent account lock-out errors, the Director does not send
empty passwords to the RADIUS servers.
(director) config # no ssh server auth permitemptypassword
allows you to change the default behavior and disallow an empty password.
For a local user account, when you disallow an empty password, users will be
required to create a password for authenticating access to the Director.
196
Chapter 3: Configuration Mode Commands
For RADIUS you cannot configure Director to send empty passwords. The
default option is no ssh server auth permitemptypassword; It cannot be
modified.
Note: These commands are persistent across Director reboots.
(config) # ssh server enable {sshv1 | sshv2}
Enables you to log in to Director remotely using either SSHv1 or SSHv2. To
disable access using SSH, use the no ssh server enable {sshv1 | sshv2}
command.
(config) # ssh server hostkey rsakey generate {sshv1 [key_size] |
sshv2}
Regenerates either the SSHv1 or SSHv2 RSA host key. If the key size of the
SSHv1 host key is not specified, the default of 1024 bits is used.
(config) # ssh server knownhost hostname_or_ip_address rsakey
key_length exponent key
Specifies a listing of a known host with its public key.
Example
director (config) # ssh server hostkey rsakey generate sshv2
197
Director Command Line Interface Reference
(config) # ssl
Synopsis
Manipulates Secure Sockets Layer (SSL) settings.
Syntax
(config) # ssl {disable | enable | legacy-renegotiation-enable |
legacy-renegotiation-disable | registration-password password}
Subcommands
(config) # ssl disable
(Introduced in SGME 6.1.9.1) Disable SSLv2 protocol communication to
Director.
(config) # ssl enable
(Introduced in SGME 6.1.9.1) Enable SSLv2 protocol communication to
Director. SSLv2 is disabled by default.
Important: To ensure that your SSLv2 setting remains enabled after a reboot,
use the #write memory command to write running configuration to
persistent storage. For more information, see “#write” on page 92.
(config) # ssl gencsr bits <number_of_bits> passphrase <passphrase>
signing-attributes <list_of_attributes>
(Introduced in SGME 6.1.12.1) Generate a certificate signing request (CSR)
and a new private key, which overrides any existing private key. Then, submit
the CSR to the certificate authority (CA) to generate a public key. The number
of bits must be a minimum of 2048 bits. The passphrase must be a minimum
of four characters to a maximum of 20. Separate attributes to add into the
certificate signing request fields with a semi-colon (;), for example:
“C=CA;CN=bluecoat.com;OU=Director”
To load the key, run (config) # ssl load-private-key.
(config) # ssl install-certificate public
(Introduced in SGME 6.1.12.1) Install the public certificate on the Director
appliance. When you enter this command, the CLI displays the following:
Enter public certificate contents now.
Press Ctrl-D when finished, or Ctrl-C to abort.
(config) # ssl legacy-renegotiation-enable
Enables SSL renegotiation with SSL clients. Use this command, if you would
like to allow backward compatibility for older Web browsers.
Use caution when enabling SSL renegotiation with legacy clients, because the
Director permits a less secure option that may expose your network to
security vulnerabilities.
(config) # ssl legacy-renegotiation-disable
198
Chapter 3: Configuration Mode Commands
This is the default setting. This option forces the Director to renegotiate the
session credentials only with an SSL client, such as a Web browser, that
adheres to the security requirements of the SSL handshake. It disallows SSL
renegotiation with legacy SSL clients that do not comply with the security
requirements of the SSL handshake.
(config) # ssl load-private-key
(Introduced in SGME 6.1.12.1) Load the private key. You must have generated
the key using the (config) # ssl gencsr command.
(config) # ssl registration-password password
Sets the registration password for ProxySG authentication for models that do
not support appliance certificates. To determine if your appliance supports
appliance certificates, use one of the following commands. Each command
returns the device certificate if it exists:
•
Command that returns an error if the device does not have an appliance
certificate:
(config) # remote-config execute {addr-device
ip_address_or_hostname | device device_id input errors-only}
exit
show ssl certificate appliance-key
config t
•
Command that returns the device certificate if it exists:
(config) # remote-config execute {addr-device
ip_address_or_hostname | device device_id input [errorsonly]}
exit
show ssl ssl-device-profile bluecoat-appliance-certificate
config t
You must press Control+D after the command to send it to the device. For
more information, see “execute” on page 179.
(config) # ssl delete {all-certificates | public-certificate}
(Introduced in SGME 6.1.12.1) Delete the installed private key, the public
certificate, and CSR certificates; or delete only the public certificate.
Example
director (config) # ssl registration-password ?
******
director (config) # ssl registration-password test
director (config) #
199
Director Command Line Interface Reference
(config) # standby
Synopsis
Configures the Director’s standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs. For information, see “>standby” on page 27.
200
Chapter 3: Configuration Mode Commands
(config) # tacacs-server
Synopsis
Configures Terminal Access Controller Access-Control System (TACACS) servers.
Director enables you to use the following authentication schemes for user access
to Director:
•
LDAP: Supports authentication to an AD server. Authorization is defined
locally on the Blue Coat Director.
For more information, see “(config) #ldap-server” on page 167.
•
RADIUS: Supports authentication and authorization.
For more information, see “(config) #radius-server” on page 172.
•
TACACS: Supports authentication only. All users authenticated by TACACS
have privilege level 15 access.
•
Local: Supports authentication and authorization.
For more information, see “(config) #username” on page 208.
For more information about using multiple authentication schemes, see “(config)
#aaa authentication login default” on page 94.
Syntax
(config) # tacacs-server {{host hostname {key keyname | port port
single-connection | timeout #h #m #s} | key password | timeout
#h #m #s}
Subcommands
(config) # tacacs-server host hostname
Adds this host to the list of TACACS servers.
(config) # tacacs-server host hostname key password
Sets the authentication and encryption key used for communications with
this TACACS server.
(config) # tacacs-server host hostname port port_number
Sets the default port number to use for TACACS+ requests to the
specified host.
(config) # tacacs-server host hostname single-connection
Enables single connection mode, where the original TCP connection is
held open for multiple TACACS sessions, instead of reopening a new one
every time.
(config) # tacacs-server host hostname timeout #h #m #s
Sets the timeout for communication with this TACACS server. Format the
time as the number of hours, followed by the number of minutes,
followed by the number of seconds.
For example, the following command sets the timeout at four hours and
one minute:
201
Director Command Line Interface Reference
(config) # tacacs-server host hostname timeout 4h 1m 0s
(config) # tacacs-server key password
Sets the authentication and encryption key used for communications with
this TACACS server.
(config) # tacacs-server timeout #h #m #s
Sets the timeout on communication with this TACACS server. Format the
time as the number of hours, followed by the number of minutes, followed by
the number of seconds.
For example, the following command sets the timeout at four hours and one
minute:
(config) # tacacs-server timeout 4h 1m 0s
Example
director (config) # tacacs-server timeout 2h 30m
202
Chapter 3: Configuration Mode Commands
(config) # tcpdump
Synopsis
This command is also available in standard and enable modes. For information,
see “>tcpdump” on page 29.
203
Director Command Line Interface Reference
(config) # telnet-management
Synopsis
Configures a Telnet server to be used to communicate with Director.
Note: Because Telnet is not secure, Director recommends you not enable the Telnet
server. Instead, always connect to Director securely using SSH-RSA as discussed in the
Blue Coat Director Configuration and Management Guide.
Syntax
(config) # telnet-management args args
Sets command line arguments to pass to the Telnet server.
(config) # [no] telnet-management enable
Enables the Telnet server on this Director appliance.
Preceding the command with no disables the Telnet server.
Example
director (config) # telnet-management enable
204
Chapter 3: Configuration Mode Commands
(config) # traceroute
Synopsis
Determines the route packets take to a destination. This command is also
available in standard and enable modes. For information, see “>traceroute” on
page 30.
205
Director Command Line Interface Reference
(config) # upgrade-package
Synopsis
Enables you to upgrade to or to roll back from a Director upgrade image.
Syntax
director (config) # upgrade-package {delete filename | fetch
remote_url [username username password password] | install
filename | rollback | verify filename}
Note: To display the filename list, use the show upgrade-package command.
Director 510 enables you to install, delete, verify, or roll back to one filename at
a time. For example, if you initially installed SGME 4.2.2.1, upgrade to SGME
5.2.2.1 and later upgrade to SGME 5.3.1.2, you can roll back to or delete the
SGME 5.2.2.1 image only.
Each upgrade-package subcommand is discussed as follows:
director (config) #
upgrade-package delete filename
Deletes the upgrade image specified by filename. You should delete
upgrade images only after verifying the upgrade to the current version.
After deleting an upgrade image, that image is not available for rollback.
director (config) # upgrade-package fetch remote_url [username
username password password]
Validates and fetches the upgrade image from an external server using a
remote_url formatted as follows:
•
https://<hostname[:port]>/<path and filename>
•
http://<hostname[:port]>/<path and filename>
•
ftp://<hostname>/<path and filename>
•
scp://<hostname>/<path and filename>
The following is an example of the upgrade package on an external
server:
http://your_server/SGME/Director-6.1.3-99635
The following is an example of the download URL for the upgrade
package on BTO:
https://bto.bluecoat.com/download/direct/
4536183438735678802733092383907
Specifying a username and password in the URL is not supported.
For more information about getting an upgrade image, see the Director
Release Notes or Chapter 15, Upgrading Director, in the Blue Coat Director
Configuration and Management Guide.
director (config) #
upgrade-package install filename
Installs the upgrade package you previously fetched using upgradepackage fetch. When the upgrade package is installed, the previous
SGME image is repackaged and made available for rollback.
director (config) #
upgrade-package rollback filename
206
Chapter 3: Configuration Mode Commands
Rolls back to the previous SGME image. To downgrade to SGME 6.1.2.x,
first issue the upgrade-package fetch command, and then issue the
upgrade-package rollback command. For example:
director (config) #
upgrade-package verify filename
Verifies the integrity of the upgrade package. The upgrade-package
fetch command verifies the package when it is fetched from the external
server, so this command is useful if you did not use the upgrade-package
fetch to retrieve the package.
207
Director Command Line Interface Reference
(config) # username
Synopsis
Manages local user and delegated user accounts.
Every command beginning with username creates a user account with that name
if one did not already exist. In addition, the actions specific to the command
entered are performed. Note that all of these commands pertain only to local user
accounts.
Director enables you to use the following authentication schemes for user access
to Director:
•
LDAP: Supports authentication to an AD server. Authorization is defined
locally on the Blue Coat Director.
For more information, see “(config) #ldap-server” on page 167.
•
RADIUS: Supports authentication and authorization.
For more information, see “(config) #radius-server” on page 172.
•
TACACS: Supports authentication only. All users authenticated by TACACS
have privilege level 15 access.
For more information, see “(config) #tacacs-server” on page 201.
•
Local: Supports authentication and authorization. The username command
manages local authentication and authorization.
To use a combination of the preceding authentication and authorization
mechanisms, see “(config) #aaa authentication login default” on page 94.
Syntax
(config) # username subcommands
Director has the following built-in user accounts:
•
sadmin: The administrator for content filtering policy. sadmin has certain
privileges that admin and other privilege 15 users do not have. For details, see
the Blue Coat Director Configuration and Management Guide.
•
admin: The default administrator account with privilege level 15. The admin
account cannot be disabled.
•
monitor: The default user monitor account with privilege level 15.
Subcommands
(config) # [no] username username
Creates a user with the specified user name. Until a password is set for this
account, it is disabled.
Preceding the command with the optional no parameter removes the user
from Director. If the user is authenticated using RADIUS, the command does
not prevent the RADIUS user from logging in to Director.
See one of the following sections for more information:
•
“auth-type radius” on page 209
208
Chapter 3: Configuration Mode Commands
•
“disable” on page 209
•
“password | nopassword” on page 209
•
“privilege” on page 210
•
“role” on page 210
auth-type radius
(config) # [no] username username auth-type radius
This command is used with content filtering policy. This command is
available for the sadmin user only.
Creates a delegated user that is authenticated by RADIUS.
Important: To authenticate users in RADIUS, you must specify a key (that is, shared
secret) and you must set up the user in the RADIUS server for Callback NAS Prompt.
To set up the RADIUS server with Director, see “(config) #radius-server” on page 172.
Preceding the command with the optional no subcommand disassociates
the user from user groups, devices, and custom groups with which it was
associated previously. The no subcommand does not delete any user
groups or devices that are associated with the user, however. Finally, the
user can still log in to Director provided RADIUS is enabled for
authentication.
To create a delegated user that is authenticated locally, see “role” on page
210.
disable
(config) # username username disable
Disables the account so the user cannot log in using local authentication.
You cannot disable admin or sadmin.
password | nopassword
(config) # username username nopassword
Specifies that no password is required for this user to log in (and the user
can log in without being prompted for a password).
(config) # username username password {cleartext_password | 0
cleartext_password | 7 encrypted_password}
Sets the password as follows:
•
Enter a password without the optional 0 or 7 subcommands, or enter
the optional 0 subcommand, for the password to be clear text.
•
To Base64-encrypt the password, perform the following tasks:
1. Enter (config) # username username password
cleartext_password
2. Enter director (config) # show configuration
3. Look for output similar to the following:
username admin password 7 KW25kt7gvYupk
In this example, KW25kt7gvYupk is the password in Base64-encrypted
form.
209
Director Command Line Interface Reference
4. Enter (config) # username username password 7
encrypted_password
privilege
(config) # username username privilege {1 | 7 | 15}
Sets the user’s maximum privilege level. All users log in at level 1. If the
maximum privilege level is 1, the enable command is not allowed and
results in an error.
If the maximum privilege level is 7, the enable command will succeed,
but the configure command is not allowed, and results in an error.
If a user's privilege level is changed while they are logged in, it takes
effect immediately. If it is lowered, the system will force the user out of
modes they are no longer allowed to be in; if it is raised, the user can
immediately access the newly available modes.
Be aware that any user with privilege 15 can make any change to the
system, including changing other users' accounts.
role
(config) # [no] username username {role {role_name | delegatedadmin} user-group user_group_name}
This command is used with content filtering policy. This command is
available for the sadmin user only.
Creates a locally authenticated delegated user and specifies a role and
user group name for the user user. For example, the following commands:
director (config) # username FinAdmin password director
director (config) # username FinAdmin role delegated-admin
user-group Finance_policy
Create a delegated user named FinAdmin with password director and
associates the user with the group Finance_policy.
To authenticate the delegated user with RADIUS instead, see “auth-type
radius” on page 209.
Preceding the command with the optional no command disassociates the
user from the role. If the user is authenticated using RADIUS, the
command does not prevent the RADIUS user from logging in but it does
disassociate the user from user groups.
Related Commands for Content Filtering Policy
•
To create a user group,
director (config) # role delegated-admin user-group group_name
For more information, see “(config) #role” on page 187
•
To create a Content Policy overlay,
director (config) # remote-config overlay overlay_id policy_type
enable
director (config) # remote-config overlay overlay_id
director (config remote-config overlay "overlay_id") # input
For more information, see “overlay” on page 179.
210
Chapter 3: Configuration Mode Commands
•
To associate a Content Policy overlay with a device,
director (config) # device device_id overlay
content_policy_overlay_name
For more information, see “(config) #device device_id” on page 115.
•
To create substitution variables,
director (config) # [no] role-substitution-variable
variable_name (device device_id | group group_name | user-group
user-group-name} input
For more information, see “(config) #role-substitution-variable” on page 189
211
Director Command Line Interface Reference
212
Appendix A: Commands Available to Delegated Users
The commands discussed in this appendix are available to Director delegated
users, although some subcommands of these commands are not available.
Director delegated users have a privilege level 10, so they can execute more
commands than a privilege level 7 user.
Because delegated users are assumed to not be familiar with Director
commands, you might consider requiring delegated users to access Director
using the Management Console only. Director does not provide a way to lock
users out of the command line.
Standard Mode Commands Available for Delegated Users
the following standard mode commands are available to delegated users:
cli
enable
exit
help
no
ping
show
tcpdump
traceroute
Enable Mode Commands Available for Delegated Users
The following enable mode commands are available to delegated users:
cli
configure
disable
exit
help
line-vty
no
ping
push-policy
reload
show
tcpdump
traceroute
write
Configure Mode Commands Available for Delegated Users
The following configure mode commands are available to delegated users:
cli
enable
exit
help
line-vty
213
Director Command Line Interface Reference
no
ping
push-policy
reload
require-config-lock
role-substitution-variable
show
ssl
tcpdump
traceroute
write
214
Appendix B: Third-Party Copyright Notices
Blue Coat Systems, Inc. utilizes third party software from various sources. Portions of this software are copyrighted by their
respective owners as indicated in the copyright notices below.
The following lists the copyright notices for:
Jpam 0.5
-------------Apache Software License 2.0
General information:
Copyright 2007 © The Apache Software Foundation
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
Definitions.
"'License' shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through
9 of this document.
"'Licensor' shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"'Legal Entity' shall mean the union of the acting entity and all other entities that control, are controlled by, or are under
common control with that entity. For the purposes of this definition, 'control' means (i) the power, direct or indirect, to
cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent
(50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"'You' (or 'Your') shall mean an individual or Legal Entity exercising permissions granted by this License.
"'Source' form shall mean the preferred form for making modifications, including but not limited to software source
code, documentation source, and configuration files.
"'Object' form shall mean any form resulting from mechanical transformation or translation of a Source form, including
but not limited to compiled object code, generated documentation, and conversions to other media types.
"'Work' shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"'Derivative Works' shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work
and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original
work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable
from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"'Contribution' shall mean any work of authorship, including the original version of the Work and any modifications or
additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work
by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For
the purposes of this definition, 'submitted' means any form of electronic, verbal, or written communication sent to the
Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing
and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as 'Not a Contribution.'
"'Contributor' shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use,
offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
License for that Work shall terminate as of the date such litigation is filed.
Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You meet the following conditions:
1.You must give any other recipients of the Work or Derivative Works a copy of this License; and
2.You must cause any modified files to carry prominent notices stating that You changed the files; and
3.You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
4.If the Work includes a 'NOTICE' text file as part of its distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do
not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative
Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add
Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE
215
Director API Reference
text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms
and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole,
provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding
the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
Trademarks.
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of
the NOTICE file.
Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its
Contributions) on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using
or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
Limitation of Liability.
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for
damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of
this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work
stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of
support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or
claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
NTP 3.5
*******************************************************************************************************************************************
********************************
Copyright (c) University of Delaware 1992-2011
Permission to use, copy, modify, and distribute this software and its documentation for any purpose with or without fee is
herebygranted, provided that the above copyright notice appears in all copies and that both the copyright notice and this
permission notice appear in supporting documentation, and that the name University of Delaware not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. The University of Delaware makes no representations about the suitability this software for any purpose. It is provided "as is" without express or
implied warranty.
*******************************************************************************************************************************************
********************************
Tomcat
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this
document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction
or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code,
documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not
limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by
a copyright notice that is included in or attached to the work.
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for
which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of
authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely
link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright
owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives,
216
Appendix B: Third-Party Copyright Notices
including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a
Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by
Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative
Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object
form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have
made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims
licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or
without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any
modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any
Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file
as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices
contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least
one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do
not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as
an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as
modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and
conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided
Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in
the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement
you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of
the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the
content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under
this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as
a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not
on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional
liability.
Java JRE
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THIS SPECIFICATION TO YOU ONLY UPON THE
CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS AGREEMENT. PLEASE READ THE TERMS
AND CONDITIONS OF THIS AGREEMENT CAREFULLY. BY DOWNLOADING THIS SPECIFICATION, YOU ACCEPT THE
TERMS AND CONDITIONS OF THE AGREEMENT.
Specification: JAVA PLATFORM, STANDARD EDITION ("Specification")
Version: 6
Status: Final Release
Release: December 7, 2006
Copyright 2006 SUN MICROSYSTEMS, INC.
4150 Network Circle, Santa Clara, California 95054, U.S.A
All rights reserved.
LIMITED LICENSE GRANTS
1. License for Evaluation Purposes.
217
Director API Reference
Sun hereby grants you a fully-paid, non-exclusive, non-transferable, worldwide, limited license (without the right to sublicense),
under Sun's applicable intellectual property rights to view, download, use and reproduce the Specification only for the purpose
of internal evaluation. This includes (i) developing applications intended to run on an implementation of the Specification,
provided that such applications do not themselves implement any portion(s) of the Specification, and (ii) discussing the
Specification with any third party; and (iii) excerpting brief portions of the Specification in oral or written communications which
discuss the Specification provided that such excerpts do not in the aggregate constitute a significant portion of the Specification.
2. License for the Distribution of Compliant Implementations.
Sun also grants you a perpetual, non-exclusive, non-transferable, worldwide, fully paid-up, royalty free, limited license (without
the right to sublicense) under any applicable copyrights or, subject to the provisions of subsection 4 below, patent rights it may
have covering the Specification to create and/or distribute an Independent Implementation of the Specification that: (a) fully
implements the Specification including all its required interfaces and functionality; (b) does not modify, subset, superset or
otherwise extend the Licensor Name Space, or include any public or protected packages, classes, Java interfaces, fields or
methods within the Licensor Name Space other than those required/authorized by the Specification or Specifications being
implemented; and (c) passes the Technology Compatibility Kit (including satisfying the requirements of the applicable TCK
Users Guide) for such Specification ("Compliant Implementation"). In addition, the foregoing license is expressly conditioned on
your not acting outside its scope. No license is granted hereunder for any other purpose (including, for example, modifying the
Specification, other than to the extent of your fair use rights, or distributing the Specification to third parties). Also, no right, title,
or interest in or to any trademarks, service marks, or trade names of Sun or Sun's licensors is granted hereunder. Java, and Javarelated logos, marks and names are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other
countries.
3. Pass-through Conditions.
You need not include limitations (a)-(c) from the previous paragraph or any other particular "pass through" requirements in any
license You grant concerning the use of your Independent Implementation or products derived from it. However, except with
respect to Independent Implementations (and products derived from them) that satisfy limitations (a)-(c) from the previous
paragraph, You may neither: (a) grant or otherwise pass through to your licensees any licenses under Sun's applicable
intellectual property rights; nor (b) authorize your licensees to make any claims concerning their implementation's compliance
with the Specification in question.
4. Reciprocity Concerning Patent Licenses.
a. With respect to any patent claims covered by the license granted under subparagraph 2 above that would be infringed by all
technically feasible implementations of the Specification, such license is conditioned upon your offering on fair, reasonable and
non-discriminatory terms, to any party seeking it from You, a perpetual, non-exclusive, non-transferable, worldwide license
under Your patent rights which are or would be infringed by all technically feasible implementations of the Specification to
develop, distribute and use a Compliant Implementation.
b. With respect to any patent claims owned by Sun and covered by the license granted under subparagraph 2, whether or not
their infringement can be avoided in a technically feasible manner when implementing the Specification, such license shall
terminate with respect to such claims if You initiate a claim against Sun that it has, in the course of performing its responsibilities
as the Specification Lead, induced any other entity to infringe Your patent rights.
c. Also with respect to any patent claims owned by Sun and covered by the license granted under subparagraph 2 above, where
the infringement of such claims can be avoided in a technically feasible manner when implementing the Specification such
license, with respect to such claims, shall terminate if You initiate a claim against Sun that its making, having made, using,
offering to sell, selling or importing a Compliant Implementation infringes Your patent rights.
5. Definitions.
For the purposes of this Agreement: "Independent Implementation" shall mean an implementation of the Specification that
neither derives from any of Sun's source code or binary code materials nor, except with an appropriate and separate license from
Sun, includes any of Sun's source code or binary code materials; "Licensor Name Space" shall mean the public class or interface
declarations whose names begin with "java", "javax", "com.sun" or their equivalents in any subsequent naming convention
adopted by Sun through the Java Community Process, or any recognized successors or replacements thereof; and "Technology
Compatibility Kit" or "TCK" shall mean the test suite and accompanying TCK User's Guide provided by Sun which corresponds
to the Specification and that was available either (i) from Sun's 120 days before the first release of Your Independent
Implementation that allows its use for commercial purposes, or (ii) more recently than 120 days from such release but against
which You elect to test Your implementation of the Specification.
This Agreement will terminate immediately without notice from Sun if you breach the Agreement or act outside the scope of the
licenses granted above.
DISCLAIMER OF WARRANTIES
THE SPECIFICATION IS PROVIDED "AS IS". SUN MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT (INCLUDING AS A CONSEQUENCE OF ANY PRACTICE OR IMPLEMENTATION OF
THE SPECIFICATION), OR THAT THE CONTENTS OF THE SPECIFICATION ARE SUITABLE FOR ANY PURPOSE. This
document does not represent any commitment to release or implement any portion of the Specification in any product. In
addition, the Specification could include technical inaccuracies or typographical errors.
LIMITATION OF LIABILITY
TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY
DAMAGES, INCLUDING WITHOUT LIMITATION, LOST REVENUE, PROFITS OR DATA, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
OF LIABILITY, ARISING OUT OF OR RELATED IN ANY WAY TO YOUR HAVING, IMPELEMENTING OR OTHERWISE
USING USING THE SPECIFICATION, EVEN IF SUN AND/OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. You will indemnify, hold harmless, and defend Sun and its licensors from any claims arising or resulting
from: (i) your use of the Specification; (ii) the use or distribution of your Java application, applet and/or implementation; and/or
(iii) any claims that later versions or releases of any Specification furnished to you are incompatible with the Specification
provided to you under this license.
RESTRICTED RIGHTS LEGEND
U.S. Government: If this Specification is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime
contractor or subcontractor (at any tier), then the Government's rights in the Software and accompanying documentation shall be
218
Appendix B: Third-Party Copyright Notices
only as set forth in this license; this is in accordance with 48 C.F.R. 227.7201 through 227.7202-4 (for Department of Defense (DoD)
acquisitions) and with 48 C.F.R. 2.101 and 12.212 (for non-DoD acquisitions).
REPORT
If you provide Sun with any comments or suggestions concerning the Specification ("Feedback"), you hereby: (i) agree that such
Feedback is provided on a non-proprietary and non-confidential basis, and (ii) grant Sun a perpetual, non-exclusive, worldwide,
fully paid-up, irrevocable license, with the right to sublicense through multiple levels of sublicensees, to incorporate, disclose,
and use without limitation the Feedback for any purpose.
GENERAL TERMS
Any action related to this Agreement will be governed by California law and controlling U.S. federal law. The U.N. Convention
for the International Sale of Goods and the choice of law rules of any jurisdiction will not apply.
The Specification is subject to U.S. export control laws and may be subject to export or import regulations in other countries.
Licensee agrees to comply strictly with all such laws and regulations and acknowledges that it has the responsibility to obtain
such licenses to export, re-export or import as may be required after delivery to Licensee.
This Agreement is the parties' entire agreement relating to its subject matter. It supersedes all prior or contemporaneous oral or
written communications, proposals, conditions, representations and warranties and prevails over any conflicting or additional
terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the
term of this Agreement. No modification to this Agreement will be binding, unless in writing and signed by an authorized
representative of each party.
Rev. April, 2006
PostgreSQL is released under the BSD license.
PostgreSQL Database Management System (formerly known as Postgres, then as Postgres95)
Portions Copyright (c) 1996-2008, The PostgreSQL Global Development Group
Portions Copyright (c) 1994, The Regents of the University of California
Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a
written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two
paragraphs appear in all copies.
IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS
SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE
PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
JDOM.jar Copyright (C) 2000-2004 Jason Hunter & Brett McLaughlin. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the disclaimer that
follows these conditions in the documentation and/or other materials provided with the distribution.
3. The name "JDOM" must not be used to endorse or promote products derived from this software without prior written
permission. For written permission, please contact request@jdom.org.
4. Products derived from this software may not be called "JDOM", nor may "JDOM" appear in their name, without prior written
permission from the JDOM Project Management request@jdom.org.
In addition, we request (but do not require) that you include in the end-user documentation provided with the redistribution
and/or in the software itself an acknowledgement equivalent to the following:
"This product includes software developed by the JDOM Project (http://www.jdom.org/)."
Alternatively, the acknowledgment may be graphical using the logos available at http://www.jdom.org/images/logos.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the JDOM Project and was originally
created by Jason Hunter jhunter@jdom.org and Brett McLaughlin brett@jdom.org>. For more information on the JDOM Project,
please see http://www.jdom.org.
JFreeChart
JFreeChart is a free (LGPL) chart library for the Java(tm) platform.
BPF
Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code
distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include
the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the
distribution, and (3) all advertising materials mentioning features or use of this software display the following
acknowledgement:
219
Director API Reference
This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its contributors.
Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from
this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
DES
Software DES functions written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from the 1977 public-domain program
by Jim Gillogly.
EXPAT
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Finjan Software
Copyright (c) 2003 Finjan Software, Inc. All rights reserved.
Flowerfire
Copyright (c) 1996-2002 Greg Ferrar
ISODE
ISODE 8.0 NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions of a license agreement.
Consult the Preface in the User's Manual for the full terms of this agreement.
4BSD/ISODE SMP NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions given in the file SMP-README.
UNIX is a registered trademark in the US and other countries, licensed exclusively through X/Open Company Ltd.
MD5
RSA Data Security, Inc. MD5 Message-Digest Algorithm
Copyright (c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.
THE BEER-WARE LICENSE" (Revision 42):
<phk@FreeBSD.org <mailto:phk@FreeBSD.org>> wrote this file. As long as you retain this notice you can do whatever you
want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning
Kamp
Microsoft Windows Media Streaming
Copyright (c) 2003 Microsoft Corporation. All rights reserved.
OpenLDAP
Copyright (c) 1999-2001 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy
and distribute verbatim copies of this document is granted.
http://www.openldap.org/software/release/license.html
The OpenLDAP Public License Version 2.7, 7 September 2001
Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain copyright statements and notices,
2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the
following disclaimer in the documentation and/or other materials provided with the distribution, and
3. Redistributions must contain a verbatim copy of this document.
The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You
may use this Software under terms of this license revision or under the terms of any subsequent revision of the license.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
220
Appendix B: Third-Party Copyright Notices
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other
dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain
with copyright holders.
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
OpenSSH
Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland. All rights reserved
This file is part of the OpenSSH software.
The licences which components of this software fall under are as follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.
OpenSSH contains no GPL code.
1) As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of
this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC
file, it must be called by a name other than "ssh" or "Secure Shell".
[Tatu continues]
However, I am not implying to give any licenses to any patents or copyrights held by third parties, and the software includes
parts that are not under my direct control. As far as I know, all included source code is used in accordance with the relevant
license agreements and can be used freely for any purpose (the GNU license being the most restrictive); see below for details.
[However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he
talks about have been removed from OpenSSH, i.e.,
- RSA is no longer included, found in the OpenSSL library
- IDEA is no longer included, its use is deprecated
- DES is now external, in the OpenSSL library
- GMP is no longer used, and instead we call BN code from OpenSSL
- Zlib is now external, in a library
- The make-ssh-known-hosts script is no longer included
- TSS has been removed
- MD5 is now external, in the OpenSSL library
- RC4 support has been replaced with ARC4 support from OpenSSL
- Blowfish is now external, in the OpenSSL library
[The licence continues]
Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any
major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/
crypto".
The legal status of this program is some combination of all these permissions and restrictions. Use only at your own
responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or
using this is legal or not in your country, and I am not taking any responsibility on your behalf.
NO
WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE
EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED
BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
2) The 32-bit CRC compensation attack detector in deattack.c was contributed by CORE SDI S.A. under a BSD-style license.
Cryptographic attack detector for ssh - source code
Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. All rights reserved. Redistribution and use in source and binary
forms, with or without modification, are permitted provided that this copyright notice is retained. THIS SOFTWARE IS
PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI
S.A. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES
RESULTING FROM THE USE OR MISUSE OF THIS SOFTWARE.
Ariel Futoransky <futo@core-sdi.com> <http://www.core-sdi.com>
3) ssh-keygen was contributed by David Mazieres under a BSD-style license.
Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. Modification and redistribution in source and binary forms is
permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact.
4) The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed
with the following license:
@version 3.0 (December 2000)
221
Director API Reference
Optimised ANSI C code for the Rijndael cipher (now AES)
@author Vincent Rijmen <vincent.rijmen@esat.kuleuven.ac.be>
@author Antoon Bosselaers <antoon.bosselaers@esat.kuleuven.ac.be>
@author Paulo Barreto <paulo.barreto@terra.com.br>
This code is hereby placed in the public domain.
THIS SOFTWARE IS PROVIDED BY THE AUTHORS ''AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHORS OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
5) One component of the ssh source code is under a 3-clause BSD license, held by the University of California, since we pulled
these parts from original Berkeley code.
Copyright (c) 1983, 1990, 1992, 1993, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
6) Remaining components of the software are provided under a standard 2-term BSD licence with the following names as
copyright holders:
Markus
Friedl
Theo de
Raadt
Niels
Provos
Dug Song
Aaron
Campbell
Damien
Miller
Kevin
Steves
Daniel
Kouril
Wesley
Griffin
Per
Allansson
Nils
Nordman
Simon
Wilkinson
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
THIS SOFTWARE IS PROVIDED BY THE AUTHOR ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR ANY DIRECT, INDIRECT,
INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
222
Appendix B: Third-Party Copyright Notices
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OpenSSL
Copyright (c) 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
http://www.openssl.org/about/
http://www.openssl.org/about/
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young <mailto:eay@cryptsoft.com> and Tim J. Hudson
<mailto:tjh@cryptsoft.com>.
The OpenSSL toolkit is licensed under a Apache-style license which basically means that you are free to get and use it for
commercial and non-commercial purposes.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to
conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following
conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL
documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson
(tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in
a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a
textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This
product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if
the routines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include
an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code
cannot simply be copied and put under another distribution license [including the GNU Public License.]
Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior
written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software
developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software
written by Tim Hudson (tjh@cryptsoft.com).
PCRE
Copyright (c) 1997-2001 University of Cambridge
University of Cambridge Computing Service, Cambridge, England. Phone: +44 1223 334714.
Written by: Philip Hazel <ph10@cam.ac.uk>
Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely,
subject to the following restrictions:
223
Director API Reference
1. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2. Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel,
and copyright by the University of Cambridge, England.
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
PHAOS SSLava and SSLavaThin
Copyright (c) 1996-2003 Phaos Technology Corporation. All Rights Reserved.
The software contains commercially valuable proprietary products of Phaos which have been secretly developed by Phaos, the
design and development of which have involved expenditure of substantial amounts of money and the use of skilled
development experts over substantial periods of time. The software and any portions or copies thereof shall at all times remain
the property of Phaos.
PHAOS MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE SOFTWARE, OR ITS
USE AND OPERATION ALONE OR IN COMBINATION WITH ANY OTHER SOFTWARE.
PHAOS SHALL NOT BE LIABLE TO THE OTHER OR ANY OTHER PERSON CLAIMING DAMAGES AS A RESULT OF THE
USE OF ANY PRODUCT OR SOFTWARE FOR ANY DAMAGES WHATSOEVER. IN NO EVENT WILL PHAOS BE LIABLE
FOR SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBLITY OF SUCH
DAMAGES.
RealSystem
The RealNetworks® RealProxy™ Server is included under license from RealNetworks, Inc. Copyright 1996-1999, RealNetworks,
Inc. All rights reserved.
SNMP
Copyright (C) 1992-2001 by SNMP Research, Incorporated.
This software is furnished under a license and may be used and copied only in accordance with the terms of such license and
with the inclusion of the above copyright notice. This software or any other copies thereof may not be provided or otherwise
made available to any other person. No title to and ownership of the software is hereby transferred. The information in this
software is subject to change without notice and should not be construed as a commitment by SNMP Research, Incorporated.
Restricted Rights Legend:
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013; subparagraphs (c)(4) and (d) of the Commercial
Computer Software-Restricted Rights Clause, FAR 52.227-19; and in similar clauses in the NASA FAR Supplement and other
corresponding governmental regulations.
PROPRIETARY NOTICE
This software is an unpublished work subject to a confidentiality agreement and is protected by copyright and trade secret law.
Unauthorized copying, redistribution or other use of this work is prohibited. The above notice of copyright on this source code
product does not indicate any actual or intended publication of such source code.
STLport
Copyright (c) 1999, 2000 Boris Fomitchev
This material is provided "as is", with absolutely no warranty expressed or implied. Any use is at your own risk.
Permission to use or copy this software for any purpose is hereby granted without fee, provided the above notices are retained
on all copies. Permission to modify the code and to distribute modified code is granted, provided the above notices are retained,
and a notice that the code was modified is included with the above copyright notice.
The code has been modified.
Copyright (c) 1994 Hewlett-Packard Company
Copyright (c) 1996-1999 Silicon Graphics Computer Systems, Inc.
Copyright (c) 1997 Moscow Center for SPARC Technology
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Hewlett-Packard Company makes no representations about the suitability of this
software for any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Silicon Graphics makes no representations about the suitability of this software for
any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Moscow Center for SPARC Technology makes no representations about the
suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
SmartFilter
Copyright (c) 2003 Secure Computing Corporation. All rights reserved.
SurfControl
Copyright (c) 2003 SurfControl, Inc. All rights reserved.
Symantec AntiVirus Scan Engine
Copyright (c) 2003 Symantec Corporation. All rights reserved.
TCPIP
Some of the files in this project were derived from the 4.X BSD (Berkeley Software Distribution) source.
Their copyright header follows:
224
Appendix B: Third-Party Copyright Notices
Copyright (c) 1982, 1986, 1988, 1990, 1993, 1994, 1995
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement:
This product includes software developed by the University of California, Berkeley and its contributors.
4. Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
Trend Micro
Copyright (c) 1989-2003 Trend Micro, Inc. All rights reserved.
unixsocket
-------------Apache License
Version 2.0, January 2004
http://www.apache.org/licenses/
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this
document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction
or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code,
documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not
limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by
a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for
which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of
authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely
link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright
owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives,
including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a
Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by
Licensor and
subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative
Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object
form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make,
have made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims
225
Director API Reference
licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or
without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of he Derivative
Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain
to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distribute as part of the
Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display
generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file
are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative
Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional
attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and
conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided
Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in
the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement
you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of
the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the
content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under
this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as
a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not
on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional
liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License.
226
Appendix B: Third-Party Copyright Notices
zlib
Copyright (c) 2003 by the Open Source Initiative
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any
damages arising from the use of this software.
ICU License - ICU 1.8.1 and later COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1995-2003 International Business
Machines Corporation and others All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice
appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting
documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS
INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL
DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH
THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall
not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written
authorization of the copyright holder
PHP COPYRIGHTSThe PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. The name "PHP" must not be used to endorse or promote products derived from this software without prior written
permission. For written permission, please contact group@php.net.
4. Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written
permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP"
instead of calling it "PHP Foo" or "phpfoo"
5. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a
distinguishing version number.
Once covered code has been published under a particular version of the license, you may always continue to use it under the
terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license
published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code
created under this License.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes PHP software, freely available from
<http://www.php.net/software/>".
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------------------------------------------This software consists of voluntary contributions made by many individuals on behalf of the PHP Group.
The PHP Group can be contacted via Email at group@php.net.
For more information on the PHP Group and the PHP project, please see <http://www.php.net>.
ZEND COPYRIGHTS
The Zend Engine License, version 2.00 Copyright (c) 1999-2002 Zend Technologies Ltd. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. The names "Zend" and "Zend Engine" must not be used to endorse or promote products derived from this software without
prior permission from Zend Technologies Ltd. For written permission, please contact license@zend.com.
4. Zend Technologies Ltd. may publish revised and/or new versions of the license from time to time. Each version will be given
a distinguishing version number. Once covered code has been published under a particular version of the license, you may
always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any
subsequent version of the license published by Zend Technologies Ltd. No one other than Zend Technologies Ltd. has the right to
modify the terms applicable to covered code created under this License.
5. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes the Zend Engine, freely available at
http://www.zend.com"
6. All advertising materials mentioning features or use of this software must display the following acknowledgment:
227
Director API Reference
"The Zend Engine is freely available at http://www.zend.com"
THIS SOFTWARE IS PROVIDED BY ZEND TECHNOLOGIES LTD. ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL ZEND TECHNOLOGIES LTD. BE LIABLE FOR
ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
TSRM COPYRIGHTSTSRM (Thread Safe Resource Manager) license. Copyright (c) 1999, 2000, Andi Gutmans, Sascha
Schumann, Zeev Suraski.
All rights reserved. Redistribution and use in source and binary forms, with or without modification, are permitted provided
that the following conditions are met:
Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
Neither name of the copyright holders nor the names of their contributors may be used to endorse or promote products derived
from this software without specific prior written permission.
THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS ``AS IS'' AND ANY EXPRESS OR
IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDERS OR
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
REGEX COPYRIGHTS
Regex. Copyright 1992, 1993, 1994 Henry Spencer. All rights reserved.
This software is not subject to any license of the American Telephone and Telegraph Company or of the Regents of the University
of California.
Permission is granted to anyone to use this software for any purpose on any computer system, and to alter it and redistribute it,
subject to the following restrictions:
1. The author is not responsible for the consequences of use of this software, no matter how awful, even if they arise from flaws in
it.
2. The origin of this software must not be misrepresented, either by explicit claim or by omission. Since few users ever read
sources, credits must appear in the documentation.
3. Altered versions must be plainly marked as such, and must not be misrepresented as being the original software. Since few
users ever read sources, credits must appear in the documentation.
4. This notice may not be removed or altered.
libgd COPYRIGHTS
libgd
Portions copyright 1994, 1995, 1996, 1997, 1998, 1999, 2000, 2001 by Cold Spring Harbor Laboratory. Funded under Grant P41RR02188 by the National Institutes of Health.
Portions copyright 1996, 1997, 1998, 1999, 2000, 2001 by Boutell.Com, Inc.
Portions relating to GD2 format copyright 1999, 2000 Philip Warner.
Portions relating to PNG copyright 1999, 2000 Greg Roelofs.
Portions relating to libttf copyright 1999, 2000 John Ellson (ellson@lucent.com).
Portions relating to JPEG and to color quantization copyright 2000, Doug Becker and copyright (C) 1994-1998, Thomas G. Lane.
This software is based in part on the work of the Independent JPEG Group. See the file README-JPEG.TXT for more
information.
Portions relating to WBMP copyright 2000 Maurice Szmurlo and Johan Van den Brande.
Permission has been granted to copy, distribute and modify gd in any context without fee, including a commercial application,
provided that this notice is present in user-accessible supporting documentation._
This does not affect your ownership of the derived work itself, and the intent is to assure proper credit for the authors of gd, not
to interfere with your productive use of gd. If you have questions, ask. "Derived works" includes all programs that utilize the
library. Credit must be given in user-accessible documentation.
This software is provided "AS IS."_ The copyright holders disclaim all warranties, either express or implied, including but not
limited to implied warranties of merchantability and fitness for a particular purpose, with respect to this code and accompanying
documentation.
Although their code does not appear in gd 2.0.1, the authors wish to thank David Koblas, David Rowley, and Hutchison Avenue
Software Corporation for their prior contributions.
mail.jar
Sun Microsystems, Inc. ("Sun") ENTITLEMENT for SOFTWARE
Permitted Uses:
1. You may reproduce and use the Software for Individual, Commercial, or Research and Instructional Use for the purposes of
designing, developing, testing, and running Your applets and application("Programs").
2. Subject to the terms and conditions of this Agreement and restrictions and exceptions set forth in the Software's
documentation, You may reproduce and distribute portions of Software identified as a redistributable in the documentation
("Redistributable"), provided that:
228
Appendix B: Third-Party Copyright Notices
(a) you distribute Redistributable complete and unmodified and only bundled as part of Your Programs,
(b) your Programs add significant and primary functionality to the Redistributable,
(c) you distribute Redistributable for the sole purpose of running your Programs,
(d) you do not distribute additional software intended to replace any component(s) of the Redistributable,
(e) you do not remove or alter any proprietary legends or notices contained in or on the Redistributable.
(f) you only distribute the Redistributable subject to a license agreement that protects Sun's interests consistent with the terms
contained in this Agreement, and
(g) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts
and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that
arises or results from the use or distribution of any and all Programs and/or Redistributable.
3. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create,
modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or
similar convention as specified by Sun in any naming convention designation.
B. Sun Microsystems, Inc. ("Sun")
SOFTWARE LICENSE AGREEMENT
READ THE TERMS OF THIS AGREEMENT ("AGREEMENT") CAREFULLY BEFORE OPENING SOFTWARE MEDIA
PACKAGE. BY OPENING SOFTWARE MEDIA PACKAGE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU
ARE ACCESSING SOFTWARE ELECTRONICALLY, INDICATE YOUR ACCEPTANCE OF THESE TERMS BY SELECTING
THE "ACCEPT" BUTTON AT THE END OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS,
PROMPTLY RETURN THE UNUSED SOFTWARE TO YOUR PLACE OF PURCHASE FOR A REFUND OR, IF SOFTWARE IS
ACCESSED ELECTRONICALLY, SELECT THE "DECLINE" (OR "EXIT") BUTTON AT THE END OF THIS AGREEMENT. IF
YOU HAVE SEPARATELY AGREED TO LICENSE TERMS ("MASTER TERMS") FOR YOUR LICENSE TO THIS SOFTWARE,
THEN SECTIONS 1-5 OF THIS AGREEMENT "SUPPLEMENTAL LICENSE TERMS") SHALL SUPPLEMENT AND
SUPERSEDE THE MASTER TERMS IN RELATION TO THIS SOFTWARE.
1. Definitions.
(a) "Entitlement" means the collective set of applicable documents authorized by Sun evidencing your obligation to pay
associated fees (if any) for the license, associated Services, and the authorized scope of use of Software under this Agreement.
(b) "Licensed Unit" means the unit of measure by which your use of Software and/or Service is licensed, as described in your
Entitlement.
(c) "Permitted Use" means the licensed Software use(s) authorized in this Agreement as specified in your Entitlement. The
Permitted Use for any bundled Sun software not specified in your Entitlement will be evaluation use as provided in Section 3.
(d) "Service" means the service(s) that Sun or its delegate will provide, if any, as selected in your Entitlement and as further
described in the applicable service listings at www.sun.com/service/servicelist.
(e) "Software" means the Sun software described in your Entitlement. Also, certain software may be included for evaluation use
under Section 3.
(f) "You" and "Your" means the individual or legal entity specified in the Entitlement, or for evaluation purposes, the entity
performing the evaluation.
2. License Grant and Entitlement.
Subject to the terms of your Entitlement, Sun grants you a nonexclusive, nontransferable limited license to use Software for its
Permitted Use for the license term. Your Entitlement will specify (a) Software licensed, (b) the Permitted Use, (c) the license term,
and (d) the Licensed Units.
Additionally, if your Entitlement includes Services,then it will also specify the (e) Service and (f) service term.
If your rights to Software or Services are limited in duration and the date such rights begin is other than the purchase date, your
Entitlement will provide that beginning date(s).
The Entitlement may be delivered to you in various ways depending on the manner in which you obtain Software and Services,
for example, the Entitlement may be provided in your receipt, invoice or your contract with Sun or authorized Sun reseller. It
may also be in electronic format if you download Software.
3. Permitted Use.
As selected in your Entitlement, one or more of the following Permitted Uses will apply to your use of Software. Unless you have
an Entitlement that expressly permits it, you may not use Software for any of the other Permitted Uses. If you don't have an
Entitlement, or if your Entitlement doesn't cover additional software delivered to you, then such software is for your Evaluation
Use.
(a) Evaluation Use. You may evaluate Software internally for a period of 90 days from your first use.
(b) Research and Instructional Use. You may use Software internally to design, develop and test, and also to provide instruction
on such uses.
(c) Individual Use. You may use Software internally for personal, individual use.
(d) Commercial Use. You may use Software internally for your own commercial purposes.
(e) Service Provider Use. You may make Software functionality accessible (but not by providing Software itself or through
outsourcing services) to
your end users in an extranet deployment, but not to your affiliated companies or to government agencies.
4. Licensed Units.
Your Permitted Use is limited to the number of Licensed Units stated in your Entitlement. If you require additional Licensed
Units, you will need additional Entitlement(s).
5. Restrictions.
(a) The copies of Software provided to you under this Agreement are licensed, not sold, to you by Sun. Sun reserves all rights not
expressly granted. (b) You may make a single archival copy of Software, but otherwise may not copy, modify, or distribute
Software. However if the Sun documentation accompanying Software lists specific portions of Software, such as header files,
class libraries, reference source code, and/or redistributable files, that may be handled differently, you may do so only as
229
Director API Reference
provided in the Sun documentation. (c) You may not rent, lease, lend or encumber Software. (d) Unless enforcement is prohibited
by applicable law, you may not decompile, or reverse engineer Software. (e) The terms and conditions of this Agreement will
apply to any Software updates, provided to you at Sun's discretion, that replace and/or supplement the original Software, unless
such update contains a separate license. (f) You may not publish or provide the results of any benchmark or comparison tests run
on Software to any third party without the prior written consent of Sun. (g) Software is confidential and copyrighted. (h) Unless
otherwise specified, if Software is delivered with embedded or bundled software that enables functionality of Software, you may
not use such software on a stand-alone basis or use any portion of such software to interoperate with any program(s) other than
Software. (i) Software may contain programs that perform automated collection of system data and/or automated software
updating services. System data collected through such programs may be used by Sun, its subcontractors, and its service delivery
partners for the purpose of providing you with remote system services and/or improving Sun's software and systems. (j)
Software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear
facility and Sun and its licensors disclaim any express or implied warranty of fitness for such uses. (k) No right, title or interest in
or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement.
6. Term and Termination.
The license and service term are set forth in your Entitlement(s). Your rights under this Agreement will terminate immediately
without notice from Sun if you materially breach it or take any action in derogation of Sun's and/or its licensors' rights to
Software. Sun may terminate this Agreement should any Software become, or in Sun's reasonable opinion likely to become, the
subject of a claim of intellectual property infringement or trade secret misappropriation. Upon termination, you will cease use of,
and destroy, Software and confirm compliance in writing to Sun. Sections 1, 5, 6, 7, and 9-15 will survive termination of the
Agreement.
7. Java Compatibility and Open Source.
Software may contain Java technology. You may not create additional classes to, or modifications of, the Java technology, except
under compatibility requirements available under a separate agreement available at www.java.net.
Sun supports and benefits from the global community of open source developers, and thanks the community for its important
contributions and open standards-based technology, which Sun has adopted into many of its products.
Please note that portions of Software may be provided with notices and open source licenses from such communities and third
parties that govern the use of those portions, and any licenses granted hereunder do not alter any rights and obligations you may
have under such open source licenses, however, the disclaimer of warranty and limitation of liability provisions in this
Agreement will apply to all Software in this distribution.
8. Limited Warranty.
Sun warrants to you that for a period of 90 days from the date of purchase, as evidenced by a copy of the receipt, the media on
which Software is furnished (if any) will be free of defects in materials and workmanship under normal use. Except for the
foregoing, Software is provided "AS IS". Your exclusive remedy and Sun's entire liability under this limited warranty will be at
Sun's option to replace Software media or refund the fee paid for Software. Some states do not allow limitations on certain
implied warranties, so the above may not apply to you. This limited warranty gives you specific legal rights. You may have
others, which vary from state to state.
9. Disclaimer of Warranty.
UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE
HELD TO BE LEGALLY INVALID.
10. Limitation of Liability.
TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES,
HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR
INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no
event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid by you for
Software under this Agreement. The foregoing limitations will apply even if the above stated warranty fails of its essential
purpose. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be
applicable to you.
11. Export Regulations.
All Software, documents, technical data, and any other materials delivered under this Agreement are subject to U.S. export
control laws and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws
and regulations and acknowledge that you have the responsibility to obtain any licenses to export, re-export, or import as may be
required after delivery to you.
12. U.S. Government Restricted Rights.
If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor
(at any tier), then the Government's rights in Software and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of Defense (DOD) acquisitions) and
with 48 CFR 2.101 and 12.212 (for non-DOD acquisitions).
13. Governing Law.
Any action related to this Agreement will be governed by California law and controlling U.S. federal law. No choice of law rules
of any jurisdiction will apply.
14. Severability.
If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted,
unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate.
15. Integration.
This Agreement, including any terms contained in your Entitlement, is the entire agreement between you and Sun relating to its
subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and
warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication
between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be
binding, unless in writing and signed by an authorized representative of each party.
230
Appendix B: Third-Party Copyright Notices
iText
MOZILLA PUBLIC LICENSE Version 1.1
1. Definitions.
1.0.1. "Commercial Use" means distribution or otherwise making the Covered Code available to a third party.
1.1. "Contributor" means each entity that creates or contributes to the creation of Modifications.
1.2. "Contributor Version" means the combination of the Original Code, prior Modifications used by a Contributor, and the
Modifications made by that particular Contributor.
1.3. "Covered Code" means the Original Code or Modifications or the combination of the Original Code and Modifications, in
each case including portions thereof.
1.4. "Electronic Distribution Mechanism" means a mechanism generally accepted in the software development community for
the electronic transfer of data.
1.5. "Executable" means Covered Code in any form other than Source Code.
1.6. "Initial Developer" means the individual or entity identified as the Initial Developer in the Source Code notice required by
Exhibit A.
1.7. "Larger Work" means a work which combines Covered Code or portions thereof with code not governed by the terms of this
License.
1.8. "License" means this document.
1.8.1. "Licensable" means having the right to grant, to the maximum extent possible, whether at the time of the initial grant or
subsequently acquired, any and all of the rights conveyed herein.
1.9. "Modifications" means any addition to or deletion from the substance or structure of either the Original Code or any previous
Modifications. When Covered Code is released as a series of files, a Modification is:
A. Any addition to or deletion from the contents of a file containing Original Code or previous Modifications.
B. Any new file that contains any part of the Original Code or previous Modifications.
1.10. "Original Code" means Source Code of computer software code which is described in the Source Code notice required by
Exhibit A as Original Code, and which, at the time of its release under this License is not already Covered Code governed by this
License.
1.10.1. "Patent Claims" means any patent claim(s), now owned or hereafter acquired, including without limitation, method,
process, and apparatus claims, in any patent Licensable by grantor.
1.11. "Source Code" means the preferred form of the Covered Code for making modifications to it, including all modules it
contains, plus any associated interface definition files, scripts used to control compilation and installation of an Executable, or
source code differential comparisons against either the Original Code or another well known, available Covered Code of the
Contributor's choice. The Source Code can be in a compressed or archival form, provided the appropriate decompression or dearchiving software is widely available for no charge.
1.12. "You" (or "Your") means an individual or a legal entity exercising rights under, and complying with all of the terms of, this
License or a future version of this License issued under Section 6.1.
For legal entities, "You" includes any entity which controls, is controlled by, or is under common control with You. For purposes
of this definition, "control" means (a) the power, direct or indirect, to cause the direction or management of such entity, whether
by contract or otherwise, or (b) ownership of more than fifty percent (50%) of the outstanding shares or beneficial ownership of
such entity.
2. Source Code License.
2.1. The Initial Developer Grant. The Initial Developer hereby grants You a world-wide, royalty-free, non-exclusive license,
subject to third party intellectual property claims:
(a) under intellectual property rights (other than patent or trademark) Licensable by Initial Developer to use, reproduce, modify,
display, perform, sublicense and distribute the Original Code (or portions thereof) with or without Modifications, and/or as part
of a Larger Work; and
(b) under Patents Claims infringed by the making, using or selling of Original Code, to make, have made, use, practice, sell, and
offer for sale, and/or therwise dispose of the Original Code (or portions thereof).
(c) the licenses granted in this Section 2.1(a) and (b) are effective on the date Initial Developer first distributes Original Code
under the terms of this License.
(d) Notwithstanding Section 2.1(b) above, no patent license is granted: 1) for code that You delete from the Original Code; 2)
separate from the Original Code; or 3) for infringements caused by: i) the modification of the Original Code or ii) the
combination of the Original Code with other software or devices.
2.2. Contributor Grant.
Subject to third party intellectual property claims, each Contributor hereby grants You a world-wide, royalty-free, non-exclusive
license
(a) under intellectual property rights (other than patent or trademark) Licensable by Contributor, to use, reproduce, modify,
display, perform, sublicense and distribute the Modifications created by such Contributor (or portions thereof) either on an
unmodified basis, with other Modifications, as Covered Code and/or as part of a Larger Work; and
(b) under Patent Claims infringed by the making, using, or selling of Modifications made by that Contributor either alone and/
or in combination with its Contributor Version (or portions of such combination), to make, use, sell, offer for sale, have made,
and/or otherwise dispose of: 1) Modifications made by that Contributor (or portions thereof); and 2) the combination of
Modifications made by that Contributor with its Contributor Version (or portions of such combination).
(c) the licenses granted in Sections 2.2(a) and 2.2(b) are effective on the date Contributor first makes Commercial Use of the
Covered Code.
(d) Notwithstanding Section 2.2(b) above, no patent license is granted: 1) for any code that Contributor has deleted from the
Contributor Version; 2) separate from the Contributor Version; 3) for infringements caused by: i) third party modifications of
Contributor Version or ii) the combination of Modifications made by that Contributor with other software (except as part of the
Contributor Version) or other devices; or 4) under Patent Claims infringed by Covered Code in the absence of Modifications
made by that Contributor.
231
Director API Reference
3. Distribution Obligations.
3.1. Application of License.
The Modifications which You create or to which You contribute are governed by the terms of this License, including without
limitation Section 2.2. The Source Code version of Covered Code may be distributed only under the terms of this License or a
future version of this License released under Section 6.1, and You must include a copy of this License with every copy of the
Source Code You distribute. You may not offer or impose any terms on any Source Code version that alters or restricts the
applicable version of this License or the recipients' rights hereunder. However, You may include an additional document offering
the additional rights described in Section 3.5.
3.2. Availability of Source Code.
Any Modification which You create or to which You contribute must be made available in Source Code form under the terms of
this License either on the same media as an Executable version or via an accepted Electronic Distribution Mechanism to anyone
to whom you made an Executable version available; and if made available via Electronic Distribution Mechanism, must remain
available for at least twelve (12) months after the date it initially became available, or at least six (6) months after a subsequent
version of that particular Modification has been made available to such recipients. You are responsible for ensuring that the
Source Code version remains available even if the Electronic Distribution Mechanism is maintained by a third party.
3.3. Description of Modifications.
You must cause all Covered Code to which You contribute to contain a file documenting the changes You made to create that
Covered Code and the date of any change. You must include a prominent statement that the Modification is derived, directly or
indirectly, from Original Code provided by the Initial Developer and including the name of the Initial Developer in (a) the Source
Code, and (b) in any notice in an Executable version or related documentation in which You describe the origin or ownership of
the Covered Code.
3.4. Intellectual Property Matters
(a) Third Party Claims.
If Contributor has knowledge that a license under a third party's intellectual property rights is required to exercise the rights
granted by such Contributor under Sections 2.1 or 2.2, Contributor must include a text file with the Source Code distribution
titled "LEGAL" which describes the claim and the party making the claim in sufficient detail that a recipient will know whom to
contact. If Contributor obtains such knowledge after the Modification is made available as described in Section 3.2, Contributor
shall promptly modify the LEGAL file in all copies Contributor makes available thereafter and shall take other steps (such as
notifying appropriate mailing lists or newsgroups) reasonably calculated to inform those who received the Covered Code that
new knowledge has been obtained.
(b) Contributor APIs.
If Contributor's Modifications include an application programming interface and Contributor has knowledge of patent licenses
which are reasonably necessary to implement that API, Contributor must also include this information in the LEGAL file.
(c)
Representations.
Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's
Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this
License.
3.5. Required Notices.
You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular
Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user
would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to
the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You
describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for,
warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only
on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any
such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial
Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty,
support, indemnity or liability terms You offer.
3.6. Distribution of Executable Versions.
You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered
Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this
License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be
conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe
recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights
under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with
the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in
the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license
You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial
Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability
incurred by the Initial Developer or such Contributor as a result of any such terms You offer.
3.7. Larger Works.
You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and
distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled
for the Covered Code.
4. Inability to Comply Due to Statute or Regulation.
If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to
statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible;
and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in
Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or
regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it.
5. Application of this License.
This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code.
232
Appendix B: Third-Party Copyright Notices
6. Versions of the License.
6.1. New Versions.
Netscape Communications Corporation ("Netscape") may publish revised and/or new versions of the License from time to time.
Each version will be given a distinguishing version number.
6.2. Effect of New Versions.
Once Covered Code has been published under a particular version of the License, You may always continue to use it under the
terms of that version. You may also choose to use such Covered Code under the terms of any subsequent version of the License
published by Netscape. No one other than Netscape has the right to modify the terms applicable to Covered Code created under
this License.
6.3. Derivative Works.
If You create or use a modified version of this License (which you may only do in order to apply it to code which is not already
Covered Code governed by this License), You must (a) rename Your license so that the phrases "Mozilla", "MOZILLAPL",
"MOZPL", "Netscape", "MPL", "NPL" or any confusingly similar phrase do not appear in your license (except to note that your
license differs from this License) and (b) otherwise make it clear that Your version of the license contains terms which differ from
the Mozilla Public License and Netscape Public License. (Filling in the name of the Initial Developer, Original Code or
Contributor in the notice described in Exhibit A shall not of themselves be deemed to be modifications of this License.)
7. DISCLAIMER OF WARRANTY.
COVERED CODE IS PROVIDED UNDER THIS LICENSE ON AN "AS IS" BASIS, WITHOUT WARRANTY OF ANY KIND,
EITHER EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, WARRANTIES THAT THE COVERED CODE IS
FREE OF DEFECTS, MERCHANTABLE, FIT FOR A PARTICULAR PURPOSE OR NON-INFRINGING. THE ENTIRE RISK AS
TO THE QUALITY AND PERFORMANCE OF THE COVERED CODE IS WITH YOU. SHOULD ANY COVERED CODE
PROVE DEFECTIVE IN ANY RESPECT, YOU (NOT THE INITIAL DEVELOPER OR ANY OTHER CONTRIBUTOR) ASSUME
THE COST OF ANY NECESSARY SERVICING, REPAIR OR CORRECTION. THIS DISCLAIMER OF WARRANTY
CONSTITUTES AN ESSENTIAL PART OF THIS LICENSE. NO USE OF ANY COVERED CODE IS AUTHORIZED
HEREUNDER EXCEPT UNDER THIS DISCLAIMER.
8. TERMINATION.
8.1. This License and the rights granted hereunder will terminate automatically if You fail to comply with terms herein and fail to
cure such breach within 30 days of becoming aware of the breach. All sublicenses to the Covered Code which are properly
granted shall survive any termination of this License. Provisions which, by their nature, must remain in effect beyond the
termination of this License shall survive.
8.2. If You initiate litigation by asserting a patent infringement claim (excluding declatory judgment actions) against Initial
Developer or a Contributor (the Initial Developer or Contributor against whom You file such action is referred to as "Participant")
alleging that:
(a) such Participant's Contributor Version directly or indirectly infringes any patent, then any and all rights granted by such
Participant to You under Sections 2.1 and/or 2.2 of this License shall, upon 60 days notice from Participant terminate
prospectively, unless if within 60 days after receipt of notice You either: (i) agree in writing to pay Participant a mutually
agreeable reasonable royalty for Your past and future use of Modifications made by such Participant, or (ii) withdraw Your
litigation claim with respect to the Contributor Version against such Participant. If within 60 days of notice, a reasonable royalty
and payment arrangement are not mutually agreed upon in writing by the parties or the litigation claim is not withdrawn, the
rights granted by Participant to You under Sections 2.1 and/or 2.2 automatically terminate at the expiration of the 60 day notice
period specified above.
(b) any software, hardware, or device, other than such Participant's Contributor Version, directly or indirectly infringes any
patent, then any rights granted to You by such Participant under Sections 2.1(b) and 2.2(b) are revoked effective as of the date
You first made, used, sold, distributed, or had made, Modifications made by that Participant.
8.3. If You assert a patent infringement claim against Participant alleging that such Participant's Contributor Version directly or
indirectly infringes any patent where such claim is resolved (such as by license or settlement) prior to the initiation of patent
infringement litigation, then the reasonable value of the licenses granted by such Participant under Sections 2.1 or 2.2 shall be
taken into account in determining the amount or value of any payment or license.
8.4. In the event of termination under Sections 8.1 or 8.2 above, all end user license agreements (excluding distributors and
resellers) which have been validly granted by You or any distributor hereunder prior to termination shall survive termination.
9. LIMITATION OF LIABILITY.
UNDER NO CIRCUMSTANCES AND UNDER NO LEGAL THEORY, WHETHER TORT (INCLUDING NEGLIGENCE),
CONTRACT, OR OTHERWISE, SHALL YOU, THE INITIAL DEVELOPER, ANY OTHER CONTRIBUTOR, OR ANY
DISTRIBUTOR OF COVERED CODE, OR ANY SUPPLIER OF ANY OF SUCH PARTIES, BE LIABLE TO ANY PERSON FOR
ANY INDIRECT, SPECIAL, INCIDENTAL, OR CONSEQUENTIAL DAMAGES OF ANY CHARACTER INCLUDING,
WITHOUT LIMITATION, DAMAGES FOR LOSS OF GOODWILL, WORK STOPPAGE, COMPUTER FAILURE OR
MALFUNCTION, OR ANY AND ALL OTHER COMMERCIAL DAMAGES OR LOSSES, EVEN IF SUCH PARTY SHALL HAVE
BEEN INFORMED OF THE POSSIBILITY OF SUCH DAMAGES. THIS LIMITATION OF LIABILITY SHALL NOT APPLY TO
LIABILITY FOR DEATH OR PERSONAL INJURY RESULTING FROM SUCH PARTY'S NEGLIGENCE TO THE EXTENT
APPLICABLE LAW PROHIBITS SUCH LIMITATION. SOME JURISDICTIONS DO NOT ALLOW THE EXCLUSION OR
LIMITATION OF INCIDENTAL OR CONSEQUENTIAL DAMAGES, SO THIS EXCLUSION AND LIMITATION MAY NOT
APPLY TO YOU.
10. U.S. GOVERNMENT END USERS.
The Covered Code is a "commercial item," as that term is defined in 48 C.F.R. 2.101 (Oct. 1995), consisting of "commercial
computer software" and "commercial computer software documentation," as such terms are used in 48 C.F.R. 12.212 (Sept. 1995).
Consistent with 48 C.F.R. 12.212 and 48 C.F.R. 227.7202-1 through 227.7202-4 (June 1995), all U.S. Government End Users acquire
Covered Code with only those rights set forth herein.
11. MISCELLANEOUS.
This License represents the complete agreement concerning subject matter hereof. If any provision of this License is held to be
unenforceable, such provision shall be reformed only to the extent necessary to make it enforceable. This License shall be
governed by California law provisions (except to the extent applicable law, if any, provides otherwise), excluding its conflict-oflaw provisions. With respect to disputes in which at least one party is a citizen of, or an entity chartered or registered to do
business in the United States of America, any litigation relating to this License shall be subject to the jurisdiction of the Federal
233
Director API Reference
Courts of the Northern District of California, with venue lying in Santa Clara County, California, with the losing party
responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of
the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation
which provides that the language of a contract shall be construed against the drafter shall not apply to this License.
12. RESPONSIBILITY FOR CLAIMS.
As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or
indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to
distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of
liability.
13. MULTIPLE-LICENSED CODE.
Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial
Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any,
specified by the Initial Developer in the file described in Exhibit A.
234