What are some helpful command-line commands for Director?


Article ID: 167141


Updated On:




What are some helpful commands to access the Command Line Interface ( CLI) while using SSH?  The following article is based on SGME, different versions of SGME may vary from this list.


NOTE: This article is only meant to be used as a summary of the available commands, and used only by advanced administrators of Director.  All commands come with an available question mark ( ?) at the end that will prompt you for the right syntax. LInks to more detailed information are at the bottom of this article.

1: Getting access to the command line interface- CLI:
  • Open a SSH session to to the Director box..
  • Showing the version, the serial number, and hostname of your Director.:
    • director > show version
    • director > show status
    • director > show hosts
  • Enter the enable mode by following the steps.
    • director > enable
    • Password:
    • director #
  • Enter the configuration mode by following these steps.
    • director # config t
    • director (config) #
  • TIP: If you do not see this prompt, see KB4829
  • Network-related configuration and troubleshooting 
    • director # sh interfaces
    • director # sh interfaces lo  ( for the loopback port)
    • director (config) # no interface lo shutdown  ( to enable the loopback port if it is shut down)
    • director (config) # ip name-server ip_address ( Add a DNS server )
    • director (config) # ip host  ip_address  ( adds a static mapping between the supplied hostname and the address.)
    • director (config) # ip default-gateway ip_address ( Set the default gateway )
    • director (config) # hostname host_name ( changes the hostname of Director.)
    • director (config) # shell ( to access the underlying OS)
    • sh-3.2# service network restart  (restarts all ethernet ports and their configuration - often used to restart the loop back port- an essential for Director operations)
    • sh-3.2# ifconfig -a  ( shows information regarding all interfaces on the device - need to activate the linux shell here)
    • sh-3.2#exit (return to the Director CLI)
  • User credential-related commands 
    • director (config) # show usernames  ( will only show the local user database).
    • director (config) # show privilege  ( shows what privileges your logged-in user has)
    • director (config) # username <username> disable ( to disable a username from logging in)
    • director (config) # username  <new username>   ( to add a username)
    • director (config) # no session  <username> ( to terminate a user session.)
    • TIP: See the section on procuring a status of your Director dameons for a way to reset the postgress database.
  • Radius commands:
    • director # show radius
    • director (config) # radius-server host ip_address key <shared_secret> (Specify the shared secret (key) to be used between the Director and the RADIUS server.)
    • director (config ) # radius-server ip_address retransmit 1 (Set the number of retransmission attempts to the RADIUS server)
    • director (config ) # no ssh server auth permitemptypassword (prevent Director from sending a null password to RADIUS before sending the actual password.)
    • director (config ) # write memory (save your configuration)
  • TACACS+ commands.
    • director (config) # tacacs-server host hostname_or_device_id key password
    • director (config) #tacacs-server host hostname_or_device_id port port_number
    • director (config) #tacacs-server host hostname_or_device_id single-connection
    • director (config) #tacacs-server host hostname_or_device_id timeout integer
  • Configuration commands:
    • director (config) # configuration switch-to <name of config file> 
    • director (config) # configuration new <new config file > keep-console
  • Archive commands:
    • director (config) # archive all create <archive_name> key <keyname>
    • director (config) # archive all fetch <archive_name> ftp://<ip address> username <director> password <bluecoat>
    • director (config) # archive all restore <archive_name> key <keyname>
  • SSL commands:
    • director (config) # show ssl appliance-certificate
    • director (config) # ssl request-appliance-certificate
  • Restarting Director:
    • director # reload
  • Troubleshooting with the messages file:
    • director # config t
    • director (config) # shell
    • sh-3.2#  tail -f /var/log/messages
  • Working with DNS  ( all done in the shell mode)
    • sh-3.2# /etc/init.d/djbdns stat   ( checks to see if the DNS service is running )
    • sh-3.2# /etc/init.d/djbdns start  ( Starts the DNS service )
    • sh-3.2# /etc/init.d/djbdns restart ( stops and starts the DNS service)
    • To disable A DNS server- not in linux shell but in config mode.
    • director (config) # no ip name-server ip_address
  • Procuring a status of Director daemons. Starting and stopping services.
    • director # config t
    • director #  shell
    • sh-3.2# service httpd status
    • sh-3.2# service httpd stop
    • sh-3.2# service httpd start
    • sh-3.2# service director stop ( Do not attempt to exit to the nominal command line while the Director daemons are in a stoppped state! This will cause the CLI to hang, and you will then need a hardware reboot to restart the Director daemons)
    • sh-3.2# service director start 
    • sh-3.2# /etc/init.d/tomcat6 status start | stop
    • TIP: tomcat is automatically started with the http daemon.   
    • TIP: If Postgress daemon  does not start, you may want to use the command "director # monitoring db reset force"  to reset it. ( this command is done in config mode) A director reload is required after this command.
  • CPU status commands.
    • director # config t
    • director #  shell
    • sh-3.2# vmstat -a
      procs -----------memory---------- ---swap-- -----io---- --system-- -----cpu------
       r  b   swpd   free  inact active   si   so    bi    bo   in   cs us sy id wa st
       0  0      0 841992  58084 112028    0    0    89    16 1019   99  2  1 97  1  0
    • Showing the cpu idle 99 percent of the time- see the id colomn.
  • Interface management.
    • See above under "network related"  title
  • Working directly with each SG device:
    • director #show devices max-supported ( shows how many total SGs you can configure )
    • Remotely restore a backup to an SG.
      • director # remote-config backup restore device device_id backup_id
    • Checking the state and health.
      • director # show devices state
      • director # show monitoring health summary   ( gives you a list of all registered SGs, and their status- wether or not Director can connect to them, for example)
    • Executing a command on the SG..
      • director # remote-config execute device "<device name>"  command "show version"    ( show the SG version software )
      • director # remote-config reboot device "<device name>"    ( reboots device )
      • director # remote-config reconnect device "<device name>"   ( reconnects to the device )
      • director # remote-config overlay "<overlyname> " execute  device <device name>   ( executes a overlay)
      • TIP: You can also use the LINUX command "ssh [email protected]<ipaddress of SG> from the Director shell prompt to attach directly to each SG..
  • Information on jobs.
    • director # show jobs 
    • director # show jobs <device id>
  • SMTP commands.
    • director # show mail-config  ( show the SMTP setup)
  • Memory commands. 
    • Debug dump commands:
    • director (config) # debug dump generate
    • Upload the dump file to a local FTP server
      • (config) # shell
      • sh-3.2# cd /local/userfiles
      • sh-3.2# ls
        • dump?sgmeinfo-director-2014.09.11-095306.tgz
      • sh-3.2# mv dump?sgmeinfo-director-2014.09.11-095306.tgz debug_dump.tgz ( to rename file to a smaller filename )
      • sh-3.2# ftp
      • ftp> open ftp.example.com
      • ftp> bin
        • + 220 TYPE SET TO I
      • ftp> put debug_dump.tgz
        • + 226 TRANSFER COMPLETE
      • TIP: While in the 'config t' type shell to get to the LINUX shell
      • sh-3.2# free -mot ( to get memory state)
      • sh-3.2# swapon -s ( to get swap state, which should NOT be set by default)
  • Taking a PCAP for support.
    • director # tcpdump filter -i ether-0 -c 3
    • director # tcpdump start
    • TIP: tcpdump will be listening on ether-0
    • Example1:  This command filters the trace for the address:  tcpdump -w file.pcap -s 1550 host
    • director # standbyp stop
    • standbye2: tcpdump –vvx –i eth0 port 22 –w ssh_capture.cap
      • Above PCAP command procures a sniffer trace (pcap)  on eth0 for ssh traffic
  • Director Standby commands.
    • director # show standby-settings
      • Identity:Primary
      • State:Active
      • Partner IP:
      • Partner State:Reserve
      • Sync State:in_sync
      • Time Last HB Recd.:Fri Dec 03 2010 18:17:50
    • director # standby make-active.  
    • director # standby make-primary.   
    • director # standby make-secondary.
    • director # standby make-standalone.
  • NTP commands
    • TIP: The below commands start, stop and configure the NTP daemon.
    • director (config) # show ntp( obtain a status of ntp)
    • director (config) # ntp enable  (starts the daemon) 
    • director (config) # no ntp enable ( stops NTP)
    • director (config) # ntp peer ip_address_or_hostname   
    • director (config) # ntp server [prefer | version version_number]
    • TIP: The NTPDATE command is not recommended for normal operations, because a reload of NTP includes a ntpdate command to set the clock. Do not use NTPDATE unlese ntp is unloaded, via the linux command line, using shell.  
  • To restore the configuration to factory defaults.
    • director (config) # configuration restore-factory-defaults
    • TIP: The above command will take up to 5 minutes to complete and remove every configuration you've made to it.
  • Health commands
    • director # show monitoring health all 
Frequently asked questions:
What initi.d scripts start Director?
  • The '/etc/init.d/director' script starts Director.
What are the main components of the /etc/init.d/director startup script?
  • TIP: The other main Daemons needed for Director are started prior to this script.
  • Tomcat is started before this script in the /etc/encryptedtomcat script or as a result of the httpd start in this script.
  • This script contains an upgrade , and setup functions, if needed
  • the 'service httpd start' is issued in this script. 
Where do we keep the scheduled jobs I create?
  • Jobs are kept in the /local/jobs/runner folder.
Where do we keep store the upgrade images we have for Director?
  • After the /'upgrade-package fetch' command is succcessfully issued, Images are kept in the /local/rpms folder.
How do I determine what the runlevel is on Director?
  • Once you have typed 'shell' to get to linux type 'runlevel'
  • TIP: the default runlevel of Director is 3
Where do we keep the archived configuration of Director?
  • /local/userfiles
Where do we keep the configuration backups of each SG appliance?
  • We keep them in encrypted form in  local/encrypted-backups/<name of SG>
What command would count how many files I have in this folder? 
  • Assuming your backup file had the letters "Mart" in it, you could use ls |grep Mart | wc -l   (The last letter here is l, for list.)
Where is the complete director config stored?
  • The configuration is stored, in encrypted form, in the folder /local/sys/v5-config