Command-line interface

Access the appliance with an ssh session:

usernameA@example.ibm.com>ssh -l admin webapp.vwasp.gc.myco.com 
admin@webapp.vmasp.gc.myco.com's password:
Welcome to the ISAM appliance
Enter "help" for a list of available commands
webapp.vwasp.gc.myco.com> isam
webapp.vwasp.gc.myco.com:isam> help
Current mode commands:
aac                 Work with the Advanced Access Control settings.
admin               Start an administration session to administer the security policy.
ca                  Work with the Policy server CA update operations.
cluster             Work with the Verify Access cluster.
dscadmin            Start an administration session to administer the Distributed Session Cache.
logs                Work with the Verify Access log files.
policy_db_dump      Validate and maintain the ISAM policy database.
runtime_dump        Generate a core dump of the Verify Access runtime.
Global commands:
back                Return to the previous command mode.
exit                Log off from the appliance.
help                Display information for using the specified command.
reboot              Reboot the appliance.
shutdown            End system operation and turn off the power.
top                 Return to the top level.

Show options available under lmi > accounts > locked menu.

webapp.vwasp.gc.myco.com:locked> help
Current mode commands:
list             List all of the locked accounts and the amount of time before each 
                 of the accounts will be automatically unlocked.
unlock_all       Unlock all of the locked accounts.
unlock <account> Unlock a specific account.

Show options available under the logs menu.

webapp.vwasp.gc.myco.com:logs> help
Current mode commands:
archive         Archive the log files to a USB device.
delete          Delete the log files which have been rolled over by the system.
delete_trace    Delete the trace files (trace, stats, translog) from the system.
monitor         Monitor log files on the system.

Show options available under the network menu.

webapp.vwasp.gc.myco.com:network> help
Current mode commands:
defgw           Work with the default gateway.
dns             Work with the appliance DNS settings.
hostname        Work with the applaince host name.
interfaces      Work with interface settings.
routes          Work with the static routes.

Show options available under the routes menu.

webapp.vwasp.gc.myco.com:routes> help
Current mode commands:
add             Add a static route.
delete          Delete a static route.
edit            Edit a static route.
show            Show the static routes including both Active and Configured.

Show usage of the policy_db_dump command:

policy_db_dump {-f <db_name>} {-l [1|2]} {-g} {-n} {-q} {-s} {-r} 
{-d <find-entry-name> [-c <replace-entry-name>[:<hostname}[:<principal>]}-f <db_name> : Name of the policy database.  This argument is optional 
               if there is only a single Verify Access domain.
-l [1|2] :     The validation check level (2 is the default).
-g :           Display the glossary information only.
-n :           Display the object names only.
-q :           Display the sequence number of the policy database.
-s :           Display statistical information from the policy database.
-r :           Validate and repair the policy database.  The policy server will be 
               restarted as a result of this command.
-d:            Locate an entry in the database.  If the -c flag is also specified the 
               located entry is replaced with the new entry, otherwise the located 
               entry is deleted from the database. The policy server will be restarted 
               as a result of this command.
-c:            Replace the located entry in the database.  This flag can only be used 
               in conjunction with the -d flag. The policy server will be restarted 
               as a result of this command.

Show options available under the aac menu.

webapp.vwasp.gc.myco.com:aac> help
Current mode commands:
config          Start a session which can be used to configure a Web Reverse
                Proxy instance so that it can act as a point of contact for
                Advanced Access Control.
unconfig        Start a session which can be used to unconfigure a Web Reverse
                Proxy instance so that it can no longer act as a point of
                contact for Advanced Access Control.

Show options available under the tools menu:

webapp.vwasp.gc.myco.com:tools> help
Current mode commands:
connect         Test network connection to a certain port on a specified host.
connections     Display the network connections for the appliance.
nslookup        Query internet domain name servers.
ping            Send an ICMP ECHO_REQUEST to network hosts.
traceroute      Trace a packet from a computer to a remote destination, showing
                how many hops the packet required to reach the destination and
                how long each hop took.
session         Test network sessions with TCP or SSL.

Show option available under the support menu:

webapp.vwasp.gc.myco.com:support> help
Current mode commands:
create          Create a support information file.
delete          Delete a support information file.
download        Download a support information file to a USB flash drive.
get_comment     View the comment associated with a support information file.
list            List the support information files.
set_comment     Replace the comment associated with a support information file.
purge           Purge the support files from the hard drive.

The purge command deletes all core files, crashmap files, and support files from the /var/support/ directory.

Shows options available under the pending_changes menu:

webapp.vwasp.gc.myco.com:pending_changes> help
Current mode commands:
discard          Discard the pending changes for a particular user or all users.
list             List all users who have outstanding pending changes.

The method to access the console differs between the hardware appliance and the virtual appliance:

• For the hardware appliance, a serial console device must be used.
• For the virtual appliance, we can access the console using the appropriate VMWare software. For example, VMWare vSphere Client.

The CLI contains only a subset of the functions available from the local management interface. The following list gives a high-level overview of the functions available from the command-line interface. To see a list of the options for these commands, type the command name followed by -help.

firmware	Work with firmware images.
fixpacks	Work with fix packs.
hardware	Work with the baseboard management controller (BMC) module. This command is not available on the virtual appliance.
license	Work with licenses.
lmi	Work with the local management interface.
management	Work with management settings.
snapshots	Work with policy snapshot files.
support	Work with support information files.
tools	Work with network diagnostic tools.
updates	Work with firmware and security updates.

We can also use a web service call to run most CLI commands. The web service URL is https:<appliance>/core/cli. For details about the usage of this web service, see the REST API documentation. The following CLI commands cannot be run via the web service:

• isam > admin
• isam > dscadmin
• isam > logs > monitor
• isam > thales > rocs
• isam > thales > hsconfig
• isam > thales > cknfastrc
• isam > thales > nfdiag
• isam > thales > ckcheckinst
• hardware > ipmitool
• management > set_password

A customizable access banner can be presented on the command line interface. Use the Login Screen Header and Login Screen Message properties on the Administrator Settings page to set the access banner content.

Parent topic: Manage the appliance