Command-line interface
Access the appliance with an ssh session:
usernameA@example.ibm.com>ssh -l admin webapp.vwasp.gc.myco.com admin@webapp.vmasp.gc.myco.com's password: Welcome to the ISAM appliance Enter "help" for a list of available commands webapp.vwasp.gc.myco.com> isam webapp.vwasp.gc.myco.com:isam> help Current mode commands: aac Work with the Advanced Access Control settings. admin Start an administration session to administer the security policy. ca Work with the Policy server CA update operations. cluster Work with the Verify Access cluster. dscadmin Start an administration session to administer the Distributed Session Cache. logs Work with the Verify Access log files. policy_db_dump Validate and maintain the ISAM policy database. runtime_dump Generate a core dump of the Verify Access runtime. Global commands: back Return to the previous command mode. exit Log off from the appliance. help Display information for using the specified command. reboot Reboot the appliance. shutdown End system operation and turn off the power. top Return to the top level.Show options available under lmi > accounts > locked menu.
webapp.vwasp.gc.myco.com:locked> help Current mode commands: list List all of the locked accounts and the amount of time before each of the accounts will be automatically unlocked. unlock_all Unlock all of the locked accounts. unlock <account> Unlock a specific account.Show options available under the logs menu.
webapp.vwasp.gc.myco.com:logs> help Current mode commands: archive Archive the log files to a USB device. delete Delete the log files which have been rolled over by the system. delete_trace Delete the trace files (trace, stats, translog) from the system. monitor Monitor log files on the system.Show options available under the network menu.
webapp.vwasp.gc.myco.com:network> help Current mode commands: defgw Work with the default gateway. dns Work with the appliance DNS settings. hostname Work with the applaince host name. interfaces Work with interface settings. routes Work with the static routes.Show options available under the routes menu.
webapp.vwasp.gc.myco.com:routes> help Current mode commands: add Add a static route. delete Delete a static route. edit Edit a static route. show Show the static routes including both Active and Configured.Show usage of the policy_db_dump command:
policy_db_dump {-f <db_name>} {-l [1|2]} {-g} {-n} {-q} {-s} {-r} {-d <find-entry-name> [-c <replace-entry-name>[:<hostname}[:<principal>]}-f <db_name> : Name of the policy database. This argument is optional if there is only a single Verify Access domain. -l [1|2] : The validation check level (2 is the default). -g : Display the glossary information only. -n : Display the object names only. -q : Display the sequence number of the policy database. -s : Display statistical information from the policy database. -r : Validate and repair the policy database. The policy server will be restarted as a result of this command. -d: Locate an entry in the database. If the -c flag is also specified the located entry is replaced with the new entry, otherwise the located entry is deleted from the database. The policy server will be restarted as a result of this command. -c: Replace the located entry in the database. This flag can only be used in conjunction with the -d flag. The policy server will be restarted as a result of this command.Show options available under the aac menu.
webapp.vwasp.gc.myco.com:aac> help Current mode commands: config Start a session which can be used to configure a Web Reverse Proxy instance so that it can act as a point of contact for Advanced Access Control. unconfig Start a session which can be used to unconfigure a Web Reverse Proxy instance so that it can no longer act as a point of contact for Advanced Access Control.Show options available under the tools menu:
webapp.vwasp.gc.myco.com:tools> help Current mode commands: connect Test network connection to a certain port on a specified host. connections Display the network connections for the appliance. nslookup Query internet domain name servers. ping Send an ICMP ECHO_REQUEST to network hosts. traceroute Trace a packet from a computer to a remote destination, showing how many hops the packet required to reach the destination and how long each hop took. session Test network sessions with TCP or SSL.Show option available under the support menu:
webapp.vwasp.gc.myco.com:support> help Current mode commands: create Create a support information file. delete Delete a support information file. download Download a support information file to a USB flash drive. get_comment View the comment associated with a support information file. list List the support information files. set_comment Replace the comment associated with a support information file. purge Purge the support files from the hard drive.The purge command deletes all core files, crashmap files, and support files from the /var/support/ directory.
Shows options available under the pending_changes menu:
webapp.vwasp.gc.myco.com:pending_changes> help Current mode commands: discard Discard the pending changes for a particular user or all users. list List all users who have outstanding pending changes.The method to access the console differs between the hardware appliance and the virtual appliance:
- For the hardware appliance, a serial console device must be used.
- For the virtual appliance, we can access the console using the appropriate VMWare software. For example, VMWare vSphere Client.
The CLI contains only a subset of the functions available from the local management interface. The following list gives a high-level overview of the functions available from the command-line interface. To see a list of the options for these commands, type the command name followed by -help.
firmware Work with firmware images. fixpacks Work with fix packs. hardware Work with the baseboard management controller (BMC) module. This command is not available on the virtual appliance.
license Work with licenses. lmi Work with the local management interface. management Work with management settings. snapshots Work with policy snapshot files. support Work with support information files. tools Work with network diagnostic tools. updates Work with firmware and security updates. We can also use a web service call to run most CLI commands. The web service URL is https:<appliance>/core/cli. For details about the usage of this web service, see the REST API documentation. The following CLI commands cannot be run via the web service:
- isam > admin
- isam > dscadmin
- isam > logs > monitor
- isam > thales > rocs
- isam > thales > hsconfig
- isam > thales > cknfastrc
- isam > thales > nfdiag
- isam > thales > ckcheckinst
- hardware > ipmitool
- management > set_password
A customizable access banner can be presented on the command line interface. Use the Login Screen Header and Login Screen Message properties on the Administrator Settings page to set the access banner content.
Parent topic: Manage the appliance