HP

HP System Management Homepage

English
  Command Line Interface Configuration   

Command Line Interface Configuration

»Table of Contents
»Index
»Product Overview
»Getting Started
»Navigating the Software
»The Home Page
»The Settings Page
»The Tasks Page
»The Logs Page
»The Installed Webapps Page
»The Support Page
»The Help Page
Command Line Interface Configuration
»File locations
»Troubleshooting
»Legal Notices
»Printable version
»Glossary
»Using Help
» Anonymous Access
» Local Access
» IP Restricted Logins
» IP Binding
» Trust Modes
» Restart service
» Reject Program Admin Login
» Win32DisableAcceptEX
» Disable SSL v2
» Log Rotations
» Rotate Log Size
» Maximum Number of Threads Allowed
» Maximum Number of Sessions
» Session Timeout
» Log Level
» Port 2301
» Multihomed certificate alternative names list
» Custom UI
» Httpd Error Log
» Icon View
» Box Order
» Box Item Order
» Kerberos Authentication
» User Groups
» Help message
» File Based Command Line Interface
» Command Line Log Reader
» Related Topic

The Command Line Interface (CLI) provides users with administrative rights access to set these values through the command line. You can use the CLI to modify configuration options, including the required security checks that allow the configuration options to be changed.

--kerberos, --user-kerberos, --operator-kerberos, --admin-kerberos, --max-threads and --win32-disable-acceptex options are only available on Windows operating systems.

Long options, starting with "--", have an optional symbol "=" before the argument.

Some CLI options require special arguments listed as words in capital letters in the option summary of the command. Descriptions of the format of these arguments are in the following table:

Table 1 CLI arguments

Argument typeDescription
DIRA path to a directory where the HP SMH service has write access.
FILEA path to a file.
GROUPLISTA list of group names separated by semicolons.
IPBINDLISTA list of IPv6 addresses and/or IPv4 address/netmask pairs separated by semicolons.
IPLISTA list of IP addresses separated by semicolons.
NUMA numeric value with a range that depends on the option being set.
NAMELISTA list of host names and IP addresses separated by semicolons.
XENAMELISTA list of trusted server host names.

 

Anonymous Access

Anonymous access allows anonymous users to access unsecured pages, including local anonymous access. The following command enables or disables the anonymous access setting:

smhconfig -a|--anonymous-access [=] True | False

Local Access

The local access command sets the local access privilege to anonymous or administrator, applying the specified access to the local system. If local access is selected, a user with access to the local console is granted anonymous or administrator access without being challenged for a username and password.

The following command enables or disables local access:

smhconfig -L|--localaccess-enabled [=] True | False

The following command configures the local user privileges:

smhconfig -l|--local-access [=] administrator | anonymous

IP Restricted Logins

IP addresses can be explicitly permitted or restricted based on user type. If an IP address is explicitly restricted, it is restricted even if it is explicitly permitted. If there are IP addresses in the permitted list, only those IP addresses are allowed login access. If there are no IP addresses in the permitted list, login access is granted to any IP address not in the restricted list.

The following command enables or disables IP restricted login:

smhconfig -P|--ip-restricted-login [=] True | False

IP Address Inclusion. Perform the IP address permitted command as follows:

smhconfig -i|--ip-restricted-include [=] IPLIST

The following is an example of how IPLIST is formatted:

122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128

IP Address Exclusion. Perform the IP address restricted command as follows:

smhconfig -e|--ip-restricted-exclude [=] IPLIST

The following is an example of how IPLIST is formatted:

122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128

IPv4 and IPv6 address ranges are supported.

IP Binding

IP binding provides HP SMH the ability to listen only to the addresses configured in the IP binding list. If IP binding is enabled and the IP binding list is empty, HP SMH will only be accessible locally.

Perform the IP binding command as follows:

smhconfig -g|--ip-binding [=] True | False

IP binding list. Use the following command to configure the IP binding list to be used when IP binding is enabled.

smhconfig -I|--ip-binding-list [=] IPBINDLIST

IPBINDLIST must be a list of semicolon-separated IP addresses and/or IP address/netmask pairs.

The following is an example of how IPBINDLIST is formatted:

122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128

Trust Modes

The HP SMH trusts Systems Insight Manager (HP SIM) or Insight Manager 7 (IM 7) secure task execution requests and single sign on requests with various levels of security, ranging from trust all to only trust HP SIM or Insight Manager 7 with trusted certificates:

  • Trust All. This command sets up the http server to accept all secure task execution requests and single sign on requests from any HP SIM or Insight Manager 7 server:

    smhconfig -t|--trust-mode [=] TrustByAll

  • Trust By Name. This command sets up the HP SMH to only accept secure task execution requests and single sign on requests from the listed HP SIM or Insight Manager 7 servers:

    smhconfig -t|--trust-mode [=] TrustByName

    To configure the trusted servers name list for the TrustByName trust mode, use the following command:

    smhconfig -X|--xe-name-list [=] XENAMELIST

    XENAMELIST is a list of the Systems Insight Manager or Insight Manager 7 servers that trust, using a comma or semicolon as a delimiter. The following is an example of the name list format:

    server1,server2.domain1;server3,server4.domain2

  • Trusted Certificates. This command establishes the trust relationship between HP SIM or Insight Manager 7 and the HP SMH using the certificate. The trust mode is set to TrustByCert using the following command:

    smhconfig -t|--trust-mode [=] TrustByCert

    A trusted certificate is added to the trusted certificate list using the following command:

    smhconfig -C|--trust-certificate [=] FILE

    FILE is the name of the file containing the base 64 encoded certificate to be added to the trusted certificate list.

Restart service

Restart the HP SMH on completion of applying the new configuration settings.

smhconfig -r|--restart

Reject Program Admin Login

Reject or accept and HP Web-enabled System Management Software or VCA login request.

smhconfig -j|--reject-prog-admin-login [=] true|false

Win32DisableAcceptEX

AcceptEX() is a Microsoft WinSock v2 API that provides performance improvements over the use of the BSD style accept() API in specific circumstances. Some popular Windows products, typically virus scanning or virtual private network packages, have bugs that interfere with the operation of AcceptEx(). If you encounter an error condition like:

[error] (730038) An operation was attempted on something that is not a socket:: winnt_accept: AcceptEx failed. Attempting to recover.

Use the following directive to disable the use of AcceptEx():

smhconfig -w|--win32-disable-acceptex [=] True | False

Win32DisableAcceptEX is only available on Windows operating systems.

Disable SSL v2

By default the HP SMH has SSL v2 disabled. Use the following switch to re-enable SSL v2:

smhconfig -s|--disable-sslv2 [=] True | False

Log Rotations

Log files can become large and unmanageable. The following switch enables log files to rotate automatically when they reach 5M (default size). Either the log file is over-written on the next rotation when the option is off or a new file is created and the previous file is marked as old when the option is on.

smhconfig -A|--rotate-logs [=] 0 | 1 | 2

Where: 0= off, 1 or 2= on.

Rotate Log Size

Log files can become large and unmanageable. The following switch allows the user to set the size of the log files.

smhconfig -z|--rotate-log-size [=] size

Where size is a value in the range of 1-9MB.

Maximum Number of Threads Allowed

The Maximum Number of Threads Allowed value allows the user to increase or reduce the maximum number of threads HP SMH creates to handle page requests. The default is 64 for Windows.

Maximum Number of Threads Allowed is only available on Windows operating systems.

smhconfig -M|--max-threads [=] max-number-of-threads

Where max-number-of-threads is a number in the range of 64-512.

Maximum Number of Threads Allowed is only available on Windows.

Maximum Number of Sessions

By default, HP SMH supports 128 user sessions. This number can be lowered to 32 or raised to 500 using the session-maximum setting.

smhconfig -S|--session-maximum [=] maximum-number-of-sessions

Session Timeout

The default session timer is set to 15 minutes. The session timeout can be set as low as 1 minute or as high as 60 minutes.

smhconfig -U|--session-timeout [=] session-timeout-in-minutes

Log Level

By default, the logging level of HP SMH error messages is set to error. When a log level is set, all events that are the same or superior to the configured log level are written to the log file. The log level option only affects the error_log file located under SystemDrive:\hp\hpsmh\logs in Windows and under /var/spool/opt/hp/hpsmh/logs in Linux.

The following values are available, in order of decreasing significance:

Table 2 Log level

ValueDescription

emerg

Emergencies - system is unusable

alert

Action must be taken immediately

crit

Critical conditions

error

Error conditions

warn

Warning conditions

notice

Normal but significant condition

info

Informational

debug

Debug-level messages

 

smhconfig -v|--log-level [=] logging-level

Log level only affects new messages written in the HTTP error log. You must perform a soft restart of the system.

Port 2301

Port 2301 determines whether HP SMH listens on port 2301. If the value is set to True, HP SMH listens on port 2301. If the value is set to False, HP SMH does not listen on port 2301.

The default is to listen on port 2301.

smhconfig -T|--port2301 [=] True | False

Multihomed certificate alternative names list

You can set the name for the certificate through the multihomed option.

It is important to restart the hpsmhd service when running smhconfig with multihomed values using a single command on the console (--restart option).

smhconfig -u|--multihomed [=] NAMELIST

smhconfig -u|--multihomed [=] NAMELIST --restart

NAMELIST must be a semicolon-separated list of IP addresses and hostnames.

Custom UI

Enabling custom UI enables you to customize the signin and header images as well as adding a small text in the signin page. See the HP SMH README.txt in the hpsmh/data/htdocs/custom_ui directory in the HP SMH install path.

smhconfig -c|--custom-ui [=] True | False

Httpd Error Log

The httpd error log option enables you to determine if it is possible to view the httpd error_log log file through the user interface.

smhconfig -p|--httpd-error-log [=] True | False

Icon View

Icon view allows you to set the default view mode to show icons (True) like a desktop File Manager appearance or to show the traditional list (False) that displays items in boxes.

smhconfig -n|--iconview [=] True | False

Box Order

Box order defines the ordering method used to display the boxes. You can choose name, which places the boxes in alphabetical order, or you can choose status, which displays the boxes from the worst status (critical) to the best status (normal).

smhconfig -x|--box-order [=] Name | Status

Box Item Order

Box item order defines the ordering method used to display the items inside boxes. You can choose name, which places, boxes in alphabetical order, or you can choose status, which displays boxes from the worst status (critical) to the best status (normal).

smhconfig -b|--box-item-order [=] Name | Status

Kerberos Authentication

To enable or disable Kerberos authentication support, use the following command:

smhconfig -k|--Kerberos [=] True | False

Administrator Kerberos users. To configure Kerberos groups of users from a Kerberos domain with administrator privileges, use the following command:

smhconfig –m|--admin-kerberos [=] GROUPLIST

Note: GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons.

--admin-kerberos is only available on Windows operating systems.

Operator Kerberos users. To configure Kerberos groups of users from a Kerberos domain with operator privileges, use the following command:

smhconfig –R|--operator-kerberos [=] GROUPLIST

Note: GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons.

--operator-kerberos is only available on Windows operating systems.

User Kerberos users. To configure Kerberos groups of users from a Kerberos domain with user privileges, use the following command:

smhconfig –K|--user-kerberos [=] GROUPLIST

Note: GROUPLIST is a single Kerberos group or a list of Kerberos group names separated by semicolons.

--user-kerberos is only available on Windows operating systems.

User Groups

User Groups are a set of policies to access and modify HP SMH functionalities. Only valid existing operating system groups can be added to the group list.

To add groups into HP SMH user types, complete the following:

Administrators. Users with Administrator access can view and set all information provided throughout the HP SMH.

The default user group (Administrators for Microsoft operating systems and root for Linux) always has administrative access.

Windows systems that are part of a domain can specify domain groups and local groups for any level of access.

smhconfig -d|--admin-group [=] [ groupList ]

Operators. Users with Operator access can view and set most information provided through the HP SMH. Some web applications limits access to the most critical information to administrators only.

smhconfig -E|--operator-group [=] [ groupList ]

Users. Users with User access can view most information provided through the HP SMH. Some web applications restricts viewing of critical information from individuals with User access.

smhconfig -G|--user-group [=] [ GROUPLIST ]

Where groupList is a single operating system group or a list of operating system group names separated by semicolons.

Help message

To display a help message on the screen, use the following command:

smhconfig –h|--help

File Based Command Line Interface

The Command Line Interface (CLI) option enables a file with configuration parameters to be passed on the command line. The CLI parses the file and processs the arguments. The command to use a file for the input to the CLI is:

smhconfig -f configFile

Command Line Interface File Structure. The CLI file structure format includes the # character for comments, a bracketed key word indicating the parameter to be set, and the parameter value. An example of the CLI file structure format is as follows:

# Characters placed after the # on a given line are not parsed.

An example of a configuration file for smhconfig is as follows:

# SMH configruation file for smhconfig

[anonymous-access]

false

[localaccess-enabled]

true

[localaccess-type]

administrator

[user-group]

users

Command Line Log Reader

The command line log reading tool provides the users with a command line tool for reading the SMH log messages without using the UI. The command is:

smhlogreader [options]

where, the [options] are:

-h|--help, displays the help message.

-f|--file FILE, FILE represents a path to a file.

--from FROM, FROM: to display a range of messages, this option describes the ID of the first message.

--to TO, TO: to display a range of messages, this option describes the ID of the last message.

--lang LANG, LANG: the language used to display the log messages.

smhlogreader CLI also allows the combined use of these options in a single command.

For example, smhlogreader --lang LANG --from FROM --to TO --file FILE

The different options provided by the smhlogreader CLI are:

  • Help

    It allows the user run the command to display the help message for this tool.

    The following command displays the help message for the smhlogreader CLI.

    smhlogreader -h|--help

  • Version

    It allows the user run the command to display the version of SMH.

    The following command displays the SMH version number.

    smhlogreader --version

  • Language

    It allows the user to select language of choice for the messages to be displayed

    The following command allows the user to select the language of choice for the messages to be displayed.

    smhlogreader --lang en|ja

    By default the SMH Logs and UI supports “en” for English and “ja” for Japanese.

    To display the messages properly, the necessary fonts to display the messages must be installed on the system. For example, on a non-Japanese version of Windows the user needs to install Japanese fonts to read the log in that language.

  • Reading Logs

    It displays a list with the most recent messages.

    The following command displays a list with the most recent messages.

    smhlogreader

  • Range

    It allows the user to set the range of messages that smhlogreader CLI should display.

    The following command displays a list of messages in the range selected by the user.

    smhlogreader --from VALUE --to VALUE

    For example, to display messages the recent five messages, the user should use the following command: smhlogreader --from 1 --to 5

  • File-based command line log reading

    The smhlogreader CLI allows the user to use a properly-formatted log file as an input.

    The following command allows the user to use a properly-formatted log file as an input and also backs up the log files.

    smhlogreader –f|--file FILE

Related Topic

» HP System Management Homepage - The Settings Page