The Command Line Interface (CLI) provides users with administrative rights access
to set these values through the command line. You can use the CLI
to modify configuration options, including the required security checks
that allow the configuration options to be changed.
Some CLI options require special
arguments listed as words in capital letters in the option summary
of the command. Descriptions of the format of these arguments are
in the following table:
Table 1 CLI arguments Argument type | Description |
---|
DIR | A path to a directory where the HP SMH service has write
access. | FILE | A path to a file. | GROUPLIST | A list of group names separated by semicolons. | IPBINDLIST | A list of IPv6 addresses and/or IPv4 address/netmask pairs separated by semicolons. | IPLIST | A list of IP
addresses separated by semicolons. | NUM | A numeric value with a range that depends
on the option being set. | NAMELIST | A list of host names and IP addresses
separated by semicolons. | XENAMELIST | A list of trusted server host names. |
Anonymous AccessAnonymous access allows anonymous
users to access unsecured pages, including local anonymous access.
The following command enables or disables the anonymous access setting: smhconfig -a|--anonymous-access [=] True
| False Local
AccessThe local access command sets the local access
privilege to anonymous or administrator, applying the specified access
to the local system. If local access is selected, a user with access
to the local console is granted anonymous or administrator access
without being challenged for a username and password. The following command enables or disables local access: smhconfig -L|--localaccess-enabled [=] True | False The following command configures the local user
privileges: smhconfig -l|--local-access
[=] administrator | anonymous IP Restricted LoginsIP addresses can
be explicitly permitted or restricted based on user type. If an IP
address is explicitly restricted, it is restricted even if it is explicitly
permitted. If there are IP addresses in the permitted list, only those
IP addresses are allowed login access. If there are no IP addresses
in the permitted list, login access is granted to any IP address not
in the restricted list. The following command enables
or disables IP restricted login:
smhconfig -P|--ip-restricted-login [=] True | False IP Address Inclusion. Perform the IP address permitted command as follows: smhconfig -i|--ip-restricted-include
[=] IPLIST The following is an example of how IPLIST is formatted: 122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128 IP Address Exclusion. Perform the IP address restricted command as follows: smhconfig -e|--ip-restricted-exclude
[=] IPLIST The following is an example of how IPLIST is formatted: 122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128 IP BindingIP binding provides HP SMH
the ability to listen only to the addresses configured in the IP binding
list. If IP binding is enabled and the IP binding list is empty, HP SMH
will only be accessible locally. Perform the IP binding
command as follows: smhconfig -g|--ip-binding
[=] True | False IP
binding list. Use the following command to configure
the IP binding list to be used when IP binding is enabled. smhconfig -I|--ip-binding-list [=] IPBINDLIST IPBINDLIST must be a list of semicolon-separated IP
addresses and/or IP address/netmask pairs. The following
is an example of how IPBINDLIST is formatted: 122.23.44.1-122.23.44.255;172.84.100.35;172.168.10.5;168.172.10.1-168.172.10.128 Trust ModesThe HP SMH trusts Systems Insight Manager (HP SIM) or Insight Manager 7 (IM 7) secure task
execution requests and single sign on requests with various levels
of security, ranging from trust all to only trust HP SIM or Insight Manager
7 with trusted certificates: Trust All. This
command sets up the http server to accept all secure task execution
requests and single sign on requests from any HP SIM or Insight Manager 7 server: smhconfig -t|--trust-mode
[=] TrustByAll Trust By Name. This command sets up the HP SMH to only accept secure task execution
requests and single sign on requests from the listed HP SIM or Insight Manager
7 servers: smhconfig
-t|--trust-mode [=] TrustByName
To configure the trusted
servers name list for the TrustByName trust mode, use the following
command: smhconfig -X|--xe-name-list
[=] XENAMELIST XENAMELIST is a list
of the Systems Insight Manager or Insight Manager 7 servers that trust, using a comma or semicolon
as a delimiter. The following is an example of the name list format: server1,server2.domain1;server3,server4.domain2 Trusted Certificates. This command establishes
the trust relationship between HP SIM or Insight Manager 7 and the HP SMH using
the certificate. The trust mode is set to TrustByCert using the following
command: smhconfig
-t|--trust-mode [=] TrustByCert
A trusted certificate is
added to the trusted certificate list using the following command: smhconfig -C|--trust-certificate [=] FILE FILE is the name of the file containing the base 64
encoded certificate to be added to the trusted certificate list.
Restart serviceRestart
the HP SMH on completion of applying the new configuration settings. smhconfig -r|--restart Reject Program
Admin LoginReject or accept and HP Web-enabled System Management Software or VCA login
request. smhconfig
-j|--reject-prog-admin-login [=] true|false Win32DisableAcceptEXAcceptEX() is a Microsoft WinSock v2 API that provides
performance improvements over the use of the BSD style accept() API
in specific circumstances. Some popular Windows products, typically
virus scanning or virtual private network packages, have bugs that
interfere with the operation of AcceptEx(). If you encounter an error
condition like: [error] (730038)
An operation was attempted on something that is not a socket:: winnt_accept:
AcceptEx failed. Attempting to recover. Use the following directive to disable the use of AcceptEx(): smhconfig -w|--win32-disable-acceptex [=]
True | False Disable SSL v2By default the HP SMH has SSL v2 disabled. Use the following switch
to re-enable SSL v2: smhconfig -s|--disable-sslv2
[=] True | False Log RotationsLog files
can become large and unmanageable. The following switch enables log
files to rotate automatically when they reach 5M (default size). Either
the log file is over-written on the next rotation when the option
is off or a new file is created and the previous file is marked as
old when the option is on. smhconfig -A|--rotate-logs [=] 0 | 1 | 2 Where: 0= off, 1 or 2=
on. Rotate
Log SizeLog files can become large and unmanageable.
The following switch allows the user to set the size of the log files. smhconfig -z|--rotate-log-size [=] size Where size is a value in the range of 1-9MB. Maximum Number
of Threads AllowedThe Maximum
Number of Threads Allowed value allows the user to increase
or reduce the maximum number of threads HP SMH creates to handle page
requests. The default is 64 for Windows.
smhconfig -M|--max-threads [=] max-number-of-threads Where max-number-of-threads is a number in the range of 64-512. Maximum Number of Threads Allowed is only
available on Windows. Maximum Number of SessionsBy default, HP SMH
supports 128 user sessions. This number can be lowered to 32 or raised
to 500 using the session-maximum setting. smhconfig -S|--session-maximum [=] maximum-number-of-sessions Session TimeoutThe default session timer is set to 15 minutes.
The session timeout can be set as low as 1 minute or as high as 60
minutes. smhconfig
-U|--session-timeout [=] session-timeout-in-minutes
Log LevelBy default, the logging level of HP SMH
error messages is set to error. When a log level
is set, all events that are the same or superior to the configured
log level are written to the log file. The log level option only affects
the error_log file located under SystemDrive:\hp\hpsmh\logs in Windows and
under /var/spool/opt/hp/hpsmh/logs in Linux. The following values are available, in order of decreasing
significance: Table 2 Log level Value | Description |
---|
emerg | Emergencies - system is unusable | alert | Action must be taken immediately | crit | Critical conditions | error | Error conditions | warn | Warning
conditions | notice | Normal but significant
condition | info | Informational | debug | Debug-level messages |
smhconfig -v|--log-level
[=] logging-level Port
2301Port 2301 determines whether HP SMH listens on
port 2301. If the value is set to True, HP SMH listens on port 2301. If the value is set to False, HP SMH does not listen on port 2301. The default is to listen on port 2301. smhconfig -T|--port2301 [=] True | False Multihomed certificate
alternative names listYou can set the name for the certificate through the multihomed
option. It is important to restart the hpsmhd service
when running smhconfig with multihomed values using a single command
on the console (--restart option). smhconfig -u|--multihomed [=] NAMELIST smhconfig -u|--multihomed
[=] NAMELIST --restart NAMELIST must be a semicolon-separated
list of IP addresses and hostnames. Custom UIEnabling custom UI enables you to customize
the signin and header images as well as adding a small text in the
signin page. See the HP SMH README.txt in the hpsmh/data/htdocs/custom_ui directory in the HP SMH install
path. smhconfig -c|--custom-ui [=] True
| False Httpd Error LogThe httpd error log option enables you to determine if it
is possible to view the httpd error_log log file
through the user interface. smhconfig
-p|--httpd-error-log [=] True | False Icon ViewIcon view allows
you to set the default view mode to show icons (True) like a desktop
File Manager appearance or to show the traditional list (False) that
displays items in boxes. smhconfig -n|--iconview
[=] True | False Box OrderBox order defines the ordering method
used to display the boxes. You can choose name, which places the boxes in alphabetical order, or
you can choose status, which displays
the boxes from the worst status (critical) to the best status (normal). smhconfig -x|--box-order [=] Name | Status Box Item OrderBox item order defines the ordering method used to display
the items inside boxes. You can choose name, which places, boxes in alphabetical order, or you can choose status, which displays boxes from the worst
status (critical) to the best status (normal). smhconfig -b|--box-item-order [=] Name | Status Kerberos AuthenticationTo enable or disable Kerberos authentication support,
use the following command: smhconfig
-k|--Kerberos [=] True | False Administrator Kerberos users. To configure
Kerberos groups of users from a Kerberos domain with administrator
privileges, use the following command: smhconfig –m|--admin-kerberos [=] GROUPLIST Note: GROUPLIST is
a single Kerberos group or a list of Kerberos group names separated
by semicolons. Operator Kerberos users. To configure
Kerberos groups of users from a Kerberos domain with operator privileges,
use the following command: smhconfig –R|--operator-kerberos [=] GROUPLIST Note: GROUPLIST is
a single Kerberos group or a list of Kerberos group names separated
by semicolons. User Kerberos
users. To configure Kerberos groups of users from
a Kerberos domain with user privileges, use the following command: smhconfig –K|--user-kerberos
[=] GROUPLIST Note: GROUPLIST is
a single Kerberos group or a list of Kerberos group names separated
by semicolons. User GroupsUser Groups are
a set of policies to access and modify HP SMH functionalities. Only
valid existing operating system groups can be added to the group list. To add groups into HP SMH user types, complete the following: Administrators. Users
with Administrator access can view and set all information provided
throughout the HP SMH. The default
user group (Administrators for Microsoft operating
systems and root for Linux) always has administrative
access. Windows systems that are
part of a domain can specify domain groups and local groups for any
level of access. smhconfig -d|--admin-group
[=] [ groupList ] Operators. Users with Operator access can view and
set most information provided through the HP SMH. Some web applications
limits access to the most critical information to administrators only. smhconfig -E|--operator-group
[=] [ groupList ] Users. Users with User access can view most information
provided through the HP SMH. Some web applications restricts viewing
of critical information from individuals with User access. smhconfig -G|--user-group [=] [ GROUPLIST
] Where groupList is a single operating system group or a list of operating system
group names separated by semicolons.
Help messageTo display a help message on the screen, use the following command: smhconfig –h|--help File Based Command Line InterfaceThe Command Line Interface (CLI) option enables a file with configuration parameters to be
passed on the command line. The CLI parses the file and processs the arguments. The command to use a file for the input to the CLI is: smhconfig -f configFile Command Line Interface File Structure. The CLI file structure format includes the # character
for comments, a bracketed key word indicating the parameter to be
set, and the parameter value. An example of the CLI file structure
format is as follows: # Characters placed after the # on a given line are not parsed. An example of a configuration file for smhconfig is as follows: # SMH configruation file for smhconfig
[anonymous-access] false [localaccess-enabled] true [localaccess-type] administrator [user-group] users
Command Line Log ReaderThe command line log reading tool provides the users with a command line tool for reading the SMH log messages without using the UI. The command is: smhlogreader [options] where, the [options] are: -h|--help, displays the help message. -f|--file FILE, FILE represents a path to a file. --from FROM, FROM: to display a range of messages, this option describes the ID of the first message. --to TO, TO: to display a range of messages, this option describes the ID of the last message. --lang LANG, LANG: the language used to display the log messages. The different options provided by the smhlogreader CLI are:
Help It allows the user run the command to display the help message for this tool. The following command displays the help message for the smhlogreader CLI. smhlogreader -h|--help Version It allows the user run the command to display the version of SMH. The following command displays the SMH version number. smhlogreader --version Language It allows the user to select language of choice for the messages to be displayed The following command allows the user to select the language of choice for the messages to be displayed. smhlogreader --lang en|ja By default the SMH Logs and UI supports “en” for English and “ja” for Japanese. Reading Logs It displays a list with the most recent messages. The following command displays a list with the most recent messages. smhlogreader Range It allows the user to set the range of messages that smhlogreader CLI should display. The following command displays a list of messages in the range selected by the user. smhlogreader --from VALUE --to VALUE For example, to display messages the recent five messages, the user should use the following command: smhlogreader --from 1 --to 5 File-based command line log reading The smhlogreader CLI allows the user to use a properly-formatted log file as an input. The following command allows the user to use a properly-formatted log file as an input and also backs up the log files. smhlogreader –f|--file FILE
Related Topic
|