-
Cisco Internet Streamer CDS 2.4 Command Reference
-
Index
-
Preface
-
Command-Line Interface Command Summary
-
Internet Streamer CDS Release 2.4 Software Commands - access-lists through line
-
Internet Streamer CDS Release 2.4 Software Commands - lls through show statistics cdnfs
-
Internet Streamer CDS Release 2.4 Software Commands - show statistics distribution through write
-
Acronyms
-
Standard Time Zones
-
Feedback
Table Of Contents
show statistics flash-media-streaming
show statistics movie-streamer
show statistics service-router
show statistics transaction-logs
shutdown (interface configuration)
show statistics distribution
To display the statistics of the content distribution components, use the show statistics distribution EXEC command.
show statistics distribution [all | errors {delivery-service-id delivery-service-id | delivery-service-name delivery-service-name} | metadata-receiver | metadata-sender | unicast-data-receiver [delivery-service-id delivery-service-id | delivery-service-name delivery-service-name | hot-forwarders [forwarder_id | forwarder_name] | idle-forwarders max_idle_forwarders] | unicast-data-sender]
Syntax Description
Defaults
The idle-forwarders max_idle_forwarders default is 3.
Command Modes
EXEC
Usage Guidelines
Cisco Internet Streamer Release 2.4 software supports multicast file transfer features that enhance the reliability and performance of multicast file distribution. Previously, the file transfer session depended on a window of time to resend the missing packets. The sender had to transmit the packets within this window of time for each retransmission request (NACK) from receiver SEs. If a multicast receiver joined the session too late and missed blocks of data that were outside the transmission window, the sender would not resend the missing blocks. The receiver could not receive the entire file, and the transmission failed. The receiver had to wait until a subsequent carousel pass to recover the missed files. The receiver could only receive the entire file or nothing. A slow receiver often failed to receive a large file if the receiving rate lagged behind the sending rate.
The multicast file transfer enhancements resolve these issues by eliminating the window of time for file transmissions. This feature is called checkpoint. Checkpoint allows the sender to divide the transferring file into blocks and to retransmit any and all blocks until the transfer session ends. At any time during the transfer session, a receiver can request retransmission of any block that it has missed. Also, receiver SEs can receive the blocks of a transfer in any order. Data transmission can occur over a longer period, and receivers can recover missed data blocks to successfully complete the transfer in most situations. File transfers are much more resistant to loss of data.
This feature also solves the problem of a multicast receiver joining a transfer session late. Even if a receiver goes offline and restarts during a transfer, it can recover missing data without requesting retransmission of the blocks that it has already received.
Examples
Table 2-53 describes the fields shown in the show statistics distribution unicast-data-receiver display.
Related Commands
clear
show distributionshow statistics flash-media-streaming
To display the statistics for Flash Media Streaming, use the show statistics flash-media-streaming EXEC command.
show statistics flash-media-streaming [connections | dvrcast | errors | livestats | performance | requests]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The following example displays the statistics for Flash Media Streaming:
ServiceEngine#show statistics flash-media-streamingFlash Media Streaming StatisticsStatistics have not been cleared since last Flash Media Streaming startsConnections-----------Current : 0Current VOD : 0Current LIVE : 0Current DVRCast : 0Max Concurrent : 0Total : 0Total VOD Req : 0Total LIVE Req : 0Total DVRCast Req : 0Total Other Proxy Req: 0Live Streaming-----UpStream BW : 0 KbpsDownStream BW : 0 KbpsUpStream Bytes : 0DownStream Bytes : 0Num of Instance Load : 0DVRCast Streaming-----UpStream BW : 0 KbpsDownStream BW : 0 KbpsUpStream Bytes : 0DownStream Bytes : 0Num of Instance Load : 0Flash Video Cache Statistics-----------Hits : 0Misses : 0Released : 0Bytes in cache : 0Bytes in use : 0Performance-----------Server Up Time : 0 SMem Usage : 0 %Max Mem Usage : 0 %Cache-----Cache Hit : 0Cache Miss : 0Proxy Case : 0Cache Hit Percentage : 0.00 %Preposition-----------Preposition Hit : 0Bytes Served-----------Total Server Bytes : 0Local Disk Reads : 0HTTP Based Reads : 0Bytes From Local Disk: 0Bytes Through HTTP : 0Rules-----------Action Allow : 0Action Block : 0Validate url Sign : 0Errors : 0Auth Server Allow : 0Auth Server Deny : 0Error-----Invalid Error : 0Server Error : 0Media Not Found : 0Media Unauthorize : 0Invalid Request : 0Related Commands
flash-media-streaming
show flash-media-streamingshow statistics http
To display SE HTTP statistics, use the show statistics http EXEC command.
show statistics http {ims | object | pcmm | performance | requests | rule}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-54 describes the fields shown in the show statistics http ims displays.
Table 2-54 show statistics http ims Field Descriptions
Total Issued
Range Issued
Responses
Fresh
Revalid
Partial Fresh
Table 2-55 describes the fields shown in the show statistics http object displays.
Table 2-56 describes the fields shown in the show statistics http pcmm displays.
Table 2-56 show statistics http pcmm Field Descriptions
No: of Icap Request
No: of Signature Generation
No: of Signature Validation
Table 2-57 describes the fields shown in the show statistics http performance displays.
Table 2-57 show statistics http performance Field Descriptions
Total Accesses
Total kBytes
Request Per Second
kBytes Per Second
kBytes Per Request
Table 2-58 describes the fields shown in the show statistics http requests displays.
Related Commands
clear
show ftpshow statistics icap
To display Internet Content Adaptation Protocol (ICAP)-related statistics for the SE, use the show statistics icap EXEC command.
show statistics icap
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-59 describes the fields shown in the show statistics icap display.
Related Commands
icap
show statistics icmp
To display SE Internet Control Message Protocol (ICMP) statistics, use the show statistics icmp EXEC command.
show statistics icmp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
ICMP messages are sent in several situations, such as when a datagram cannot reach its destination, when the gateway does not have the buffering capacity to forward a datagram, and when the gateway can direct the host to send traffic on a shorter route. The purpose of these control messages is to provide feedback about problems in the communication environment, not to make IP reliable. There is still no guarantee that a datagram will be delivered or a control message will be returned. Some datagrams may still be undelivered without any report of their loss.
The ICMP messages typically report errors in the processing of datagrams. To avoid the infinite regress of messages about messages, no ICMP messages are sent about ICMP messages. Also, ICMP messages are only sent about errors in handling fragment zero of fragmented datagrams.
ICMP messages are sent using the basic IP header. The first octet of the data portion of the datagram is on a ICMP type field; the value of this field determines the format of the remaining data.
Many of the type fields contain more specific information about the error condition identified by a code value. ICMP messages have two types of codes:
•
Query
•
Queries contain no additional information because they ask for information and will show a value of 0 in the code field. ICMP uses the queries as shown in Table 2-60.
Error messages give specific information and have varying values that further describe conditions. Error messages always include a copy of the offending IP header and up to 8 bytes of the data that caused the host or gateway to send the error message. The source host uses this information to identify and fix the problem reported by the ICMP error message. ICMP uses the error messages as shown in Table 2-61.
Table 2-61 Errors
Destination Unreachable
3
Source Quench
4
Redirect
5
Time Exceeded
11
Parameter Problems
12
Examples
Table 2-62 describes the fields shown in the show statistics icmp display.
Related Commands
clear
show statistics ip
To display SE IP statistics, use the show statistics ip EXEC command.
show statistics ip
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-63 describes the fields shown in the show statistics ip display.
Related Commands
clear statistics ip
ip
show ip routesshow statistics movie-streamer
To display statistics for the Movie Streamer, use the show statistics movie-streamer EXEC command.
show statistics movie-streamer {all | bw-usage | error | performance | requests | rule}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The following example shows all the Movie Streamer statistics:
ServiceEngine#show statistics movie-streamer allMovie Streamer Request StatisticsTotal---------------------------------------------------Current RTSP Sessions: 3400Total RTSP Sessions: 283299Current RTP Connections: 2739Total RTP Connections: 282885CDN Related Statistics--------Preposition Hits: 0Cache Hits: 0Cache Miss: 0Live Requests: 283299Cache Revalidation Statistics--------Fresh Content Requests: 0Revalidated Requests: 0Movie Streamer Bandwidth Usage StatisticsTotal---------------------------------------------------Current Incoming Bandwidth: 0 bpsCurrent Outgoing Bandwidth: 3921755 bpsCurrent Total Bandwidth: 3921755 bpsAverage Incoming Bandwidth: 475217 bpsAverage Outgoing Bandwidth: 13038460 bpsAverage Total Bandwidth: 13513677 bpsBy Type of Connection--------Unicast Incoming Bandwidth: 0 bpsMulticast Incoming Bandwidth: 0 bpsUnicast Outgoing Bandwidth: 3816953 bpsMulticast Outgoing Bandwidth: 0 bpsBy Type of Content--------Live Incoming Bandwidth: 0 bpsVOD Incoming Bandwidth: 0 bpsLive Outgoing Bandwidth: 3816953 bpsVOD Outgoing Bandwidth: 0 bpsOverall Traffic--------Incoming Bytes: 709316834819 BytesOutgoing Bytes: 62627648126402 BytesTotal Bytes: 63336964961221 BytesIncoming Packets: 652577871Outgoing Packets: 191008363529Total Packets: 191660941400Movie Streamer Error StatisticsTotalServer Error--------Internal Error: 0Not Implemented: 0Server Unavailable: 0Gateway Timeout: 0Others: 0Client Error--------Bad Request: 0File Not Found: 6Session Not Found: 0Method Not Allowed: 0Not Enough Bandwidth: 0Client Forbidden: 0Others: 0Movie Streamer Performance StatisticsTotal---------------------------------------------------CPU Usage: 0.166702 %Uptime: 254328 secStatistics was last cleared on Monday, 18-May-2009 20:04:42 UTC.The following example shows the Movie Streamer rule statistics:
ServiceEngine#show statistics movie-streamer ruleRTSP Rule Template Statistics================URL Rewrite: 0URL Block: 0Allow: 0Redirect: 0Related Commands
movie-streamer
show movie-streamershow statistics netstat
To display SE Internet socket connection statistics, use the show statistics netstat EXEC command.
show statistics netstat
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-64 describes the fields shown in the show statistics netstat display.
show statistics qos
To display statistics for the QoS policy service, use the show statistics qos EXEC command.
show statistics qos policy-service
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The following example displays the statistics for the QoS policy service:
ServiceEngine#show statistics qos policy-serviceCamiant CDN-AM Policy Service Statistics----------------------------------------Application : WMTProtocol : RTSPPLAY : 0PAUSE : 0STOP : 0Protocol : HTTPPLAY : 0PAUSE : 0STOP : 0Application : WEB-ENGINEProtocol : HTTPPLAY : 0STOP : 0Errors : 0Related Commands
qos
show qosshow statistics radius
To display SE RADIUS authentication statistics, use the show statistics radius EXEC command.
show statistics radius
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The fields in the show statistics radius display are as follows:
•
•
•
•
•
•
Related Commands
clear
radius-server
show radius-servershow statistics replication
To display delivery service replication status and related statistical data, use the following show statistics replication EXEC command.
On the CDSM:
show statistics replication {content-items {selected-delivery-service delivery-service-name} | delivery-service [selected-delivery-service delivery-service-name] | item url | service engines {selected-delivery-service delivery-service-name}}
On the SE:
show statistics replication {content-items content-name | selected-delivery-service delivery-service-name}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The show statistics replication command displays the delivery service replication status on the CDSM and the SE and shows the progressive file count status during acquisition and replication.
Examples
Table 2-65 describes the fields shown in the show statistics replication displays.
show statistics service-router
To display service router statistics, use the show statistics service-router EXEC command.
show statistics service-router {all | content-origin name | dns | history | keepalive | se name | summary}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Related Commands
service-router
show service-routershow statistics services
To display SE services statistics, use the show statistics services EXEC command.
show statistics services
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-66 describes the fields shown in the show statistics services display.
Related Commands
show services
show statistics snmp
To display SE Simple Network Management Protocol (SNMP) statistics, use the show statistics snmp EXEC command.
show statistics snmp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-67 describes the fields shown in the show statistics snmp display.
Related Commands
show snmp
snmp-server access-list
snmp-server community
snmp-server contact
snmp-server enable
snmp-server group
snmp-server host
snmp-server location
snmp-server notify
snmp-server usershow statistics tacacs
To display Service Engine TACACS+ authentication and authorization statistics, use the show statistics tacacs EXEC command.
show statistics tacacs
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values
Command Modes
EXEC
Examples
The fields shown in the show statistics tacacs display for the service engine are as follows:
•
•
•
•
•
•
•
•
•
Related Commands
clear
show tacacs
tacacsshow statistics tcp
To display SE Transmission Control Protocol (TCP) statistics, use the show statistics tcp EXEC command.
show statistics tcp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-68 describes the fields shown in the show statistics tcp display.
Related Commands
clear
show tcp
tcpshow statistics transaction-logs
To display SE transaction log export statistics, use the show statistics transaction-logs EXEC command.
show statistics transaction-logs
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To display the transaction log export statistics, you must first configure the FTP server.
Examples
Table 2-69 describes the fields shown in the show statistics transaction-logs display.
Related Commands
clear
show transaction-logging
transaction-log forceshow statistics udp
To display SE User Datagram Protocol (UDP) statistics, use the show statistics udp EXEC command.
show statistics udp
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-70 describes the fields shown in the show statistics udp display.
show statistics wmt
To display the SE Windows Media Technologies (WMT) statistics, use the show statistics wmt EXEC command.
show statistics wmt {all | bytes [incoming | outgoing] | cache | errors | multicast | requests | rule | savings | streamstat [incoming | live | outgoing | stream-id 1-999999] | usage}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The output of the show statistics wmt EXEC command includes information about WMT RTSP requests. For example, the output from the show statistics wmt EXEC command was changed as follows:
•
•
•
•
The live option was added to the show statistics wmt streamstat EXEC command to enable you to display aggregated live statistics. Also, the incoming, outgoing, and stream-id options were added to the show statistics wmt streamstat EXEC command to display statistics of all incoming WMT streams, outgoing WMT streams, and streams with the specified ID.
Configuring the HTTP Allow/Block Rule
For the MMS over HTTP request rule, even though the request is served by WMT, it doesn't increment the statistics. The user needs the statistics for all WMT requests. Now the user can execute the show statistics http rule command as the rules daemon check is done from the HTTP side, and the request is redirected to WMT.
Examples
Table 2-71 describes the fields shown in the show statistics wmt all display.
Related Commands
clear
show wmt
wmtshow tacacs
To display TACACS+ authentication protocol configuration information, use the show tacacs EXEC command.
show tacacs
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The show tacacs command displays the TACACS+ configuration for the Service Engine.
Table 2-72 describes the fields shown in the show tacacs display.
Related Commands
clear
show statistics tacacs
tacacsshow tech-support
To view information necessary for the Cisco Technical Assistance Center (TAC) to assist you, use the show tech-support EXEC command.
show tech-support list-files directory name
show tech-support [page]
show tech-support service authentication [acquisition-distribution | cms | flash-media-streaming | http | icap | kernel | movie-streamer | rules | wmt]
show tech-support service cms [acquisition-distribution | authentication | flash-media-streaming | http | icap | kernel | movie-streamer | rules | wmt]
show tech-support service flash-media-streaming [acquisition-distribution | authentication | cms | http | icap | kernel | movie-streamer | rules | wmt]
show tech-support service http [acquisition-distribution | authentication | cms | flash-media-streaming | icap | kernel | movie-streamer | rules | wmt]
show tech-support service icap [acquisition-distribution | authentication | cms | flash-media-streaming | http | kernel | movie-streamer | rules | wmt]
show tech-support service kernel [acquisition-distribution | authentication | cms | flash-media-streaming | http | icap | movie-streamer | rules | wmt]
show tech-support service movie-streamer [acquisition-distribution | authentication | cms | flash-media-streaming | http | icap | kernel | rules | wmt]
show tech-support service rules [acquisition-distribution | authentication | cms | flash-media-streaming | http | icap | kernel | movie-streamer | wmt]
show tech-support service wmt [acquisition-distribution | authentication | cms | flash-media-streaming | http | icap | kernel | movie-streamer | rules]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use this command to view system information necessary for TAC to assist you with your SE. We recommend that you log the output to a disk file. Use the streaming option to view information specific to the streaming feature.
The following types of information are available when using the streaming option with the show tech-support command.
General Information
You can access the following general information when you enter the show tech-support command:
•
•
•
•
•
•
•
•
•
•
Information Common to WMT and RTSP
Information that is common to both WMT and RTSP is as follows:
•
•
•
•
•
•
•
Information Specific to WMT
Information that is specific to WMT is as follows:
•
•
Information Specific to RTSP
Information that is specific to RTSP is as follows:
•
Examples
The following example shows the types of information available about the CDS software. Because the show tech-support command output is comprehensive and can be extensive, only excerpts are shown in the following example.
ServiceEngine#show tech-supportCPU Usage:cpu: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idlecpu0: 0.39% User, 0.42% System, 0.33% User(nice), 98.86% Idle--------------------------------------------------------------------PID STATE PRI User T SYS T COMMAND----- ----- --- ------ ------ --------------------1 S 0 4386 1706 (init)2 S 0 0 0 (keventd)3 S 19 0 0 (ksoftirqd_CPU0)4 S 0 0 0 (kswapd)5 S 0 0 0 (bdflush)6 S 0 0 0 (kupdated)7 S 0 0 0 (scsi_eh_0)45 S 0 4733 4114 (nodemgr)46 S 0 0 0 (syslogd)47 R 0 83 65 (dataserver)920 S 0 0 0 (login)1207 S 0 0 0 (parser_server)1208 S 0 0 0 (eval_timer_mana)1211 S 0 46 1 (parser_server)1443 S 0 0 0 (overload)1444 S 0 0 0 (standby)1445 S 0 13 29 (cache)1446 S 0 0 0 (proxy_poll)1447 S 0 0 0 (snmpced)1448 S 0 0 0 (http_authmod)1458 S 0 0 0 (http_authmod)1465 S 0 0 0 (http_authmod)1466 S 0 0 0 (http_authmod)1467 S 0 0 0 (http_authmod)1537 S 0 0 0 (cache)1538 S 0 0 0 (unified_log)1540 S 0 0 1 (webserver)1541 S 0 2 2 (mcm)1542 S 0 0 0 (cache)1543 S 0 0 0 (cache)1550 S 0 0 0 (cache)1551 S 0 0 0 (cache)1556 S 0 0 0 (cache)1567 S 0 0 0 (mcm)1568 S 0 0 0 (mcm)1629 S 0 18982 4140 (crond)1936 S 0 1669 611 (bootnet)1937 S 10 0 0 (tracknet)1938 S 10 33545 5556 (checkup)1983 S 0 0 0 (srcpd)2023 S 0 1 0 (admin-shell)2024 S 0 0 0 (parser_server)2150 S 0 0 0 (rsvpd)2152 S 0 0 0 (rtspd)2153 S 0 1635 1067 (httpsd)2164 S 0 0 0 (librarian)2167 S 0 1667 2105 (libaux)2170 S 0 0 0 (mapper)2178 S 0 32 37 (cache)2179 S 0 0 0 (router)2180 S 0 0 0 (fill)2183 S 0 0 0 (remotereq)2185 S -20 0 0 (videosvr)2188 S 0 9 4 (contentsvr)2189 S 0 0 0 (routeraux)2190 S 0 0 1 (dfcontrolsvr)2226 S 0 0 0 (smbd)2228 S 0 0 0 (nmbd)2973 Z 0 0 0 (cache)8446 S 0 0 0 (httpsd)8447 S 0 0 0 (gcache)18173 S 0 0 0 (in.telnetd)18174 S 0 0 0 (login)18175 S 0 2 2 (admin-shell)18176 S 0 0 0 (parser_server)19426 S 0 0 0 (httpsd)19427 S 0 0 0 (httpsd)19456 Z 0 0 0 (cache)19503 Z 0 30 3 (crond)19515 S 0 0 0 (more)19516 S 0 6 18 (exec_show_tech-)19553 R 0 0 0 (exec_show_proce)------------------ process memory --------------------Total Used Free Shared Buffers Cached1050943488 564785152 486158336 0 5222400 475176960PID State TTY %MEM VM Size RSS (pages) Name------ ----- ------ ----- ---------- ----------- ----1 S 0 0.0 1146880 119 (init)2 S 0 0.0 0 0 (keventd)3 S 0 0.0 0 0 (ksoftirqd_CPU0)4 S 0 0.0 0 0 (kswapd)5 S 0 0.0 0 0 (bdflush)6 S 0 0.0 0 0 (kupdated)7 S 0 0.0 0 0 (scsi_eh_0)45 S 0 0.0 1208320 143 (nodemgr)46 S 0 0.0 1630208 194 (syslogd)47 R 0 0.0 1974272 238 (dataserver)920 S 1088 0.0 1728512 236 (login)1207 S 0 0.3 4980736 847 (parser_server)1208 S 0 0.0 1933312 151 (eval_timer_mana)1211 S 0 0.3 4980736 847 (parser_server)1443 S 0 0.0 1548288 154 (overload)1444 S 0 0.0 1724416 161 (standby)1445 S 0 5.9 65646592 15266 (cache)1446 S 0 0.0 1957888 173 (proxy_poll)1447 S 0 0.1 2097152 290 (snmpced)1448 S 0 0.0 1757184 205 (http_authmod)1458 S 0 0.0 1757184 205 (http_authmod)1465 S 0 0.0 1757184 205 (http_authmod)1466 S 0 0.0 1757184 205 (http_authmod)1467 S 0 0.0 1757184 205 (http_authmod)1537 S 0 5.9 65646592 15266 (cache)1538 S 0 0.0 1789952 169 (unified_log)1540 S 0 0.4 10817536 1164 (webserver)1541 S 0 0.0 2150400 251 (mcm)1542 S 0 5.9 65646592 15266 (cache)1543 S 0 5.9 65646592 15266 (cache)1550 S 0 5.9 65646592 15266 (cache)1551 S 0 5.9 65646592 15266 (cache)1556 S 0 5.9 65646592 15266 (cache)1567 S 0 0.0 2150400 251 (mcm)1568 S 0 0.0 2150400 251 (mcm)1629 S 0 0.0 1187840 137 (crond)1936 S 0 0.6 7532544 1605 (bootnet)1937 S 0 0.2 3215360 545 (tracknet)1938 S 0 0.2 3637248 654 (checkup)1983 S 0 0.3 4374528 838 (srcpd)2023 S 1088 0.0 2146304 182 (admin-shell)2024 S 0 0.3 4980736 847 (parser_server)2150 S 0 0.0 1679360 188 (rsvpd)2152 S 0 0.3 6217728 881 (rtspd)2153 S 0 0.1 2527232 329 (httpsd)2164 S 0 0.3 6533120 990 (librarian)2167 S 0 0.4 7110656 1144 (libaux)2170 S 0 0.3 5955584 863 (mapper)2178 S 0 0.3 6135808 927 (cache)2179 S 0 0.3 6287360 948 (router)2180 S 0 0.3 5955584 926 (fill)2183 S 0 0.3 5832704 852 (remotereq)2185 S 0 0.3 8269824 873 (videosvr)2188 S 0 0.4 7651328 1196 (contentsvr)2189 S 0 0.3 6103040 953 (routeraux)2190 S 0 0.4 10272768 1075 (dfcontrolsvr)2226 S 0 0.1 3559424 504 (smbd)2228 S 0 0.0 2084864 247 (nmbd)2973 Z 0 0.0 0 0 (cache)8446 S 0 0.1 2506752 327 (httpsd)8447 S 0 0.0 1421312 116 (gcache)18173 S 0 0.0 1220608 132 (in.telnetd)18174 S 34816 0.0 1736704 238 (login)18175 S 34816 0.0 2162688 184 (admin-shell)18176 S 0 0.3 4980736 847 (parser_server)19426 S 0 0.1 2551808 350 (httpsd)19427 S 0 0.1 2576384 354 (httpsd)19456 Z 0 0.0 0 0 (cache)19503 Z 0 0.0 0 0 (crond)19515 S 34816 0.0 1163264 109 (more)19516 S 34816 0.0 1941504 168 (exec_show_tech-)19554 R 34816 0.1 2277376 266 (exec_show_proce)------------------ system memory --------------------Total physical memory : 1026312 KBTotal free memory : 474692 KBTotal memory shared : 0 KBTotal buffer memory : 5100 KBTotal cached memory : 464040 KB------------------ interfaces --------------------Interface type: GigabitEthernet Slot: 0 Port: 0Type:EthernetEthernet address:00:05:32:02:DD:74Internet address:172.16.5.234Netmask:255.255.255.0Maximum Transfer Unit Size:1500Metric:1Packets Received: 513241Input Errors: 0Input Packets Dropped: 0Input Packets Overruns: 0Input Packets Frames: 0Packet Sent: 153970Output Errors: 0Output Packets Dropped: 0Output Packets Overruns: 0Output Packets Carrier: 0Output Queue Length:100Collisions: 0Interrupts:9MULTICASTMode:autoselect, 100baseTXshow telnet
To display the Telnet services configuration, use the show telnet EXEC command.
show telnet
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
EXEC
Examples
The following example displays the Telnet service details:
ServiceEngine#show telnettelnet service is enabledRelated Commands
exec-timeout
telnet enableshow transaction-logging
To display the transaction log configuration settings and a list of archived transaction log files, use the show transaction-logging EXEC command.
show transaction-logging
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
To display information about the current configuration of transaction logging on an SE, use the show transaction-logging EXEC command. Transaction log file information is displayed for HTTP and WMT caching proxy transactions and TFTP and ICAP transactions.
Examples
The following example displays information about the current configuration of transaction logging on an SE:
ServiceEngine#show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.Archive interval: 1800 secondsMaximum size of archive file: 2000000 KBMaximum number of archive files: 50 filesLog File format is apache.Windows domain is not logged with the authenticated usernameExporting files to ftp servers is enabled.File compression is disabled.Export interval: 30 minutesserver type username directory10.77.153.110 ftp root /var/ftp/testWMT MMS Caching Proxy/Server Transaction Log File InfoWorking Log file - size : 556age: 483497Archive Log file - mms_export_3.1.18.8_20090522_074807 size: 556WMT MMS Caching Proxy/Server Transaction Log File Info (WMS-90 format)Working Log file - size : 665age: 483497Archive Log file - mms_export_wms_90_3.1.18.8_20090522_074807 size: 665WMT MMS Caching Proxy/Server Transaction Log File Info (Ext. WMS-90 format)Working Log file - size : 702age: 483497Archive Log file - mms_export_e_wms_90_3.1.18.8_20090522_074807 size: 702WMT MMS Caching Proxy/Server Transaction Log File Info (Ext. WMS-41 format)Working Log file - size : 584age: 483497Archive Log file - mms_export_e_wms_41_3.1.18.8_20090522_074807 size: 584A&D Transaction Log File InfoWorking Log file - size : 138age: 483497Archive Log file - acqdist_3.1.18.8_20090522_074807 size: 138Movie Streamer Transaction Log File InfoWorking Log file - size : 488age: 482196Archive Log file - movie-streamer_3.1.18.8_20090522_062602 size: 648Archive Log file - movie-streamer_3.1.18.8_20090522_064309 size: 805Archive Log file - movie-streamer_3.1.18.8_20090522_065857 size: 645Archive Log file - movie-streamer_3.1.18.8_20090522_070038 size: 648Archive Log file - movie-streamer_3.1.18.8_20090522_074807 size: 645Archive Log file - movie-streamer_3.1.18.8_20090522_080016 size: 648Archive Log file - movie-streamer_3.1.18.8_20090523_030829 size: 645ICAP Transaction Log File InfoWorking Log file - size : 61age: 483496Archive Log file - icap_3.1.18.8_20090522_074807 size: 61Web Engine Transaction Log File Info - Apache formatWorking Log file - size : 86age: 483497Archive Log file - we_accesslog_apache_3.1.18.8_20090522_074807 size: 82Web Engine Transaction Log File Info - CLF formatWorking Log file - size : 3age: 483497Archive Log file - we_accesslog_clf_3.1.18.8_20090522_074807 size: 3Web Engine Transaction Log File Info - Extended Squid formatWorking Log file - size : 102age: 483497Archive Log file - we_accesslog_extsqu_3.1.18.8_20090522_074807 size: 102Cached Content Log File InfoWorking Log file - size : 41age: 483496Archive Log file - cache_content_3.1.18.8_20090522_074807 size: 41Flash Media Streaming Access Transaction Log File InfoWorking Log file - size : 36age: 482196Archive Log file - fms_access_3.1.18.8_20090522_062602 size: 650Archive Log file - fms_access_3.1.18.8_20090522_064309 size: 509Archive Log file - fms_access_3.1.18.8_20090522_065857 size: 650Archive Log file - fms_access_3.1.18.8_20090522_074807 size: 509Archive Log file - fms_access_3.1.18.8_20090522_080016 size: 509Archive Log file - fms_access_3.1.18.8_20090523_030830 size: 650Flash Media Streaming Authorization Transaction Log File InfoWorking Log file - size : 43age: 482196Archive Log file - fms_auth_3.1.18.8_20090522_062602 size: 4826Archive Log file - fms_auth_3.1.18.8_20090522_063036 size: 281Archive Log file - fms_auth_3.1.18.8_20090522_064309 size: 596Archive Log file - fms_auth_3.1.18.8_20090522_065857 size: 4789Archive Log file - fms_auth_3.1.18.8_20090522_070038 size: 277Archive Log file - fms_auth_3.1.18.8_20090522_074807 size: 596Archive Log file - fms_auth_3.1.18.8_20090523_030830 size: 4790Authserver Transaction Log File InfoWorking Log file - size : 108age: 483496Archive Log file - authsvr_3.1.18.8_20090522_065857 size: 108ServiceEngine#The following example displays information about the current configuration of transaction logging on an SR:
ServiceRouter#show transaction-loggingTransaction log configuration:---------------------------------------Logging is enabled.Archive interval: 120 secondsMaximum size of archive file: 2000000 KBMaximum number of archive files: 50 filesExporting files to ftp servers is enabled.File compression is disabled.Export interval: 1 minuteserver type username directory10.74.115.12 sftp xinwwang /workspace/xinwwang/test10.74.124.156 sftp root /root/test10.74.124.157 sftp root /root/test171.71.50.162 sftp root /testService Router Log File InfoWorking Log file - size : 96age: 169813Archive Log file - service_router_3.1.14.70_20090421_222006 size: 256Archive Log file - service_router_3.1.14.70_20090422_020038 size: 223Archive Log file - service_router_3.1.14.70_20090422_210022 size: 351Archive Log file - service_router_3.1.14.70_20090423_020006 size: 1248Archive Log file - service_router_3.1.14.70_20090423_210021 size: 456Archive Log file - service_router_3.1.14.70_20090521_000218 size: 402Archive Log file - service_router_3.1.14.70_20090521_014815 size: 243Archive Log file - service_router_3.1.14.70_20090521_015020 size: 225Archive Log file - service_router_3.1.14.70_20090521_015227 size: 243Archive Log file - service_router_3.1.14.70_20090521_015417 size: 272Archive Log file - service_router_3.1.14.70_20090521_015601 size: 390Archive Log file - service_router_3.1.14.70_20090521_015816 size: 243Archive Log file - service_router_3.1.14.70_20090521_020033 size: 243Archive Log file - service_router_3.1.14.70_20090521_020249 size: 143Archive Log file - service_router_3.1.14.70_20090521_032633 size: 168Archive Log file - service_router_3.1.14.70_20090526_025027 size: 143Archive Log file - service_router_3.1.14.70_20090526_030002 size: 176Archive Log file - service_router_3.1.14.70_20090526_030226 size: 250Archive Log file - service_router_3.1.14.70_20090526_052206 size: 250Archive Log file - service_router_3.1.14.70_20090526_052413 size: 143Archive Log file - service_router_3.1.14.70_20090526_200213 size: 168Archive Log file - service_router_3.1.14.70_20090526_200413 size: 481Archive Log file - service_router_3.1.14.70_20090526_200645 size: 173Archive Log file - service_router_3.1.14.70_20090526_201010 size: 250Related Commands
clear
clear
show statistics transaction-logs
transaction-log forceshow url-signature
To display the URL signature information, use the show url-signature EXEC command.
show url-signature
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The following example displays the URL signature information:
ServiceEngine#show url-signaturekey-id-owner key-id-number key-------------------------------show user
To display the user identification number and username information for a particular user, use the show user EXEC command.
show user {uid number | username name}
Syntax Description
uid
Displays the user's identification number.
number
Identification number (0-65535).
username
Displays the name of user.
name
Name of the user.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-73 describes the fields shown in the show user display.
Related Commands
clear
show users
usernameshow users
To display users, use the show users EXEC command.
show users administrative
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
The following example displays the list of users with administrative privileges:
ServiceEngine#show users administrativeUID USERNAME0 adminRelated Commands
clear
show user
usernameshow version
To display version information about the SE software, use the show version EXEC command.
show version
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Examples
Table 2-74 describes the fields shown in the show version display.
show wmt
To display Windows Media Technologies (WMT) bandwidth and proxy mode configuration, use the show wmt EXEC command.
show wmt [bandwidth [incoming bypass-list] | detail | diagnostics {header-info {stream-file word | nsc-file .nsc-filename} | network-trace word} http allow extension]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
You can access the following three WMT diagnostic tools through the SE CLI:
•
•
•
The mmsdig tool does not currently support decoding for RTSP, RTP, and RTCP.
Examples
The following example shows sample output of the show wmt diagnostics header-info stream-file EXEC command. In this example, this command is used to display the headers of a .wmv file named 256.wmv.
ServiceEngine# show wmt diagnostics header-info stream-file 256.wmvStart dumping ASF header objects...Obj: ASF_Header_Object (size 30)Header Len: 5342Header Num Of Objs: 8Obj: ASF_File_Properties_Object (size 104)file_size: 429275084creation_time: 128208475755620000packet_count: 53656play_duration: 36050290000send_duration: 35992950000preroll: 5000flags: 2min_pktsize: 8000max_pktsize: 8000min_bitrate: 1003200Obj: ASF_Stream_Properties_Object (size 114)time_offset: 0stream_type: ASF_Audio_Mediaecc_type: ASF_Audio_Spreadtype_data_len: 28ecc_data_len: 8flags: 0x0001 (stream #: 1)ASF type specific data: --------id_tag: 161 num_channels: 2sample_per_sec: 48000 bytes_per_sec: 15875block_align: 2032 bits_per_sample: 16codec_data(size: 10):0x00 0x88 0x00 0x00 0x0f 0x00 0xf0 0x070x00 0x00ASF Ecc data: --------span: 1packet_len: 2032 chunk_len: 2032silence_data (1 bytes): 0x00Obj: ASF_Stream_Properties_Object (size 133)time_offset: 0stream_type: ASF_Video_Mediaecc_type: ASF_No_Error_Correctiontype_data_len: 55ecc_data_len: 0flags: 0x0002 (stream #: 2)ASF type specific data: --------image_width: 320 image_height: 240flags: 2 data_size: 44width: 320 height: 240bits_per_pixel: 24 compression_id: 861293911data_size: 44 image_size: 0h_pixels_per_meter: 0 v_pixels_per_meter: 0color_count: 0 important_color_count: 0codec_data (4 bytes): 0x4e 0xd9 0x1a 0x01Obj: ASF_Extended_Content_Description_Object (size 208)Obj: ASF_Content_Description_Object (size 42)title:author:copyright:description:rating:Obj: ASF_Stream_Bitrate_Properties_Object (size 38)bitrate record count: 2# 0: flags = 0x0001, bitrate = 129550# 1: flags = 0x0002, bitrate = 873650Obj: ASF_Codec_List_Object (size 252)codec_list_entry count: 2entry # 0:name = Windows Media Audio 9.1description = 127 kbps, 48 kHz, stereo Low Delay 1-pass CBR0x61 0x01entry # 1:name = Windows Media Video 9description =0x57 0x4d 0x56 0x33Obj: ASF_Header_Extension_Object (size 4421)Obj: ASF_Language_List_Object (size 39)Obj: ASF_Extended_Stream_Properties_Object (size 88)Obj: ASF_Extended_Stream_Properties_Object (size 110)Obj: ASF_Compatibility_Object (size 26)Obj: ASF_Metadata_Object (size 224)Obj: ASF_Padding_Object (size 3850)Obj: ASF_GUID_Invalid/Unknown_Object (size 38)0x20 0xde 0xaa 0xd9 0x17 0x7c 0x9c 0x4f0xbc 0x28 0x85 0x55 0xdd 0x98 0xe2 0xa2Obj: ASF_Data_Object (size 50)data_size: 429248050packet_count: 53656The following example shows an excerpt of sample output from the show wmt diagnostics header-info nsc-file EXEC command. In this example, this command is used to display the headers of the .nsc file named live1.nsc.
ServiceEngine# show wmt diagnostics header-info nsc-file live1.nscPress Ctrl-C to abort, if no information is shown within 30 secs.========Dumping NSC file - live1.nsc========[Address]Name=(null)NSC Format Version=3.0Multicast Adapter=(null)IP Address=224.2.2.3IP Port=96Time To Live=15Default Ecc=10Log URL=http://kinslive.spcdn.net/live1.nsclogUnicast URL=rtsp://kinslive.spcdn.net/live1Allow Splitting=1Allow Caching=1Cache Expiration Time=86400[Formats]Format1=[Binary data skipped], len = 5316, key = 1111--------Now trying to dump ASF header(0)--------Obj: ASF_Header_Object (size 30)Header Len: 5266Header Num Of Objs: 8Obj: ASF_File_Properties_Object (size 104)file_size: 5268creation_time: 128880472543590000packet_count: 4294967295play_duration: 0send_duration: 0preroll: 5000flags: 9min_pktsize: 8000max_pktsize: 8000min_bitrate: 1003200Obj: ASF_Stream_Properties_Object (size 114)time_offset: 0stream_type: ASF_Audio_Mediaecc_type: ASF_Audio_Spreadtype_data_len: 28ecc_data_len: 8flags: 0x0001 (stream #: 1)ASF type specific data: --------id_tag: 161 num_channels: 2sample_per_sec: 48000 bytes_per_sec: 15875block_align: 2032 bits_per_sample: 16codec_data(size: 10):0x00 0x88 0x00 0x00 0x0f 0x00 0xf0 0x070x00 0x00ASF Ecc data: --------span: 1packet_len: 2032 chunk_len: 2032silence_data (1 bytes): 0x00Obj: ASF_Stream_Properties_Object (size 133)time_offset: 0stream_type: ASF_Video_Mediaecc_type: ASF_No_Error_Correctiontype_data_len: 55ecc_data_len: 0flags: 0x0002 (stream #: 2)ASF type specific data: --------image_width: 320 image_height: 240flags: 2 data_size: 44width: 320 height: 240bits_per_pixel: 24 compression_id: 861293911data_size: 44 image_size: 0h_pixels_per_meter: 0 v_pixels_per_meter: 0color_count: 0 important_color_count: 0codec_data (4 bytes): 0x4e 0xd9 0x1a 0x01Obj: ASF_Stream_Bitrate_Properties_Object (size 38)bitrate record count: 2# 0: flags = 0x0001, bitrate = 129550# 1: flags = 0x0002, bitrate = 873650Obj: ASF_Extended_Content_Description_Object (size 164)Obj: ASF_Codec_List_Object (size 252)codec_list_entry count: 2entry # 0:name = Windows Media Audio 9.1description = 127 kbps, 48 kHz, stereo Low Delay 1-pass CBR0x61 0x01entry # 1:name = Windows Media Video 9description =0x57 0x4d 0x56 0x33Obj: ASF_Error_Correction_Object (size 48)ecc type: ASF_Error_Correction_Defaultdata_len: 4ecc span: 10Obj: ASF_Header_Extension_Object (size 4383)Obj: ASF_Language_List_Object (size 39)Obj: ASF_Extended_Stream_Properties_Object (size 88)Obj: ASF_Extended_Stream_Properties_Object (size 110)Obj: ASF_Compatibility_Object (size 26)Obj: ASF_Metadata_Object (size 224)Obj: ASF_Padding_Object (size 3850)Obj: ASF_Data_Object (size 50)data_size: 50packet_count: 0Some of the fields are common between the command output from the show wmt diagnostics header-info stream-file and show wmt diagnostics header-info nsc-file EXEC commands.
The following example shows the WMT server configurations, the WMT HTTP configurations, and the WMT proxy configurations for the SE. The output of the show wmt and show wmt detail commands is identical.
ServiceEngine#show wmt--------- WMT Server Configurations -----------------WMT is enabledWMT disallowed client protocols: httpWMT bandwidth platform limit: 2000000 Kbits/secWMT outgoing bandwidth configured is 2000000 Kbits/secWMT incoming bandwidth configured is 2000000 Kbits/secWMT max sessions configured: 400WMT max sessions platform limit: 14000WMT max sessions enforced: 400 sessionsWMT max outgoing bit rate allowed per stream has no limitWMT max incoming bit rate allowed per stream has no limitWMT cache is enabledWMT cache max-obj-size: 10000 MBWMT cache revalidate for each request is enabledWMT cache age-multiplier: 100%WMT cache min-ttl: 75 minutesWMT cache max-ttl: 7 daysWMT debug client ip not setWMT debug server ip not setWMT accelerate live-split is enabledWMT accelerate proxy-cache is enabledWMT accelerate VOD is enabledWMT fast-start is enabledWMT fast-start max. bandwidth per player is 65535 (Kbps)WMT fast-cache is enabledWMT fast-cache acceleration factor is 65535WMT maximum data packet MTU (TCP) enforced is 1472 bytesWMT maximum data packet MTU (UDP) is 16000 bytesWMT client idle timeout is 300 secondsWMT forward logs is enabledWMT server inactivity-timeout is 65535WMT Transaction Log format is Windows Media Services 9.0 logging and SE specificinformationRTSP Gateway incoming port 554--------- WMT HTTP Configurations -------------------WMT http extensions allowed:asf none nsc wma wmv nsclog--------- WMT Proxy Configurations ------------------Outgoing Proxy-Mode:--------------------MMS-over-HTTP Proxy-Mode:is not configured.RTSP Proxy-Mode:is configured: 2.2.23.19:86ServiceEngine#The following example displays the WMT bandwidth settings configured on an SE:
ServiceEngine# show wmt bandwidthOutgoing bandwidth configured 2000000 kbpsIncoming bandwidth configured 2000000 kbpsIncoming bandwidth configured 50000 kbpsRelated Commands
clear
show statistics wmt
wmtshutdown (interface configuration)
To shut down a specific hardware interface, use the shutdown interface configuration command. To restore an interface to operation, use the no form of this command.
shutdown
no shutdown
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
Interface configuration
Usage Guidelines
See the "interface" section on page 2-123 section for alternative mechanism.
Examples
The following example shows how to shut down an interface configured on an SE:
ServiceEngine(config-if)#shutdownRelated Commands
interface
show interface
show running-config
show startup-configshutdown (EXEC)
To shut down the SE, SR, or CDSM, use the shutdown EXEC command.
shutdown [poweroff]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
A controlled shutdown refers to the process of properly shutting down an SE without turning off the power on the device. With a controlled shutdown, all of the application activities and the operating system are properly stopped on an SE but the power is still on. Controlled shutdowns of an SE can help you minimize the downtime when the SE is being serviced.
The shutdown EXEC command enables you to shut down and optionally power off an SE:
•
•
Caution
Note
The shutdown EXEC command facilitates a proper shutdown for SEs, SRs, or CDSMs. Where the shutdown command is supported on all content networking hardware models, the shutdown poweroff command is supported only on those models that support ACPI.
The shutdown command closes all applications and stops all system activities but keeps the power on. The fans continue to run and the power LED is on, indicating that the device is still powered on. When you enter the shutdown command, you are prompted to save your configuration changes, if any. The device console displays a menu after the shutdown process is completed. You need to log in to the SE using a console to display the following menu:
ServiceEngine#shutdownSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]yesShutting down all services, will timeout in 15 minutes.shutdown in progress ..Halt requested by CLI@ttyS0...........Shutdown successCisco Service Engine ConsoleUsername: adminPassword:================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through softwarePlease select [1-2]:The shutdown poweroff command closes all applications and the operating system, stops all system activities, and turns off the power. The fans stop running and the power LED starts flashing, indicating that the device has been powered off.
Note
Table 2-75 describes the shutdown and shutdown power-off operations for SEs.
You can enter the shutdown EXEC command from a console session or from a remote session (Telnet or SSH version 1 or SSH version 2) to perform a shutdown on an SE.
To perform a shutdown on an SE, enter the shutdown EXEC command as follows:
ServiceEngine# shutdownWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save?[yes]:yesWhen you are asked if you want to proceed with the shutdown, press Enter to proceed with the shutdown operation as follows:
Device can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]The following message appears, reporting that all services are being shut down on this SE:
Shutting down all services, will timeout in 15 minutes.
shutdown in progress ..System halted.After the system is shut down (the system has halted), an Internet Streamer CDS software shutdown shell displays the current state of the system (for example, "System has been shut down") on the console. You are asked whether you want to perform a software power off (the Power down system by software option), or if you want to reload the system through the software.
================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through softwareTo power down the SE, press and hold the power button on the SE, or use one of the following methods to perform a shutdown poweroff:
•
================= SHUTDOWN SHELL =================System has been shut down.You can eitherPower down system by pressing and holding power buttonor1. Reload system through software2. Power down system through software•
ServiceEngine# shutdown poweroffWhen you are asked if you want to save the system configuration, enter yes as follows:
System configuration has been modified. Save?[yes]:yesWhen you are asked to confirm your decision, press Enter.
Device can not be powered on again through software after poweroff.Proceed with poweroff?[confirm]Shutting down all services, will timeout in 15 minutes.poweroff in progress ..Power down.Examples
The following example shows that the shutdown command is used to close all applications and stop all system activities:
ServiceEngine1# shutdownSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after shutdown.Proceed with shutdown?[confirm]Shutting down all services, will timeout in 15 minutes.shutdown in progress ..System halted.The following example shows that the shutdown poweroff command is used to close all applications, stop all system activities, and then turn off power to the SE:
ServiceEngine2# shutdown poweroffSystem configuration has been modified. Save?[yes]:yesDevice can not be powered on again through software after poweroff.Proceed with poweroff?[confirm]Shutting down all services, will timeout in 15 minutes.poweroff in progress ..Power down.snmp-server community
To configure the community access string to permit access to the Simple Network Management Protocol (SNMP), use the snmp-server community command in global configuration mode. To remove the specified community string, use the no form of this command.
snmp-server community community-string [group group name | rw]
no snmp-server community community-string [group group name | rw]
Syntax Description
Defaults
An SNMP community string permits read-only access to all MIB objects.
A community string is assigned to the Secure Domain Router (SDR) owner.
Command Modes
Global configuration
Usage Guidelines
To use this command, you must be in a user group associated with a task group that includes the proper task IDs. Use the snmp-server community command to configure the community access string to permit access to SNMP. To remove the specified community string, use the no form of this command.
Note
Examples
The following example shows how to add the community comaccess:
ServiceEngine(config)#snmp-server community comaccess rwThe following example shows how to remove the community comaccess:
ServiceEngine(config)#no snmp-server community comaccessRelated Commands
snmp-server view
snmp-server contact
To set the system server contact (sysContact) string, use the snmp-server contact global configuration command. To remove the system contact information, use the no form of this command.
snmp-server contact line
no snmp-server contact
Syntax Description
Defaults
No system contact string is set.
Command Modes
Global configuration
Usage Guidelines
The system contact string is the value stored in the MIB-II system group sysContact object.
Examples
The following example shows how to configure a system contact string:
ServiceEngine(config)#snmp-server contact Dial System Operator at beeper # 27345The following example resets the system contact string:
ServiceEngine(config)#no snmp-server contactRelated Commands
show snmp
snmp-server community
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server notify inform
snmp-server user
snmp-server viewsnmp-server enable traps
To enable the SE to send SNMP traps, use the snmp-server enable traps global configuration command. To disable all SNMP traps or only SNMP authentication traps, use the no form of this command.
snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | entity | event | service-engine [disk-fail | disk-read | disk-write | transaction-log] | snmp [authentication | cold-start]]
no snmp-server enable traps [alarm [clear-critical | clear-major | clear-minor | raise-critical | raise-major | raise-minor] | config | entity | event | service-engine [disk-fail | disk-read | disk-write | transaction-log] | snmp [authentication | cold-start]]
Syntax Description
Defaults
This command is disabled by default. No traps are enabled.
Command Modes
Global configuration
Usage Guidelines
You can configure an SE to generate an SNMP trap for a specific alarm condition. You can configure the generation of SNMP alarm traps on SEs based on the following:
•
•
Cisco Internet Streamer Release 2.4 software supports six generic alarm traps. These six generic alarm traps provide SNMP and Node Health Manager integration. Each trap can be enabled or disabled through the SE CLI.
SNMP notifications can be sent as traps or inform requests. The snmp-server enable traps command enables both traps and inform requests for the specified notification types.
To configure traps, you must enter the snmp-server enable traps command. If you do not enter the snmp-server enable traps command, no traps are sent.
If you do not enter an snmp-server enable traps command, no notifications controlled by this command are sent. In order to configure the SE to send these SNMP notifications, you must enter at least one snmp-server enable traps command. If you enter the command with no keywords, all notification types are enabled. If you enter the command with a keyword, only the notification type related to that keyword is enabled. In order to enable multiple types of notifications, you must enter a separate snmp-server enable traps command for each notification type and notification option.
The snmp-server enable traps command is used with the snmp-server host command. Use the snmp-server host command to specify which host or hosts receive SNMP traps. To send traps, you must configure at least one host using the snmp-server host command.
For a host to receive a trap, you must enable both the snmp-server enable traps command and the snmp-server host command for that host.
In addition, you must enable SNMP with the snmp-server community command.
To disable the sending of the MIB-II SNMP authentication trap, you must enter the no snmp-server enable traps snmp authentication command.
Examples
The following example enables the SE to send all traps to the host 172.31.2.160 using the community string public:
ServiceEngine(config)#snmp-server enable trapsServiceEngine(config)#snmp-server host 172.31.2.160 publicThe following example disables all traps:
ServiceEngine(config)#no snmp-server enable trapsRelated Commands
show snmp
snmp-server community
snmp-server contact
snmp-server group
snmp-server host
snmp-server location
snmp-server notify inform
snmp-server user
snmp-server viewsnmp-server group
To define a user security model group, use the snmp-server group global configuration command. To remove the specified group, use the no form of this command.
snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
no snmp-server group name {v1 [notify name] [read name] [write name] | v2c [notify name] [read name] [write name] | v3 {auth [notify name] [read name] [write name] | noauth [notify name] [read name] [write name] | priv [notify name] [read name] [write name]}}
Syntax Description
Defaults
The default is that no user security model group is defined.
Command Modes
Global configuration
Usage Guidelines
The maximum number of SNMP groups that can be created is 10.
Select one of three SNMP security model groups: Version 1 (v1) Security Model, Version 2c (v2c) Security Model, or the User Security Model (v3 or SNMPv3). Optionally, you then specify a notify, read, or write view for the group for the particular security model chosen. The v3 option allows you to specify the group using one of three security levels: auth (AuthNoPriv Security Level), noauth (noAuthNoPriv Security Level), or priv (AuthPriv Security Level).
The Internet Streamer CDS Release 2.4 software supports the following versions of SNMP:
•
•
•
SNMP Security Models and Security Levels
SNMPv1 and SNMPv2c do not have any security (authentication or privacy) mechanisms to keep SNMP packet traffic on the wire confidential. As a result, packets on the wire can be detected and SNMP community strings can be compromised.
To solve the security shortcomings of SNMPv1 and SNMPv2c, SNMPv3 provides secure access to SEs by authenticating and encrypting packets over the network. The SNMP agent in the Internet Streamer CDS Release 2.4 software supports SNMPv3, SNMPv1, and SNMPv2c.
Using SNMPv3, users can securely collect management information from their SNMP agents. Also, confidential information, such as SNMP set packets that change an SE's configuration, can be encrypted to prevent their contents from being exposed on the wire. Also, the group-based administrative model allows different users to access the same SNMP agent with varying access privileges.
Examples
The following example configures the SNMP group name, security model, and notify view on the SE:
ServiceEngine(config)#snmp-server group acme v1 notify mymibRelated Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server host
snmp-server location
snmp-server notify inform
snmp-server user
snmp-server viewsnmp-server host
To specify the recipient of a host SNMP trap operation, use the snmp-server host global configuration command. To remove the specified host, use the no form of this command.
snmp-server host {hostname | ip-address} communitystring [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]}]
no snmp-server host {hostname | ip-address} [v2c [retry number] [timeout seconds] | [v3 {auth [retry number] [timeout seconds] | noauth [retry number] [timeout seconds] | priv [retry number] [timeout seconds]} | communitystring]
Syntax Description
Defaults
This command is disabled by default. No traps are sent. The version of the SNMP protocol used to send the traps is SNMP Version 1.
retry number: 2 retries
timeout seconds: 15 seconds
Command Modes
Global configuration
Usage Guidelines
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send acknowledgments when it receives traps. The sender cannot determine if the traps were received. However, an SNMP entity that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the sender never receives the response, the inform request can be sent again. Informs are more likely to reach their intended destination.
However, informs consume more resources in the agent and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network.
If you do not enter an snmp-server host command, no notifications are sent. To configure the SE to send SNMP notifications, you must enter at least one snmp-server host command. To enable multiple hosts, you must enter a separate snmp-server host command for each host. You can specify multiple notification types in the command for each host.
When multiple snmp-server host commands are given for the same host and kind of security model, each succeeding command overwrites the previous command. Only the last snmp-server host command will be in effect. For example, if you enter an snmp-server host v2c command for a host and then enter another snmp-server host v3 command for the same host, the second command will replace the first.
The maximum number of SNMP hosts that can be created by entering the snmp-server host commands is eight.
When multiple snmp-server host commands are given for the same host, the community string in the last command is used.
The snmp-server host command is used with the snmp-server enable traps command. Use the snmp-server enable traps command to specify which SNMP notifications are sent globally. For a host to receive most notifications, at least one snmp-server enable traps command and the snmp-server host command for that host must be enabled.
Note
Examples
The following example sends the SNMP traps defined in RFC 1157 to the host specified by the IP address 172.16.2.160. The community string is comaccess.
ServiceEngine(config)#snmp-server enable trapsServiceEngine(config)#snmp-server host 172.16.2.160 comaccessThe following example removes the host 172.16.2.160 from the SNMP trap recipient list:
ServiceEngine(config)#no snmp-server host 172.16.2.160Related Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server location
snmp-server notify inform
snmp-server user
snmp-server viewsnmp-server location
To set the SNMP system location string, use the snmp-server location global configuration command. To remove the location string, use the no form of this command.
snmp-server location line
no snmp-server location
Syntax Description
Defaults
No system location string is set.
Command Modes
Global configuration
Usage Guidelines
The system location string is the value stored in the MIB-II system group system location object. You can see the system location string with the show snmp EXEC command.
Examples
The following example shows how to configure a system location string:
ServiceEngine(config)#snmp-server location Building 3/Room 214Related Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server notify inform
snmp-server user
snmp-server viewsnmp-server notify inform
To configure the SNMP notify inform request, use the snmp-server notify inform global configuration command. To return the setting to the default value, use the no form of this command.
snmp-server notify inform
no snmp-server notify inform
Syntax Description
This command has no arguments or keywords.
Defaults
If you do not enter the snmp-server notify inform command, the default is an SNMP trap request.
Command Modes
Global configuration
Usage Guidelines
The snmp-server host command specifies which hosts will receive informs. The snmp-server enable traps command globally enables the production mechanism for the specified notifications (traps and informs).
In order for a host to receive an inform, you must enable the inform globally by entering the snmp-server notify inform command.
The SNMP inform requests feature allows SEs to send inform requests to SNMP managers. SEs can send notifications to SNMP managers when particular events occur. For example, an agent SE might send a message to a manager when the agent SE experiences an error condition.
SNMP notifications can be sent as traps or inform requests. Traps are unreliable because the receiver does not send any acknowledgment when it receives a trap. The sender cannot determine if the trap was received. However, an SNMP manager that receives an inform request acknowledges the message with an SNMP response protocol data unit (PDU). If the manager does not receive an inform request, it does not send a response. If the sender never receives a response, the inform request can be sent again. Informs are more likely to reach their intended destination.
Because they are more reliable, informs consume more resources in the SE and in the network. Unlike a trap, which is discarded as soon as it is sent, an inform request must be held in the memory until a response is received or the request times out. Also, traps are sent only once, while an inform may be retried several times. The retries increase traffic and contribute to a higher overhead on the network. Traps and inform requests provide a trade-off between reliability and resources.
Tip
Examples
The following example configures the SNMP notify inform request on the SE:
ServiceEngine(config)#snmp-server notify informRelated Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server user
snmp-server viewsnmp-server user
To define a user who can access the SNMP server, use the snmp-server user global configuration command. To remove access, use the no form of this command.
snmp-server user name group [auth {md5 password [priv password] | sha password [priv password]} | remote octetstring [auth {md5 password [priv password] | sha password [priv password]}]]
no snmp-server user name group [auth {md5 password | sha password} [priv password] | remote octetstring [auth {md5 password | sha password} [priv password]]]
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Usage Guidelines
The maximum number of SNMP users that can be created is 10. Follow these guidelines when defining SNMP users for SEs:
•
•
Tip
Examples
The following example shows that an SNMPv3 user account is created on the SE. The SNMPv3 user is named acme and belongs to the group named admin. Because this SNMP user account has been set up with no authentication password, the SNMP agent on the SE does not perform authentication on SNMP requests from this user.
ServiceEngine(config)# snmp-server user acme adminRelated Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server notify inform
snmp-server viewsnmp-server view
To define a SNMP Version 2 (SNMPv2) MIB view, use the snmp-server view global configuration command. To undefine the MIB view, use the no form of this command.
snmp-server view viewname MIBfamily {excluded | included}
no snmp-server view viewname MIBfamily {excluded | included}
Syntax Description
Defaults
No default behavior or values.
Command Modes
Global configuration
Usage Guidelines
An SNMP view is a mapping between SNMP objects and the access rights available for those objects. An object can have different access rights in each view. Access rights indicate whether the object is accessible by either a community string or a user. The snmp-server view command is used with the snmp-server group to limit the read-write access of MIB trees based on the group. Because the group can be associated with the SNMP community string or users, using the snmp-server view command extends the limit to users and community strings. If the view is not configured, read-write access to the community string applies to the MIB tree and all users (SNMPv3).
The maximum number of views that can be created is 10. You can configure the SNMP view settings only if you have previously configured the SNMP server settings.
To remove a view record, use the no snmp-server view command.
You can enter the snmp-server view command multiple times for the same view record. Later lines take precedence when an object identifier is included in two or more lines.
Examples
The following example shows how to configure the view name, family name, and view type:
ServiceEngine(config)#snmp-server view contentview ciscoServiceEngineMIB includedThe following example creates a view that includes all objects in the MIB-II system group and all objects in the Cisco enterprise MIB:
ServiceEngine(config)#snmp-server view phred system includedServiceEngine(config)#snmp-server view phred cisco includedThe following example creates a view that includes all objects in the MIB-II system group except for sysServices (System 7) in the MIB-II interfaces group:
ServiceEngine(config)#snmp-server view agon system includedServiceEngine(config)#snmp-server view agon system.7 excludedRelated Commands
show snmp
snmp-server community
snmp-server contact
snmp-server enable traps
snmp-server group
snmp-server host
snmp-server location
snmp-server notify inform
snmp-server usersshd
To enable the Secure Shell (SSH) daemon, use the sshd global configuration command. To disable SSH, use the no form of this command.
sshd {enable | timeout seconds | version {1 | 2}}
no sshd {enable | password-guesses | timeout | version {1 | 2}}
Syntax Description
Defaults
timeout seconds: 300 seconds.
version: Both SSH version 1 and 2 are enabled.
Command Modes
Global configuration
Usage Guidelines
SSH enables login access to the SE through a secure and encrypted channel. SSH consists of a server and a client program. Like Telnet, you can use the client program to remotely log on to a machine that is running the SSH server, but unlike Telnet, messages transported between the client and the server are encrypted. The functionality of SSH includes user authentication, message encryption, and message authentication.
When you enable the SSH server, the Secure File Transfer Protocol (SFTP) server is also enabled. The SFTP is a file transfer program that provides a secure and authenticated method for transferring files between CDS devices and other workstations or clients.
Note
The sshd version global configuration command allows you to enable support for either SSH version 1 or SSH version 2. When you enable SSH using the sshd enable global configuration command, the Internet Streamer CDS software enables support for both SSH version 1 and SSH version 2 on the SE. If you want the SE to support only one version of SSH (for example SSH version 2), you must disable the other version (in this example, SSH version 1) by using the no sshd version 1 command.
When support for both SSH version 1 and SSH version 2 are enabled in the SE, the show running-config EXEC command output does not display any sshd configuration. If you have disabled the support for one version of SSH, the show running-config EXEC command output contains the following line:
no sshd version version_number
Note
Examples
The following example shows how to enable the SSH daemon and configure the number of allowable password guesses and timeout for the SE:
ServiceEngine(config)#sshd enableServiceEngine(config)#sshd password-guesses 4ServiceEngine(config)#sshd timeout 20The following example disables the support for SSH version 1 in the SE:
ServiceEngine(config)#no sshd version 1Related Commands
show ssh
sysreport
To save the sysreport to a user-specified file, use the sysreport privilege EXEC command.
sysreport {acquisition-distribution [date-range start-date end-date | filename] | authentication [date-range start-date end-date | filename] | cms [date-range start-date end-date | filename] | dns | flash-media-streaming | ftp | http | icap | movie-streamer | rules | wmt}
Syntax Description
Defaults
No default behavior or values.
Command Modes
Privilege EXEC
Examples
The following example saves the sysreport for WMT to a user-specified file:
ServiceEngine#sysreport wmt date-range 2009/05/07 2009/05/11 xxx.tar.gzThe sysreport has been saved onto file xxx.tar.gz in local1tacacs
To configure TACACS+ server parameters, use the tacacs command in global configuration mode. To disable individual options, use the no form of this command.
tacacs {enable | host {hostname | ip-address} [primary] | key keyword | password ascii | retransmit retries | timeout seconds}
no tacacs {enable | host {hostname | ip-address} [primary] | key | password ascii | retransmit | timeout}
Syntax Description
Defaults
keyword: none (empty string).
timeout seconds: 5
retransmit retries: 2
password ascii: PAP.
Command Modes
Global configuration
Usage Guidelines
Using the tacacs command, configure the TACACS+ key, the number of retransmits, the server hostname or IP address, and the timeout.
You must execute the following two commands to enable user authentication with a TACACS+ server:
ServiceEngine(config)# authentication login tacacs enableServiceEngine(config)# authentication configuration tacacs enableYou must enable TACACS+ for HTTP request authentication as follows:
ServiceEngine(config)# tacacs enableTACACS+ can be disabled but remain configured for user authentication with a TACACS+ server if you use the no option of the command as follows:
ServiceEngine(config)# no tacacs enableHTTP request authentication is independent of user authentication options and must be disabled with the following separate commands:
ServiceEngine(config)# no authentication login tacacs enableServiceEngine(config)# no authentication configuration tacacs enableThe Users GUI page or the username global configuration command provide a way to add, delete, or modify usernames, passwords, and access privileges in the local database. The TACACS+ remote database can also be used to maintain login and configuration privileges for administrative users. The tacacs host command or the TACACS+ Service Engine GUI page allows you to configure the network parameters required to access the remote database.
One primary and two backup TACACS+ servers can be configured; authentication is attempted on the primary server first and then on the others in the order in which they were configured. The primary server is the first server configured unless another server is explicitly specified as primary with the tacacs host hostname primary command.
Use the tacacs key command to specify the TACACS+ key that is used to encrypt the packets transmitted to the server. This key must be the same as the one specified on the server daemon. The maximum number of characters in the key should not exceed 99 printable ASCII characters (except tabs). An empty key string is the default. All leading spaces are ignored; spaces within and at the end of the key string are not ignored. Double quotes are not required even if there are spaces in the key, unless the quotes themselves are part of the key.
The tacacs timeout is the number of seconds that the Service Engine waits before declaring a timeout on a request to a particular TACACS+ server. The range is from 1 to 20 seconds with 5 seconds as the default. The number of times that the Service Engine repeats a retry-timeout cycle before trying the next TACACS+ server is specified by the tacacs retransmit command. The default is two retry attempts.
Three unsuccessful login attempts are permitted. TACACS+ logins may appear to take more time than local logins depending on the number of TACACS+ servers and the configured timeout and retry values.
Use the tacacs password ascii command to specify the TACACS+ password type as ASCII. The default password type is Password Authentication Protocol (PAP). In earlier releases, the password type was not configurable. When users needed to log in to a Service Engine, a TACACS+ client sent the password information in PAP format to a TACACS+ server. However, TACACS+ servers that were configured for router management required the passwords to be in ASCII clear text format instead of PAP format to authenticate users logging in to the Service Engine. The password type to authenticate user information to ASCII was configurable from the CLI.
Note
The TACACS+ client can send different requests to the server for user authentication. The client can send a TACACS+ request with the PAP password type. In this scenario, the authentication packet includes both the username and the user's password. The server must have an appropriately configured user's account.
Alternatively, the client can send a TACACS+ request with the ASCII password type as another option. In this scenario, the authentication packet includes the username only and waits for the server response. Once the server confirms that the user's account exists, the client sends another Continue request with the user's password. The authentication server must have an appropriately configured user's account to support either type of password.
Examples
The following example configures the key used in encrypting packets:
ServiceEngine(config)#tacacs key human789The following example configures the host named spearhead as the primary TACACS+ server:
ServiceEngine(config)#tacacs host spearhead primaryThe following example sets the timeout interval for the TACACS+ server:
ServiceEngine(config)#tacacs timeout 10The following example sets the number of times that authentication requests are retried (retransmitted) after a timeout:
ServiceEngine(config)#tacacs retransmit 5The following example shows the password type to be PAP by default:
ServiceEngine#show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: papServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77ServiceEngine#However, you can configure the password type to be ASCII using the tacacs password ascii command. You can then verify the changes using the show tacacs command as follows:
ServiceEngine(config)#tacacs password asciiServiceEngine(config)#exitServiceEngine#show tacacsLogin Authentication for Console/Telnet Session: enabled (secondary)Configuration Authentication for Console/Telnet Session: enabled (secondary)TACACS+ Configuration:---------------------TACACS+ Authentication is offKey = *****Timeout = 5Retransmit = 2Password type: asciiServer Status---------------------------- ------10.107.192.148 primary10.107.192.16810.77.140.77Related Commands
authentication
show authentication
show statistics authentication
show statistics tacacs
show tacacstcpdump
To dump the network traffic, use the tcpdump EXEC command.
tcpdump [LINE]
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use the tcpdump command to gather a sniffer trace on the SE, SR, or CDSM for troubleshooting when asked to gather the data by the Cisco TAC. This utility is very similar to the Linux or Unix tcpdump command.
The tcpdump command allows an administrator (must be an admin user) to capture packets from the Ethernet. On the SE 500 series, the interface names are eth0 and eth1. On all CDS platforms, we recommend that you specify a path/filename in the local1 directory.
You can do a straight packet header dump to the screen by entering the tcpdump command. Press Ctrl-C to stop the dump.
The tcpdump command has the following options:
•
•
•
•
The following example captures the first 1500 bytes of the next 10,000 packets from interface Ethernet 0 and puts the output in a file named dump.pcap in the local1 directory on the SE:
ServiceEngine#tcpdump -w /local1/dump.pcap -i eth0 -s 1500 -c 10000When you specify the -s option, it sets the packet snap length. The default value captures only 64 bytes, and this default setting saves only packet headers into the capture file. For troubleshooting of redirected packets or higher level traffic (HTTP, authentication, and so on), you must copy the complete packets.
After the TCP dump has been collected, you need to move the file from the SE to a PC so that the file can be viewed by a sniffer decoder.
ftp <ip address of the SE>!--- Log in using the admin username and password.cd local1binhashget <name of the file>!--- Using the above example, it would be dump.pcap.byeWe recommend that you use Ethereal as the software application for reading the TCP dump. With Ethereal, you can decode packets that are encapsulated into a GRE tunnel. See the Ethereal website for further information.
Note
Examples
The following example shows how to dump the TCP network traffic:
ServiceEngine#tcpdumptcpdump: verbose output suppressed, use -v or -vv for full protocol decodelistening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes12:45:42.617677 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3342832089:3342832201(112) ack 1248615673 win 1523212:45:42.618950 IP 172.19.226.63 > ServiceEngine.cisco.com: icmp 36: 172.19.226.63 udp port 2048 unreachable12:45:42.619327 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49828+[|domain]12:45:42.621158 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49828 NXDomain*[|domain]12:45:42.621942 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49829+[|domain]12:45:42.623799 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49829 NXDomain*[|domain]12:45:42.624240 IP ServiceEngine.cisco.com.10015 > dns-sj2.cisco.com.domain: 49830+[|domain]12:45:42.626164 IP dns-sj2.cisco.com.domain > ServiceEngine.cisco.com.10015: 49830*[|domain]12:45:42.702891 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:42.831404 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 112 win 6435112:45:42.831490 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: . 112:1444(1332) ack 1 win 1523212:45:42.831504 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1444:1568(124) ack 1 win 1523212:45:42.831741 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1568:1696(128) ack 1 win 1523212:45:43.046176 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 1568 win 6553512:45:43.046248 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 1696:2128(432) ack 1 win 1523212:45:43.046469 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2128:2256(128) ack 1 win 1523212:45:43.046616 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2256:2400(144) ack 1 win 1523212:45:43.107700 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:43.199710 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 1696 win 6540712:45:43.199784 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2400:2864(464) ack 1 win 1523212:45:43.199998 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2864:2992(128) ack 1 win 1523212:45:43.259968 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 2400 win 6470312:45:43.260064 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 2992:3280(288) ack 1 win 1523212:45:43.260335 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3280:3408(128) ack 1 win 1523212:45:43.260482 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3408:3552(144) ack 1 win 1523212:45:43.260621 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3552:3696(144) ack 1 win 1523212:45:43.413320 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 2992 win 6553512:45:43.413389 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3696:3984(288) ack 1 win 1523212:45:43.413597 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 3984:4112(128) ack 1 win 1523212:45:43.413741 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4112:4256(144) ack 1 win 1523212:45:43.473601 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 3552 win 6497512:45:43.473659 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4256:4544(288) ack 1 win 1523212:45:43.473853 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4544:4672(128) ack 1 win 1523212:45:43.473994 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4672:4816(144) ack 1 win 1523212:45:43.474132 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4816:4960(144) ack 1 win 1523212:45:43.484117 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: P 1:81(80) ack 3696 win 6483112:45:43.484167 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 4960:5248(288) ack 81 win 1523212:45:43.484424 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5248:5392(144) ack 81 win 1523212:45:43.627125 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4112 win 6441512:45:43.627204 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5392:5680(288) ack 81 win 1523212:45:43.627439 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5680:5808(128) ack 81 win 1523212:45:43.627586 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5808:5952(144) ack 81 win 1523212:45:43.688261 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4544 win 6553512:45:43.688316 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 5952:6240(288) ack 81 win 1523212:45:43.688495 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6240:6368(128) ack 81 win 1523212:45:43.688638 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6368:6512(144) ack 81 win 1523212:45:43.689012 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 4960 win 6511912:45:43.689046 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6512:6800(288) ack 81 win 1523212:45:43.689170 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6800:6928(128) ack 81 win 1523212:45:43.689309 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 6928:7072(144) ack 81 win 1523212:45:43.689447 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7072:7216(144) ack 81 win 1523212:45:43.698391 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 5392 win 6468712:45:43.698437 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7216:7504(288) ack 81 win 1523212:45:43.698599 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7504:7632(128) ack 81 win 1523212:45:43.698740 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7632:7776(144) ack 81 win 1523212:45:43.840558 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 5808 win 6427112:45:43.840622 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 7776:8064(288) ack 81 win 1523212:45:43.840819 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8064:8192(128) ack 81 win 1523212:45:43.840962 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8192:8336(144) ack 81 win 1523212:45:43.901868 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 6368 win 6553512:45:43.901938 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8336:8624(288) ack 81 win 1523212:45:43.901887 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 6928 win 6497512:45:43.901910 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 7216 win 6468712:45:43.902137 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8624:8752(128) ack 81 win 1523212:45:43.902281 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8752:8896(144) ack 81 win 1523212:45:43.902414 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 8896:9024(128) ack 81 win 1523212:45:43.902547 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9024:9152(128) ack 81 win 1523212:45:43.902687 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9152:9296(144) ack 81 win 1523212:45:43.902826 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9296:9440(144) ack 81 win 1523212:45:43.902965 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9440:9584(144) ack 81 win 1523212:45:43.903104 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9584:9728(144) ack 81 win 1523212:45:43.922413 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 7632 win 6427112:45:43.922459 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 9728:10304(576) ack 81 win 1523212:45:43.922622 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10304:10432(128) ack 81 win 1523212:45:43.922764 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10432:10576(144) ack 81 win 1523212:45:44.053872 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 8192 win 6553512:45:44.053972 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10576:10864(288) ack 81 win 1523212:45:44.054308 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 10864:11104(240) ack 81 win 1523212:45:44.054453 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11104:11248(144) ack 81 win 1523212:45:44.054596 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11248:11392(144) ack 81 win 1523212:45:44.111702 802.1d config TOP_CHANGE 8000.00:03:9f:f1:10:63.8042 root 8000.00:01:43:9a:c8:63 pathcost 26 age 3 max 20 hello 2 fdelay 1512:45:44.114626 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 8752 win 6497512:45:44.114712 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11392:11712(320) ack 81 win 1523212:45:44.115219 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11712:11952(240) ack 81 win 1523212:45:44.115381 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 11952:12096(144) ack 81 win 1523212:45:44.115426 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9152 win 6457512:45:44.115617 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12096:12336(240) ack 81 win 1523212:45:44.115760 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12336:12480(144) ack 81 win 1523212:45:44.115904 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12480:12624(144) ack 81 win 1523212:45:44.116045 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12624:12768(144) ack 81 win 1523212:45:44.116094 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9440 win 6428712:45:44.116114 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 9728 win 6553512:45:44.116332 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 12768:13088(320) ack 81 win 1523212:45:44.116473 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13088:13232(144) ack 81 win 1523212:45:44.116614 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13232:13376(144) ack 81 win 1523212:45:44.116755 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13376:13520(144) ack 81 win 1523212:45:44.116895 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13520:13664(144) ack 81 win 1523212:45:44.135947 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: . ack 10432 win 6483112:45:44.135996 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13664:13808(144) ack 81 win 1523212:45:44.136223 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 13808:14048(240) ack 81 win 1523212:45:44.136366 IP ServiceEngine.cisco.com.ssh > 10.77.140.97.4314: P 14048:14192(144) ack 81 win 1523212:45:44.144104 IP 10.77.140.97.4314 > ServiceEngine.cisco.com.ssh: P 81:161(80) ack 10576 win 64687102 packets captured105 packets received by filter0 packets dropped by kernelThe following example shows how to dump the TCP network traffic and redirect it to a file named test:
ServiceEngine#tcpdump port 8080 -w testtcpdump: listening on eth0, link-type EN10MB (Ethernet), capture size 68 bytes216 packets captured216 packets received by filter0 packets dropped by kerneltelnet
To log in to a network device using the Telnet client, use the telnet EXEC command.
telnet {hostname | ip-address} [portnum]
Syntax Description
hostname
Hostname of the network device.
ip-address
IP address of the network device.
portnum
(Optional) Port number (1-65535). Default port number is 23.
Defaults
The default port number is 23.
Command Modes
EXEC
Usage Guidelines
Some UNIX shell functions, such as escape and the suspend command, are not available in the Telnet client. In addition, multiple Telnet sessions are also not supported.
The Telnet client allows you to specify a destination port. By entering the telnet command, you can test websites by attempting to open a Telnet session to the website from the SE CLI.
Examples
The following example shows how to open a Telnet session to a network device using the hostname:
ServiceEngine#telnet cisco-ceThe following example shows how to open a Telnet session to a network device using the IP address:
ServiceEngine#telnet 172.16.155.224The following example shows how to open a Telnet session to a network device on port 8443 using the hostname:
ServiceEngine#telnet cisco-ce 8443The following example shows how to open a Telnet session to a network device on port 80 using the hostname:
ServiceEngine#telnet www.yahoo.com 80telnet enable
To enable Telnet, use the telnet enable global configuration command. To disable Telnet, use the no form of this command.
telnet enable
no telnet enable
Syntax Description
This command has no arguments or keywords.
Defaults
Enabled
Command Modes
Global configuration
Usage Guidelines
Use this terminal emulation protocol for a remote terminal connection. The telnet enable command allows users to log in to other devices using a Telnet session.
Examples
The following example shows how to enable Telnet on the SE:
ServiceEngine(config)#telnet enableRelated Commands
show telnet
terminal
To set the number of lines displayed in the console window, or to display the current console debug command output, use the terminal EXEC command.
terminal {length length | monitor [disable]}
Syntax Description
Defaults
The default length is 24 lines.
Command Modes
EXEC
Usage Guidelines
When 0 is entered as the length parameter, the output to the screen does not pause. For all nonzero values of length, the -More- prompt is displayed when the number of output lines matches the specified length number. The -More- prompt is considered a line of output. To view the next screen, press the Spacebar. To view one line at a time, press the Enter key.
The terminal monitor command allows a Telnet session to display the output of the debug commands that appear on the console. Monitoring continues until the Telnet session is terminated.
Examples
The following example sets the number of lines to display to 20:
ServiceEngine#terminal length 20The following example configures the terminal for no pausing:
ServiceEngine#terminal length 0Related Commands
All show commands
test-url
To test the accessibility of a URL using FTP, HTTP, or HTTPS, use the test-url EXEC command.
test-url {ftp url [use-ftp-proxy proxy-url] | http url [custom-header header [head-only] [use-http-proxy proxy-url] | head-only [custom-header header] [use-http-proxy proxy-url] | use-http-proxy proxy-url [custom-header header] [head-only]]}
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
In the Internet Streamer CDS Release 2.4 software and later releases, an HTTP CLI client is supported. This capability allows you to test connectivity and debug caching issues. The test-url EXEC command in the Internet Streamer CDS Release 2.4 software and later releases allows the users to test whether a URL is accessible over the FTP, HTTP, and HTTPS protocols. When you test the connectivity using the test-url command, the SE sends a request using the protocol that you have specified to the server and fetches the requested contents. The actual content is dumped into the path /dev/null, and the server response with the header information is displayed to the user.
You can use the test-url ftp command to test the following for the specified URL:
•
•
•
•
You can use the test-url http command to test the following for the specified URL:
•
•
•
•
•
Examples
The following example tests the accessibility to the URL http://192.168.171.22 using HTTP:
ServiceEngine#test-url http http://ce1.server.com--02:27:20-- http://ce1.server.com/=> `/dev/null'Len - 22 , Restval - 0 , contlen - 0 , Res - 134728056Resolving ce1.server.com..done.Connecting to ce1.server.com[192.168.171.22]:80... connected.HTTP request sent, awaiting response...1 HTTP/1.1 200 OK2 Date: Mon, 26 Jul 2004 08:41:34 GMT3 Server: Apache/1.2b84 Last-Modified: Fri, 25 Apr 2003 12:23:04 GMT5 ETag: "1aee29-663-3ea928a8"6 Content-Length: 16357 Content-Type: text/html8 Via: 1.1 Content Delivery System Software 5.29 Connection: Keep-Alive(1635 to go)0% [ ] 0 --.--K/s ETA --:--Len - 0 ELen - 1635 Keepalive - 1100%[====================================>] 1,635 1.56M/s ETA 00:0002:27:20 (1.56 MB/s) - `/dev/null' saved [1635/1635]The following example tests the accessibility to the URL http://192.168.171.22 through the HTTP proxy 10.107.192.148:
ServiceEngine#test-url http http://192.168.171.22 use-http-proxy 10.107.192.148:8090--15:22:51-- http://10.77.155.246/=> `/dev/null'Len - 1393 , Restval - 0 , contlen - 0 , Res - 134728344Connecting to 10.107.192.148:8090... connected.Proxy request sent, awaiting response...1 HTTP/1.1 401 Authorization Required2 Date: Mon, 27 Sep 2004 15:29:18 GMT3 Server: Apache/1.3.27 (Unix) tomcat/1.04 WWW-Authenticate: Basic realm="IP/TV Restricted Zone"5 Content-Type: text/html; charset=iso-8859-16 Via: 1.1 Content Delivery System Software 5.2.17 Connection: CloseLen - 0 , Restval - 0 , contlen - -1 , Res - -1Connecting to 10.107.192.148:8090... connected.Proxy request sent, awaiting response...1 HTTP/1.1 401 Authorization Required2 Date: Mon, 27 Sep 2004 15:29:19 GMT3 Server: Apache/1.3.27 (Unix) tomcat/1.04 WWW-Authenticate: Basic realm="IP/TV Restricted Zone"5 Content-Type: text/html; charset=iso-8859-16 Via: 1.1 Content Delivery System Software 5.2.17 Connection: Keep-Alive(1635 to go)0% [ ] 0 --.--K/s ETA --:--Len - 0 ELen - 1635 Keepalive - 1100%[====================================>] 1,635 1.56M/s ETA 00:0002:27:20 (1.56 MB/s) - `/dev/null' saved [1635/1635]The following example tests the accessibility to the URL ftp://ssivakum:ssivakum@10.77.157.148 using FTP:
ServiceEngine#test-url ftp ftp://ssivakum:ssivakum@10.77.157.148/antinat-0.90.tarMar 30 14:33:44 nramaraj-ce admin-shell: %SE-PARSER-6-350232: CLI_LOG shell_parser_log: test-url ftp ftp://ssivakum:ssivakum@10.77.157.148/antinat-0.90.tar--14:33:44-- ftp://ssivakum:*password*@10.77.157.148/antinat-0.90.tar=> `/dev/null'Connecting to 10.77.157.148:21... connected.Logging in as ssivakum ...220 (vsFTPd 1.1.3)--> USER ssivakum331 Please specify the password.--> PASS Turtle Power!230 Login successful. Have fun.--> SYST215 UNIX Type: L8--> PWD257 "/home/ssivakum"--> TYPE I200 Switching to Binary mode.==> CWD not needed.--> PORT 10,1,1,52,82,16200 PORT command successful. Consider using PASV.--> RETR antinat-0.90.tar150 Opening BINARY mode data connection for antinat-0.90.tar (1771520 bytes).Length: 1,771,520 (unauthoritative)0% [ ] 0 --.--K/s ETA --:--Len - 0 ELen - 1771520 Keepalive - 0100%[===================================================================================== >] 1,771,520 241.22K/s ETA 00:00226 File send OK.14:33:53 (241.22 KB/s) - `/dev/null' saved [1771520]ServiceEngine#Related Commands
acquirer test-url
traceroute
To trace the route to a remote host, use the traceroute EXEC command.
traceroute {hostname | ip-address}
Syntax Description
Defaults
No default behavior values
Command Modes
EXEC
Usage Guidelines
Traceroute is a widely available utility on most operating systems. Similar to ping, traceroute is a valuable tool for determining connectivity in a network. Ping allows the user to find out if there is a connection between the two end systems. Traceroute does this as well, but additionally lists the intermediate routers between the two systems. Users can see the routes that packets can take from one system to another. Use the traceroute command to find the route to a remote host when either the hostname or the IP address is known.
The traceroute command uses the TTL field in the IP header to cause routers and servers to generate specific return messages. Traceroute starts by sending a UDP datagram to the destination host with the TTL field set to 1. If a router finds a TTL value of 1 or 0, it drops the datagram and sends back an ICMP time-exceeded message to the sender. The traceroute facility determines the address of the first hop by examining the source address field of the ICMP time-exceeded message.
To identify the next hop, traceroute sends a UDP packet with a TTL value of 2. The first router decrements the TTL field by 1 and sends the datagram to the next router. The second router sees a TTL value of 1, discards the datagram, and returns the time-exceeded message to the source. This process continues until the TTL is incremented to a value large enough for the datagram to reach the destination host (or until the maximum TTL is reached).
To determine when a datagram has reached its destination, traceroute sets the UDP destination port in the datagram to a very large value that the destination host is unlikely to be using. When a host receives a datagram with an unrecognized port number, it sends an ICMP "port unreachable" error to the source. This message indicates to the traceroute facility that it has reached the destination.
Examples
The following example shows how to trace the route to a remote host from the SE:
ServiceEngine#traceroute 10.77.157.43traceroute to 10.77.157.43 (10.77.157.43), 30 hops max, 38 byte packets1 10.1.1.50 (10.1.1.50) 2.024 ms 2.086 ms 2.219 ms2 sblab2-rtr.cisco.com (192.168.10.1) 3.718 ms 172.19.231.249 (172.19.231.249) 0.653 ms 0.606 ms3 sjc22-00lab-gw1.cisco.com (172.24.115.65) 0.666 ms 0.624 ms 0.597 ms4 sjc20-lab-gw2.cisco.com (172.24.115.109) 0.709 ms 0.695 ms 0.616 ms5 sjc20-sbb5-gw2.cisco.com (128.107.180.97) 0.910 ms 0.702 ms 0.674 ms6 sjc20-rbb-gw5.cisco.com (128.107.180.9) 0.762 ms 0.702 ms 0.664 ms7 sjc12-rbb-gw4.cisco.com (128.107.180.2) 0.731 ms 0.731 ms 0.686 ms8 sjc5-gb3-f1-0.cisco.com (10.112.2.158) 1.229 ms 1.186 ms 0.753 ms9 capnet-hkidc-sjc5-oc3.cisco.com (10.112.2.238) 146.784 ms 147.016 ms 147.051 ms10 hkidc-capnet-gw1-g3-1.cisco.com (10.112.1.250) 147.163 ms 147.319 ms 148.050 ms11 hkidc-gb3-g0-1.cisco.com (10.112.1.233) 148.137 ms 148.332 ms 148.361 ms12 capnet-singapore-hkidc-oc3.cisco.com (10.112.2.233) 178.137 ms 178.273 ms 178.005 ms13 singapore-capnet2-fa4-0.cisco.com (10.112.2.217) 179.236 ms 179.606 ms 178.714 ms14 singapore-gb1-fa2-0.cisco.com (10.112.2.226) 179.499 ms 179.914 ms 179.873 ms15 capnet-chennai-singapore-ds3.cisco.com (10.112.2.246) 211.858 ms 212.167 ms 212.854 ms16 hclodc1-rbb-gw2-g3-8.cisco.com (10.112.1.213) 213.639 ms 212.580 ms 211.211 ms17 10.77.130.18 (10.77.130.18) 212.248 ms 212.478 ms 212.545 ms18 codc-tbd.cisco.com (10.77.130.34) 212.315 ms 212.688 ms 213.063 ms19 10.77.130.38 (10.77.130.38) 212.955 ms 214.353 ms 218.169 ms20 10.77.157.9 (10.77.157.9) 217.217 ms 213.424 ms 222.023 ms21 10.77.157.43 (10.77.157.43) 212.750 ms 217.260 ms 214.610 msThe following example shows how the traceroute command fails to trace the route to a remote host from the SE:
ServiceEngine#traceroute 10.0.0.1traceroute to 10.0.0.1 (10.0.0.1), 30 hops max, 38 byte packets1 10.1.1.50 (10.1.1.50) 2.022 ms 1.970 ms 2.156 ms2 sblab2-rtr.cisco.com (192.168.10.1) 3.955 ms 172.19.231.249 (172.19.231.249) 0.654 ms 0.607 ms3 sjc22-00lab-gw1.cisco.com (172.24.115.65) 0.704 ms 0.625 ms 0.596 ms4 sjc20-lab-gw1.cisco.com (172.24.115.105) 0.736 ms 0.686 ms 0.615 ms5 sjc20-sbb5-gw1.cisco.com (128.107.180.85) 0.703 ms 0.696 ms 0.646 ms6 sjc20-rbb-gw5.cisco.com (128.107.180.22) 0.736 ms 0.782 ms 0.750 ms7 sjce-rbb-gw1.cisco.com (171.69.7.249) 1.291 ms 1.314 ms 1.218 ms8 sjce-corp-gw1.cisco.com (171.69.7.170) 1.477 ms 1.257 ms 1.221 ms9 * * *10 * * *...29 * * *30 * * *Table 2-76 describes the fields in the traceroute command output.
Related Commands
ping
traceroute6
To trace the route to a remote IPv6-enabled host, use the traceroute6 EXEC command.
traceroute6 ip-address
Syntax Description
Defaults
No default behavior values
Command Modes
EXEC
Examples
The following example shows how to trace the route to a remote IPv6-enabled host from the SE:
ServiceEngine#traceroute6 <IP address>Related Commands
ipv6
transaction-log force
To force the archive or export of the transaction log, use the transaction-log force EXEC command.
transaction-log force {archive | export}
Syntax Description
archive
Forces the archive of the working.log file.
export
Forces the archived files to be exported to the server.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
The transaction-log force archive command causes the transaction log working.log file to be archived to the SE hard disk following the next transaction. This command has the same effect as the clear transaction-log command.
The transaction-log force export command causes the transaction log to be exported to an FTP server designated by the transaction-logs export ftp-server command.
The transaction-log force commands do not change the configured or default schedule for archive or export of transaction log files. If the archive interval is configured in seconds or the export interval is configured in minutes, the forced archive or export interval period is restarted after the forced operation.
If a scheduled archive or export job is in progress when a corresponding transaction-log force command is entered, the command has no effect. If a transaction-log force command is in progress when an archive or export job is scheduled to run, the forced operation is completed and the archive or export is rescheduled for the next configured interval.
Examples
The following example shows how to archive the transaction log file to the SE hard disk:
ServiceEngine#transaction-log force archiveThe following example shows that the SE is configured to export its transaction logs to two FTP servers:
ServiceEngine(config)# transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd /ftpdirectoryServiceEngine(config)# transaction-logs export ftp-server myhostname mylogin mypasswd /ftpdirectoryThe following example shows how to export the transaction log file from the SE hard disk to an FTP server designated by the transaction-logs export ftp-server command:
ServiceEngine#transaction-log force exportRelated Commands
clear
show statistics transaction-logs
show transaction-logging
transaction-logstransaction-logs
To configure and enable transaction logs, use the transaction-logs command in global configuration mode. To disable transaction logs, use the no form of this command.
transaction-logs archive interval seconds
transaction-logs archive interval every-day {at hour:minute | every hours}
transaction-logs archive interval every-hour {at minute | every minutes}
transaction-logs archive interval every-week [on weekdays at hour:minute]
transaction-logs archive max-file-number filenumber
transaction-logs archive max-file-size filesize
transaction-logs enable
transaction-logs export compress
transaction-logs export enable
transaction-logs export ftp-server {hostname | servipaddrs} login passw directory
transaction-logs export interval minutes
transaction-logs export interval every-day {at hour:minute | every hours}
transaction-logs export interval every-hour {at minute | every minutes}
transaction-logs export interval every-week [on weekdays at hour:minute]
transaction-logs export sftp-server {hostname | servipaddrs} login passw directory
transaction-logs format {apache | custom string | extended-squid}
transaction-logs log-windows-domain
no transaction-logs {archive {interval | max-file-number | max-file-size} | enable | export {compress | enable | ftp-server {hostname | servipaddrs} | interval | sftp-server {hostname | servipaddrs}} | format | log-windows-domain}
Syntax Description
Defaults
archive: disabled
enable: disabled
export compress: disabled
export: disabled
file-marker: disabled
archive interval: every day, every one hour
archive max-file-size: 2,000,000 KB
export interval: every day, every one hour
format: apache
logging port port-num: 514
Command Modes
Global configuration
Usage Guidelines
SEs that are running Cisco Internet Streamer Release 2.4 software can record all errors and access activities. Each content service module on the SE provides logs of the requests that were serviced. These logs are referred to as transaction logs.
Typical fields in the transaction log are the date and time when a request was made, the URL that was requested, whether it was a cache hit or a cache miss, the type of request, the number of bytes transferred, and the source IP address. Transaction logs are used for problem identification and solving, load monitoring, billing, statistical analysis, security problems, and cost analysis and provisioning.
The translog module on the SE handles transaction logging and supports the Apache Common Log Format (CLF), Extended Squid format, and the World Wide Web Consortium (W3C) customizable logging format.
Note
Enable transaction log recording with the transaction-logs enable command. The transactions that are logged include HTTP and FTP. In addition, Extensible Markup Language (XML) logging for MMS-over-HTTP and MMS-over-RTSP (RTSP over Windows Media Services 9) is also supported.
When enabled, daemons create a working.log file in /local1/logs/ on the sysfs volume for HTTP and FTP transactions and a separate working.log file in /local1/logs/export for Windows Media transactions. The posted XML log file from the Windows Media Player to the SE (Windows Media server) can be parsed and saved to the normal WMT transaction logs that are stored on the SE.
The working.log file is a link to the actual log file with the timestamp embedded in its filename. When you configure the transaction-logs archive interval command, the first transaction that arrives after the interval elapses is logged to the working.log file as usual, and then actual log file is archived and a new log file is created. Only transactions subsequent to the archiving event are recorded in the new log file. The working.log file is then updated to point to the newly created log file. The transaction log archive file naming conventions are shown in Table 2-83. The SE default archive interval is once an hour every day.
Use the transaction-logs archive max-file-size command to specify the maximum size of an archive file. The working.log file is archived when it attains the maximum file size if this size is reached before the configured archive interval time.
Use the transaction-logs file-marker option to mark the beginning and end of the HTTP, HTTPS, and FTP proxy logs. By examining the file markers of an exported archive file, you can determine whether the FTP process transferred the entire file. The file markers are in the form of dummy transaction entries that are written in the configured log format.
The following example shows the start and end dummy transactions in the default native Squid log format.
•
•
Use the format option to format the HTTP, HTTPS, and FTP proxy log files for custom format, native Squid or Extended Squid formats, or Apache Common Log Format (CLF).
The transaction-logs format custom command allows you to use a log format string to log additional fields that are not included in the predefined native Squid or Extended Squid formats or the Apache CLF format. The log format string is a string that contains the tokens listed in Table 2-77 and mimics the Apache log format string. The log format string can contain literal characters that are copied into the log file. Two backslashes (\\) can be used to represent a literal backslash, and a backslash followed by a single quotation mark (\') can be used to represent a literal single quotation mark. A literal double quotation mark cannot be represented as part of the log format string. The control characters \t and \n can be used to represent a tab and a new line character, respectively.
Table 2-77 lists the acceptable format tokens for the log format string. The ellipsis (...) portion of the format tokens shown in this table represent an optional condition. This portion of the format token can be left blank, as in %a. If an optional condition is included in the format token and the condition is met, then what is shown in the Value column of Table 2-77 is included in the transaction log output. If an optional condition is included in the format token but the condition is not met, the resulting transaction log output is replaced with a hyphen (-). The form of the condition is a list of HTTP status codes, which may or may not be preceded by an exclamation point (!). The exclamation point is used to negate all of the status codes that follow it, which means that the value associated with the format token is logged if none of the status codes listed after the exclamation point (!) match the HTTP status code of the request. If any of the status codes listed after the exclamation point (!) match the HTTP status code of the request, then a hyphen (-) is logged.
For example, %400,501{User-Agent}i logs the User-Agent header value on 400 errors and 501 errors (Bad Request, Not Implemented) only, and %!200,304,302{Referer}i logs the Referer header value on all requests that did not return a normal status.
The custom format currently supports the following request headers:
•
•
•
•
The output of each of the following Request, Referer, and User-Agent format tokens specified in the custom log format string is always enclosed in double quotation marks in the transaction log entry:
%r
%{Referer}i
%{User-Agent}i
The %{Cookie}i format token is generated without the surrounding double quotation marks, because the Cookie value can contain double quotes. The Cookie value can contain multiple attribute-value pairs that are separated by spaces. We recommend that when you use the Cookie format token in a custom format string, you should position it as the last field in the format string so that it can be easily parsed by the transaction log reporting tools. By using the format token string \'%{Cookie}i\' the Cookie header can be surrounded by single quotes (').
The following command can generate the well-known Apache Combined Log Format:
transaction-log format custom "[%{%d}t/%{%b}t/%{%Y}t:%{%H}t:%{%M}t:%{%S}t %{%z}t] %r %s %b %{Referer}i %{User-Agent}i"
The following transaction log entry example in the Apache Combined Format is configured using the preceding custom format string:
[11/Jan/2003:02:12:44 -0800] "GET http://www.cisco.com/swa/i/site_tour_link.gif HTTP/1.1" 200 3436 "http://www.cisco.com/" "Mozilla/4.0 (compatible; MSIE 5.5; Windows NT 5.0)"
Table 2-77 Custom Format "Log Format String" Values
%...a
IP address of the requesting client.
%...A
IP address of the SE.
%...B
%...bBytes sent excluding HTTP headers.
%...c
Connection status when response is completed where
X = Connection was aborted before the response was completed.
+ = Connection can be kept alive after the response is sent.
- = Connection is closed after the response is sent.%...f
Filename.
%...h
Remote host (IP address of the requesting client is logged).
%...H
Request protocol.
%...{Foobar}i
Contents of Foobar: header lines in the request that is sent to the server. The value of Foobar can be one of the following headers: User-Agent, Referer, Host, or Cookie.
%...l
Remote log name.
Not implemented on the SE, so a hyphen (-) is logged.
%...m
Request method.
%...p
Canonical port of the server servicing the request. Not applicable on the SE, so a hyphen (-) is logged.
%...P
Process ID of the child that serviced the request.
%...q
Query string (that is preceded by a question mark (?) if a query string exists; otherwise, it is an empty string).
%...r
First line of the request.
%...s
Status. The translog code always returns the HTTP response code for the request.
%...t
Time in common log time format (or standard English format).
%...{format}t
Time in the form given by the format token specified in Table 2-78.
%...T
Time consumed to serve the request in seconds (a floating point number with three decimal places).
%...u
Remote user.
%...U
URL path requested not including query strings.
%...v
%...VValue of the host request header field reported if the host appeared in the request. If the host did not appear in the host request header, the IP address of the server specified in the URL is reported.
Table 2-78 specifies the format token for the date and time of the format token %...{format}t that is listed in Table 2-79.
The Extended Squid log format uses the RFC 981 field of the Squid log format for the username. The Extended Squid format logs the associated username for authentication for each record in the log file, if available. The username is also used for billing purposes.
The W3C Customizable Logging Format is limited in that it was defined from the HTTP web server perspective and does not offer certain web cache-specific custom options such as those supplied by the fixed Squid format. Format tokens that are extensions to the W3C Customized Logging Format support additional Cisco and Squid customized logging fields. These format tokens provide support for a Squid-like logging format from within the W3C customizable token set.
The W3C Customizable Logging Format was extended to include support for the following special token sequence:
%...{<translog-token>}C
The ellipsis (...) is optional. If specified, it can be a sequence of conditional HTTP response codes separated by commas. The uppercase C defines the extended customizable behavior token set, for which tokens are defined by the <translog-token> directive, which is a two-character token directive.
Table 2-79 lists the existing and new <translog-token> directives from the Extended Squid format, which are not immediately supported by the W3C definitions but are supported in the CDS Release 2.4 software.
In addition to the tokens listed in Table 2-79, you can condense multiple %...{xx}C style tokens into a single embedded token sequence within the %...{xx}C style. A limited customized logging string validation mechanism has been implemented for all the %...{xy}C style format tokens. This mechanism ensures that the tokens are valid and rejects invalid tokens. To condense multiple style tokens into a single embedded token sequence, you must specify multiple tokens within the {} braces and prefix each token with the percent (%) symbol as follows:
%{rh}C %{rt}C %{as}C
can be reexpressed in a condensed embedded token format as the following:
%{%rh %rt %as}C
The command line syntax accepts single tokens represented as the following:
%{%rh}C
and
%{rh}C
as equivalents.
Any character that is not part of an embedded token sequence (for example, the space character) is repeated verbatim in the output file.
The above set of tokens allow you to configure an extended Squid-like format line within the W3C Customizable Logging format specification as follows:
%{es}C.%{em}C %{te}C %a %{rd}C/%s %{cs}C %m %{ru}C %u %{rh}C %{rt}C %{as}C
The following is an example of a Extended Squid-like format that specifies that user-readable time-stamps are used instead of Squid's "seconds-since-epoch" time-stamp format, and that a configured out-going proxy (as specified by "%...{rH}C") is logged:
[%{%d/%b/%Y:%H:%M:%S %z}t] %{te}C %a %{rd}C/%s %{cs}C %m %{ru}C %u %{rH}C %{rt}C %{as}C
Unknown or unsupported translog tokens are logged within the log file as the characters that made up the token. For example, %{xy}C is logged into the log file as xy. All characters outside of a token specification sequence are repeated verbatim within the log file.
Sanitizing Transaction Logs
Use the sanitized option to disguise the IP address of clients in the transaction log file. The default is that transaction logs are not sanitized. A sanitized transaction log disguises the network identity of a client by changing the IP address in the transaction logs to 0.0.0.0.
The no form of this command disables the sanitize feature. The transaction-logs sanitize command does not affect the client IP (%a) value associated with a custom log format string that is configured with the CLI (configured with the transaction-logs format custom string global configuration command in which the string is the quoted log format string that contains the custom log format). To hide the identity of the client IP in the custom log format, either hard code 0.0.0.0 in the custom log format string or exclude the %a token, which represents the client IP, from the format string.
Exporting Transaction Log Files
To facilitate the postprocessing of cache log files, you could export transaction logs to an external host.
This feature allows log files to be exported automatically by FTP to an external host at configurable intervals. The username and password used for FTP are configurable. The directory to which the log files are uploaded is also configurable.
The log files automatically have the following filename:
type_ipaddr_yyyymmdd_hhmmss.txt
where
•
•
•
Note
Exporting and Archiving Intervals
The transaction log archive and export functions are configured with the following commands:
•
•
The following limitations apply:
•
•
•
•
•
Transaction Log Archive Filenaming Convention
The archive transaction log file is named as follows for HTTP and WMT caching:
celog_10.1.118.5_20001228_235959.txtmms_export_10.1.118.5_20001228_235959If the export compress feature is enabled when the file is exported, then the file extension will be .gz after the file is compressed for the export operation, as shown in the following example:
celog_10.1.118.5_20001228_235959.txt.gzmms_export_10.1.118.5_20001228_235959.gzTable 2-83 describes the name elements.
Table 2-81 lists the directory names and the corresponding examples of the archive filenames.
Compressing Archive Files
The transaction-logs export compress option compresses an archive into a gzip file format before exporting it. Compressing the archive file uses less disk space on both the SE and the FTP export server. The compressed file uses less bandwidth when transferred. The archive filename of the compressed file has the extension .gz.
Exporting Transaction Logs to External FTP Servers
The transaction-logs export ftp-server option can support up to four FTP servers. To export transaction logs, you must first enable the feature and configure the FTP server parameters. The following information is required for each target FTP server:
•
The SE translates the hostname with a DNS lookup and then stores the IP address in the configuration.
•
•
Use a fully qualified path or a relative path for the user login. The user must have write permission to the directory.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Exporting Transaction Logs to External SFTP Servers
Use the transaction-logs export sftp-server option to export transaction logs. You must first enable the feature and configure the Secure File Transfer Protocol (SFTP) server parameters. The following information is required for each target SFTP server:
•
The SE translates the hostname with a DNS lookup and then stores the IP address in the configuration.
•
•
Use a fully qualified path or a relative path for the user login. The user must have write permission to the directory.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Receiving a Permanent Error from the External FTP Server
A permanent error (Permanent Negative Completion Reply, RFC 959) occurs when the FTP command to the server cannot be accepted, and the action does not take place. Permanent errors can be caused by invalid user logins, invalid user passwords, and attempts to access directories with insufficient permissions.
When an FTP server returns a permanent error to the SE, the export is retried at 10-minute intervals or sooner if the configured export interval is sooner. If the error is a result of a misconfiguration of the transaction-logs export ftp server command, then you must re-enter the SE parameters to clear the error condition. The show statistics transaction-logs command displays the status of logging attempts to export servers.
The show statistics transaction-logs command shows that the SE failed to export archive files.
The transaction-logs format command has four options: extended-squid, apache, and custom.
Use the no form of the transaction-logs export enable command to disable the entire transaction logs feature while retaining the rest of the configuration.
Configuring Intervals Between 1 Hour and 1 Day
The archive or export interval can be set for once a day with a specific time stamp. It can also be set for hour frequencies that align with midnight. For example, every 4 hours means archiving occurs at 0000, 0400, 0800, 1200, and 1600. It is not possible to archive at half-hour intervals such as 0030, 0430, or 0830. The following intervals are acceptable: 1, 2, 3, 4, 6, 8, 12, and 24.
Configuring Intervals of 1 Hour or Less
The interval can be set for once an hour with a minute alignment. It can also be set for frequencies of less than an hour; these frequencies will align with the top of the hour. Every 5 minutes means that archiving will occur at 1700, 1705, and 1710.
Configuring Export Interval on Specific Days
The export interval can be set for specific days of the week at a specific time. One or more days can be specified. The default time is midnight.
You must be aware that archived logs are automatically deleted when free disk space is low. It is important to select an export interval that exports files frequently enough so that files are not automatically removed prior to export.
Monitoring HTTP Request Authentication Failures in Real Time
Cisco Internet Streamer Release 2.4 software supports sending HTTP transaction log messages to a remote syslog server so that you can monitor the remote syslog server for HTTP request authentication failures in real time. This real-time transaction log allows you to monitor transaction logs in real time for particular errors such as HTTP request authentication errors. The existing transaction logging to the local file system remains unchanged.
Note
Examples
The following example shows how to configure an FTP server:
ServiceEngine(config)#transaction-logs export ftp-server 10.1.1.1 mylogin mypasswd /ftpdirectoryServiceEngine(config)#transaction-logs export ftp-server myhostname mylogin mypasswd /ftpdirectoryThe following example shows how to delete an FTP server:
ServiceEngine(config)#no transaction-logs export ftp-server 10.1.1.1ServiceEngine(config)#no transaction-logs export ftp-server myhostnameUse the no form of the command to disable the entire transaction log export feature while retaining the rest of the configuration:
ServiceEngine(config)#no transaction-logs export enableThe following example shows how to change a username, password, or directory:
ServiceEngine(config)#transaction-logs export ftp-server 10.1.1.1 mynewname mynewpass /newftpdirectory
Note
The following example shows how to restart the export of archive transaction logs:
ServiceEngine(config)# transaction-logs export ftp-server 172.16.10.5 goodlogin pass /ftpdirectoryThe following example shows how to delete an SFTP server from the current configuration:
ServiceEngine(config)# no transaction-logs export sftp-server sftphostnameThe following examples show how to configure the archiving intervals:
ServiceEngine(config)#transaction-logs archive interval every-dayat Specify the time at which to archive each dayevery Specify the interval in hours. It will align with midnightServiceEngine(config)#transaction-logs archive interval every-day at<0-23>: Time of day at which to archive (hh:mm)ServiceEngine(config)#transaction-logs archive interval every-day every<1-24> Interval in hours: {1, 2, 3, 4, 6, 8, 12 or 24}The following example shows that the SE has failed to export archive files:
ServiceEngine#show statistics transaction-logsTransaction Log Export Statistics:Server:172.16.10.5Initial Attempts:1Initial Successes:0Initial Open Failures:0Initial Put Failures:0Retry Attempts:0Retry Successes:0Retry Open Failures:0Retry Put Failures:0Authentication Failures:1Invalid Server Directory Failures:0The following example shows how to correct a misconfiguration:
ServiceEngine(config)#transaction-logs export ftp-server 10.1.1.1 goodlogin pass /ftpdirectoryThe working.log file and archived log files are listed for HTTP and WMT.
The following example shows how to export transaction logs to an SFTP server:
ServiceEngine(config)#transaction-logs export sftp-server 10.1.1.100 mylogin mypasswd /mydirThe following example shows how to archive every 4 hours and align with the midnight local time (0000, 0400, 0800, 1200, 1600, and 2000):
ServiceEngine(config)#transaction-logs archive interval every-day every 4The following example shows how to export once a day at midnight local time:
ServiceEngine(config)#transaction-logs export interval every-day every 24The following example shows how to configure export intervals:
ServiceEngine(config)#transaction-logs archive interval every-hour ?at Specify the time at which to archive each dayevery Specify interval in minutes. It will align with top of the hourServiceEngine(config)#transaction-logs archive interval every-hour at ?<0-59> Specify the minute alignment for the hourly archiveServiceEngine(config)#transaction-logs archive interval every-hour every ?<2-30> Interval in minutes: {2, 5, 10, 15, 20, 30}Related Commands
clear
show statistics transaction-logs
show transaction-logging
transaction-log forcetype
To display the contents of a file, use the type EXEC command.
type filename
Syntax Description
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use this command to display the contents of a file within any SE file directory. This command may be used to monitor features such as transaction logging or system logging (syslog).
Examples
The following example displays the syslog file on the SE:
ServiceEngine#type /local1/syslog.txtJan 10 22:02:46 (none) populate_ds: %SE-CLI-5-170050: Cisco Internet Streamer CDS Software starts bootingJan 10 22:02:47 (none) create_etc_hosts.sh: %SE-CLI-5-170051: HOSTPLUSDOMAIN: NO-HOSTNAMEJan 10 22:02:47 NO-HOSTNAME : %SE-CLI-5-170053: Recreated etc_hosts (1, 0)Jan 10 22:02:48 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [CLI_VER_NTP] requests stop service ntpdJan 10 22:02:49 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ver_tvout] requests stop service tvoutsvrJan 10 22:02:50 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330084: [ver_rtspg] requests restart service rtspgJan 10 22:02:50 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ver_iptv] requests stop service sbssJan 10 22:02:51 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330080: [ver_telnetd] requests start service telnetdJan 10 22:02:52 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ver_wmt] requests stop service wmt_mmsJan 10 22:02:53 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [ver_wmt] requests stop service wmt_logdJan 10 22:02:55 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [Unknown] requests stop service mcast_senderJan 10 22:02:55 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330082: [Unknown] requests stop service mcast_receiverJan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330024: Service 'populate_ds' exited normally with code 0Jan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330040: Start service 'parser_server' using: '/ruby/bin/parser_server' with pid: 1753Jan 10 22:02:56 NO-HOSTNAME Nodemgr: %SE-NODEMGR-5-330040: Start service 'syslog_bootup_msgs' using: '/ruby/bin/syslog_bootup_msgs' with pid:1754Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Linux version 2.4.16 (cnbuild@builder2.cisco.com) (gcc version 3.0.4) #1SMP Fri Jan 7 19:26:58 PST 2005Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>setup.c: handling flash window at [15MB..16MB)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>BIOS-provided physical RAM map:Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000000000 - 000000000009ec00 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 000000000009ec00 - 00000000000a0000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 00000000000e0800 - 0000000000100000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000100000 - 0000000000f00000 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000000f00000 - 0000000001000000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 0000000001000000 - 0000000010000000 (usable)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4> BIOS-e820: 00000000fff00000 - 0000000100000000 (reserved)Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>setup.c: reserved bootmem for INITRD_START = 0x6000000, INITRD_SIZE = 11709348Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>On node 0 totalpages: 65536Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(0): 4096 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(1): 61440 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>zone(2): 0 pages.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Local APIC disabled by BIOS -- reenabling.Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Found and enabled local APIC!Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <4>Kernel command line: root=/dev/ram ramdisk_size=100000 ramdisk_start=0x6000000 console=ttyS0,9600n8Jan 10 22:02:56 NO-HOSTNAME syslog_bootup_msgs: %SE-SYS-5-900001: <6>Initializing CPU#0--More--..Related Commands
cpfile
dir
lls
ls
mkfiletype-tail
To view a specified number of lines of the end of a log file or to view the end of the file continuously as new lines are added to the file, use the type-tail command in EXEC mode.
type-tail filename [line | follow]
Syntax Description
Defaults
Ten lines shown
Command Modes
EXEC
Usage Guidelines
This command allows you to monitor a log file by letting you view the end of the file. You can specify the number of lines at the end of the file that you want to view, or you can follow the last line of the file as it continues to log new information. To stop the last line from continuously scrolling, press Ctrl-C.
Examples
The following example shows the list of log files in the /local1 directory:
stream-ServiceEngine#ls /local1WS441WebsenseWebsenseEnterpriseWebsense_config_backupWsInstallLogbadfile.txtcodecoveragecore.stunnel.5.3.0.b100.cnbuild.5381core_dircrashcrka.logcse_livecse_voddbdowngrade.logdbupgrade.logdowngradeerrorloghttp_authmod.unstripindex.htmllogslost+foundnetscape-401-proxynetscape-401-proxy1netscape-dumpnewwebsenseoldWsInstallLogpreload_dirproxy-basic1proxy1proxy2proxy3proxy4proxy5proxy6proxy7proxy8proxyreplyproxyreply-407real_vodruby.bin.cli_fixruby.bin.no_ws_fixruby.bin.ws_edir_fixsaservice_logssmartfiltersmfnaveensuperwebsensesyslog.txtsyslog.txt.1syslog.txt.2temptwo.txturl.txturllist.txtvarvpd.propertieswebsense.pre-200webtarball44webtarball520wmt_vodws_upgrade.logThe following example displays the last ten lines of the syslog.txt file. In this example, the number of lines to display is not specified; however, ten lines is the default.
stream-ServiceEngine#type-tail /local1/syslog.txtOct 8 21:49:15 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:17 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:19 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:21 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0The following example displays the last 20 lines of the syslog.text file:
stream-ServiceEngine#type-tail /local1/syslog.txt 20Oct 8 21:49:11 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:11 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:13 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:13 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:13 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:15 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:15 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:17 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:17 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:19 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:19 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:21 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:21 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:21 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:23 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:23 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:23 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLThe following example follows the file as it grows:
stream-ServiceEngine#type-tail /local1/syslog.txt ?<1-65535> The numbers of lines from endfollow Follow the file as it grows<cr>stream-ServiceEngine#type-tail /local1/syslog.txt followOct 8 21:49:39 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:41 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:41 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:41 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:43 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:43 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:43 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:45 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:45 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:45 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:47 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:47 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:47 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLOct 8 21:49:49 stream-ce syslog:(26830)TRCE:input_serv.c:83-> select_withreturn 0, ready = 0Oct 8 21:49:49 stream-ce syslog:(26832)TRCE:al_master.c:246-> select_withreturn 0, ready = 0Oct 8 21:49:49 stream-ce syslog:(26832)TRCE:in_mms.c:1747-> tv = NULLundebug
To disable debugging functions, use the undebug EXEC command.
undebug option
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
We recommend that you use the debug and undebug commands only at the direction of Cisco TAC.
See the "debug" section on page 2-73 for more information about debug functions.
Related Commands
debug
no debug
show debuggingurl-signature
The CDS uses a combination of key owners, key ID numbers, and a word value to generate URL signature keys. To configure the url signature, use the url-signature global configuration command.
url-signature key-id-owner num key-id-number num {key word | public key url [symetric key word | private key url]}
no url-signature key-id-owner num key-id-number num
Syntax Description
Command Modes
Global configuration
Usage Guidelines
Service Rules for Directing Requests to a Policy Server
If your network is configured to work with Camiant PCMM-compliant third-party policy servers for servicing requests that require guaranteed bandwidth, you can use the following rule patterns and rule actions to filter the requests and to direct them to the policy server. The rule patterns and rule actions also enable you to generate URL signatures in the response for a valid request for a Windows Media metafile (.asx file extension), Movie Streamer file, or Flash Media Streaming file, and to validate the URL signature on incoming requests to the SE. URL signature key authentication is implemented by using the generate-url-signature and validate-url-signature rule actions that can be applied to specific rule patterns.
Note
The following table lists the rule patterns that support the use-icap-service rule action for directing requests that require guaranteed bandwidth to the third-party policy server:
You can set the use-icap-service rule action for any of the rule patterns above. If the request matches the parameters that you have set for the rule pattern, then the SE redirects the request to the third-party policy server using ICAP services. However, you must make sure that your network is configured to interoperate with the third-party policy server using ICAP services. You can set up the necessary ICAP configurations from the ICAP Services page. You can also use the rule pattern and rule action to generate URL signatures in the response for a valid request for a Windows Media metafile. You can use the following rule patterns to filter out requests for which you want to generate a URL signature key:
url-regex
Filters the request based on any regular expression in the URL.
domain
Filters the request based on the domain name specified.
For the rule patterns mentioned above, you can set the following rule actions:
Note
URL Signing Components
However, because any of these strings in the URL could potentially be edited manually and circumvented by any knowledgeable user, it is important to generate and attach a signature to the URL. This can be achieved by attaching a keyed hash to the URL, using a secret key shared only between the signer (the portal) and the validating component (CDS).
The URL signing script offers three different versions:
•
•
•
When a URL is signed for RTSP and a player does a fallback to HTTP for the same URL, the validation fails because the URL signature includes RTSP. If the URL signature does not include the protocol, the fallback URL is validated correctly even though the protocol is HTTP.
If you do not specify a version for the script, MD5 is used and the SIGV string in the script is not added.
At the portal, URLs can be signed for a particular user (client IP address) and expiry time using a URL signing script. The URL signing script example included in this section requires Python 2.3.4 or higher.
Following is an example of the URL signing script using the MD5 security hash algorithm:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 ciscoAn example of the resulting signed URL follows:
http://www.cisco.com/index.html?IS=0&ET=1241194518&CIP=8.1.0.4&KO=1&KN=2&US=deebacde45bf71 6071c8b2fecaa755b9If you specify version 1 for the script, SHA-1 is used and the SIGV=1 string is added.
Following is an example of the URL signing script using the SHA-1 security hash algorithm:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 1An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=1&IS=0&ET=1241194679&CIP=8.1.0.4&KO=1&KN=2&US=8349348 ffac7987d11203122a98e7e64e410fa18If you specify version 2 for the script, SHA-1 is used. The protocol from the beginning of the URL is also removed before the signature is generated, and the SIGV=2 string is added. The protocol is RTSP, HTTP, or RTMP. The URL is signed without the protocol, but the final signed URL is printed with the protocol.
Following is an example of the URL signing script using the SHA-1 security hash algorithm with version 2 specified:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 2An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=2&IS=0&ET=1241194783&CIP=8.1.0.4&KO=1&KN=2&US=68b5f5e d97d1255a0ec42a42a4f779e794df679cFor additional information on URL Sigining, see the "Configuring URL Signing" section and the "URL Siging and Validation" appendix in the Cisco Internet Streamer CDS 2.4 Software Configuration Guide.
Examples
Following is an example of generating and encrypting the public key and private key using the url-signature command:
ServiceEngine(config)#url-signature key-id-owner 1 key-id-number 10 public-key http://1.1.1.1/ec_pub_key private-key http://1.1.1.1/ec_pub_key symmetric-keyFollowing is an example of the URL signing script using the MD5 security hash algorithm:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 ciscoAn example of the resulting signed URL follows:
http://www.cisco.com/index.html?IS=0&ET=1241194518&CIP=8.1.0.4&KO=1&KN=2&US=deebacde45bf71 6071c8b2fecaa755b9If you specify version 1 for the script, SHA-1 is used and the SIGV=1 string is added.
Following is an example of the URL signing script using the SHA-1 security hash algorithm:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 1An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=1&IS=0&ET=1241194679&CIP=8.1.0.4&KO=1&KN=2&US=8349348 ffac7987d11203122a98e7e64e410fa18If you specify version 2 for the script, SHA-1 is used. The protocol from the beginning of the URL is also removed before the signature is generated, and the SIGV=2 string is added. The protocol is RTSP, HTTP, or RTMP. The URL is signed without the protocol, but the final signed URL is printed with the protocol.
Following is an example of the URL signing script using the SHA-1 security hash algorithm with version 2 specified:
python cds-ims-urlsign.py http://www.cisco.com/index.html 8.1.0.4 200000 1 2 cisco 2An example of the resulting signed URL follows:
http://www.cisco.com/index.html?SIGV=2&IS=0&ET=1241194783&CIP=8.1.0.4&KO=1&KN=2&US=68b5f5e d97d1255a0ec42a42a4f779e794df679cusername
To establish username authentication, use the username global configuration command.
username name {cifs-password | samba-password} {0 plainword | 1 lancrypto ntcrypto | cleartext} | password {0 plainword | 1 cryptoword | cleartext} [uid uid] | privilege {0 | 15}}
no username name
Syntax Description
Defaults
The password value is set to 0 (clear text) by default.
Default administrator account:
•
•
•
•
Command Modes
Global configuration
Usage Guidelines
The username global configuration command changes the password and privilege level for existing user accounts.
User Authentication
User access is controlled at the authentication level. For every HTTP or HTTPS request that applies to the administrative interface, including every CLI and API request that arrives at the CDS network devices, the authentication level has visibility into the supplied username and password. Based on CLI-configured parameters, a decision is then made to either accept or reject the request. This decision is made either by checking local authentication or by performing a query against a remote authentication server. The authentication level is decoupled from the authorization level, and there is no concept of role or domain at the authentication level.
When local CLI authentication is used, all configured users can be displayed by entering the show running-config command. Normally, only administrative users need to have username authentication configured.
Note
User Authorization
Domains and roles are applied by the CDSM at the authorization level. Requests must be accepted by the authentication level before they are considered by the authorization level. The authorization level regulates the access to resources based on the CDSM GUI role and domain configuration.
Regardless of the authentication mechanism, all user authorization configuration is visible in the GUI.
Examples
When you first connect an CDS device to an CDS network, you should immediately change the password for the username admin, which has the password default, and the privilege level superuser.
The following example shows how to change the password:
ServiceEngine(config)#username admin password yoursecretThe following example shows how passwords and privilege levels are reconfigured:
ServiceEngine#show user username abeddoeUid : 2003Username : abeddoePassword : ghQ.GyGhP96K6Privilege : normal userServiceEngine#show user username bwhidneyUid : 2002Username : bwhidneyPassword : bhlohlbIwAMOkPrivilege : normal userServiceEngine(config)#username bwhidney password 1 victoriaServiceEngine(config)#username abeddoe privilege 15User's privilege changed to super user (=15)ServiceEngine#show user username abeddoeUid : 2003Username : abeddoePassword : ghQ.GyGhP96K6Privilege : super userServiceEngine#show user username bwhidneyUid : 2002Username : bwhidneyPassword : mhYWYw.7P1Ld6Privilege : normal userRelated Commands
show user
show userswhoami
To display the username of the current user, use the whoami EXEC command.
whoami
Syntax Description
This command has no arguments or keywords.
Defaults
No default behavior or values.
Command Modes
EXEC
Usage Guidelines
Use this command to display the username of the current user.
Examples
The following example displays the username of the user who has logged in to the SE:
ServiceEngine#whoamiadminRelated Commands
pwd
wmt
To configure Windows Media Technologies (WMT), use the wmt global configuration command. To negate these actions, use the no form of this command.
wmt accelerate {proxy-cache | vod} enable
wmt advanced client {maximum-packet-size number | idle-timeout number}
wmt advanced server {log-forwarding enable | inactivity-timeout number}
wmt cache {age-multiplier number | enable | max-obj-size size | max-ttl {days number | hours number | minutes number | seconds number} | min-ttl number | reval-each-request}
wmt disallowed-client-protocols {http [rtspt | rtspu] | rtspt [http | rtspu] | rtspu [http | rtspt]}
wmt enable
wmt fast-cache {enable | max-delivery-rate number}
wmt fast-start {enable | max-bandwidth number}
wmt http allow extension file_extensions
wmt max-concurrent-sessions number
wmt proxy outgoing {http | rtsp} host {hostname | ip-address} port
wmt transaction-logs format {extended {wms-41 | wms-90} | wms-41 | wms-90}
no wmt {accelerate {proxy-cache | vod} enable | advanced {client {maximum-packet-size number | idle-timeout} | server {log-forwarding | inactivity-timeout} enable} | cache {age-multiplier number | enable | max-obj-size size | max-ttl {days number | hours number | minutes number | seconds number} | min-ttl number | reval-each-request} | disallowed-client-protocols {http [rtspt | rtspu] | rtspt [http | rtspu] | rtspu [http | rtspt]} | enable | fast-cache {enable | max-delivery-rate number} | fast-start {enable | max-bandwidth number} | http allow extension file_extensions | max-concurrent-sessions | proxy outgoing {http | rtsp} | transaction-logs format {extended {wms-41 | wms-90} | wms-41 | wms-90}}
Syntax Description
Defaults
wmt: disabled
advanced client maximum-packet-size: 1500 bytes
advanced client idle-timeout: 60 seconds
advanced server log-forwarding: enabled
wmt cache max-ttl days: 1 day
wmt cache max-ttl hours: 72 hours
wmt cache max-ttl minutes: 4320 minutes
wmt cache max-ttl seconds: 259200 seconds
wmt cache min-ttl: 60 minutes
wmt fast-cache: enabled
wmt fast-start: enabled
max-object-size: 1 GB
wmt http allow extension file_extensions: asf, none, nsc, wma, wmv
Command Modes
Global configuration
Usage Guidelines
The Windows Media Services (WMS) is the Microsoft streaming solution for creating, distributing, and playing back digital media files on the Internet. Windows Media Services 9 Series (WMS 9) is the new Windows Media solutions from Microsoft.
Enabling WMT on the Service Engine
Before enabling licenses for streaming media services on an SE, make sure that your SE clock and calendar settings are correct; otherwise, you will see an error message and the services will fail to install. Use the show clock EXEC command to display the system clock. To set the system clock, use the clock set EXEC command.
Enabling Conventional WMT Proxy Service
During conventional proxy caching, the user media player is pointed to the SE to access the streaming media. Before enabling conventional WMT proxy service, be sure you have fulfilled the following requirements:
•
•
Enabling Fast Cache
Fast Cache allows streaming of content to the Windows Media Player's cache as fast as the network allows, reducing the likelihood of an interruption in play due to network problems. When used with the Windows Media Player 9 Series, Fast Cache provides a way to stream content to clients faster than the data rate specified by the stream format. For example, with Fast Cache enabled, the server can transmit a 128-kbps stream at 700 kbps. In Windows Media Player, the stream is still rendered at the specified data rate, but the media player can buffer a much larger portion of the content before rendering it. This buffering allows the client to handle variable network conditions without impacting the playback quality of on-demand content.
Enabling Fast Start
Fast Start helps reduce buffering time. Typically, Windows Media Player must buffer a certain amount of data before it can start rendering content. If the clients connecting to the SE are using Windows Media Player for Windows XP or a later version of Windows Media Player, Fast Start can be used to provide data directly to the buffer at speeds higher than the bit rate of the content requested. This buffering enables users to start receiving content more quickly. After the initial buffer requirement has been fulfilled, on-demand content is streamed at the bit rate defined by the content stream.
Note
When Fast Start is enabled on the SE, the increased bandwidth that Fast Start initially uses to send data to the media players can overburden a network if many media players connect to the stream at the same time. To reduce the risk of network congestion, use the wmt fast-start max-bandwidth global configuration command to limit the amount of bandwidth that Fast Start can use to stream content to each media player.
Adding or Removing WMT HTTP Allowed Filename Extensions
SEs use a list of filename extensions to decide whether a type of media file should be served by WMT. Typically, SEs are shipped with a default list of filename extensions to be served by WMT.
The default list in the SE contains the following filename extensions:
•
•
•
•
•
Note
Use the wmt http allow extension file_extensions global configuration command to add new filename extensions to the list. Use the no wmt http allow extension file_extensions command to remove filename extensions from the list.
The following restrictions apply to adding new filename extensions to the list:
•
•
•
WMT Unique Stream Key
Normally, a caching proxy uses the URL string as the content identifier, so that a cache hit occurs when the request URL matches the content URL. This process is often unreliable, because some websites use dynamically generated URLs, which create different URL strings for the same content. When the URL string is used as the content identifier in this case, the likelihood of a cache hit is reduced. The unique stream key produces an identifier that is based on domain name, file size, bit rate, and other content-specific properties. This identifier is almost always unique for a piece of content. Using the unique stream key feature increases the likelihood of a cache hit.
Configuring WMT Multicasting
An SE can receive and deliver WMT streaming content through IP multicast as described in the next few sections.
Unicast-in multicast-out multicast delivery enables you to distribute streaming media efficiently by allowing different devices on the IP multicast to receive a single stream of media content from the SE simultaneously. This delivery mechanism can save significant network bandwidth consumption, because a single stream is sent to many devices, rather than sending a single stream to a single device every time that this stream is requested. This multicast delivery feature is enabled by setting up a multicast address on the SE to which different devices, configured to receive the content from the same channel, can subscribe. The delivering device sends the content to the multicast address set up at the SE, from which it becomes available to all subscribed receiving devices.
Multicast-in multicast-out multicast receive enables you to receive multicast WMT streams delivered through IP multicasting and then relay them to end users through another delivery channel (unicast or multicast).
The two WMT multicast-out features combined enable you to receive and deliver WMT streaming media content through IP multicasting and to do conversions from multicast to unicast (and vice versa).
The multicast-in unicast-out scenario enables you to create a broadcasting publishing point to deliver an incoming stream live to requesting clients using multicast as the source of the streaming media.
WMT Multicast Logging
Use the log option to provide multicast statistics to multicast server administrators. These statistics include a multicast IP address, a port number, a start time, and a number of clients. When configuring this option, you can choose to provide either a local URL where the multicast logging statistics can be sent, or an external fully qualified server URL that can receive these statistics. The multicast logging URL option can point to the multicast server or to any web server that can process the posted information from the users who subscribed to the multicast address.
Configuring Multicast-In Multicast-Out
In this multicasting scenario, a description file *.nsc is created that is accessible through multicast-out to clients. This scenario is similar to the unicast-in multicast-out scenario except that the input source is multicast. The clients use this description file to subscribe to the multicast.
Configuring Multicast to SE and Multicast to Client
In the Internet Streamer CDS 2.4 release, Multicast to SE and Multicast to client options were added. The administrator can configure inter-SE multicast for live programs if the network is multicast enabled. If the network is not multicast enabled, the result is undefined and streaming may not work as expected. Therefore, this requires a special configuration on the Live Programs page to turn this feature on and off.
To enable multicast delivery to the SEs for a program, you must choose multicast as a delivery mechanism. Choose Services > Live Video > Live Programs > Live Streaming. The Live Stream Settings page is displayed. Check the Enable Multicast Delivery to SE check box and click Submit.
Configuring Multicast-In Unicast-Out
In this scenario, a unicast-out publishing point is created to deliver the incoming stream live to requesting clients.
Configuring Unicast-In Unicast-Out
Unicast-in unicast-out provides a point-to-point connection between the client and the SE. The advantage of unicasting when streaming media over a network is that only a single stream needs to be pulled over the network between the origin server and SE, but that stream can be delivered to multiple clients in a nonmulticast environment. A server running Windows Media Services can provide a unicast video stream to multiple clients through a single stream delivered to the SE. Typically, unicast-in unicast-out is used to broadcast live events.
In this scenario, unicast-in unicast-out provides a point-to-point connection between the client and the SE. The SE makes a single connection to the media server. Multiple requests for the same stream can be split by the SE so that each client receives a distinct data stream directly from the SE, while the SE maintains its single stream connection to the media server.
You can configure unicast-in unicast-out using live splitting without any configuration. The SE acts as a proxy. When clients request the same unicast URL, the SE proxy automatically splits the stream from the source to the clients.
Configuring Outgoing WMT Proxy Servers
You can specify the external WMT server that the SE should use as its upstream WMT server. The SE contacts the specified outgoing proxy server upon a cache miss (if the SE does not have the requested WMT content already stored in its local cache).
Configuring WMT Transaction Logs
WMT transaction logs allow content providers to track what content customers viewed, how long they viewed it, and the quality of transmission. The Internet Streamer CDS software uses the enhanced logging support provided by Windows Media Services 9 Series in addition to the Windows Media Services Version 4.1 logging format.
The following transaction log formats are supported for WMT:
•
•
•
•
Note
The SE's transaction logging format for WMT streaming is consistent with that of the Windows Media Services and the World Wide Web Consortium (W3C)-compliant log format. A log line is written for every stream accessed by the client. The location of the log is not configurable. These logs can be exported using FTP. When transaction logging is enabled, daemons create a separate working.log file in /local1/logs/export for WMT transactions.
All client information in the transaction logs is sent to the origin server by default.
Log Formats Accepted by Windows Media Services 9
Windows Media Players connect to a Windows Media Server using the following protocols:
•
•
Depending on the version of the Windows Media Player, logs are sent in different formats, such as text, binary, or Extensible Markup Language (XML). See Table 2-82.
The posted XML log file from the Windows Media Player to the SE (Windows Media Server) can be parsed and saved to the normal WMT transaction logs that are stored on the SE.
To specify the format for the WMT transaction logs on SEs, use the wmt transaction-logs format global configuration command. By default, the standard Windows Media Services 4.1 logging format is used (no SE-specific details are logged).
When you use the extended format in Windows Media Services 4.1 and 9.0, the SE includes the following three additional fields in the transaction log:
•
•
•
Note
Microsoft Digest authentication is an authentication method in which an initial authentication of the client is performed when the server receives the first challenge response from the client. After the server verifies that the client has not been authenticated yet, it accesses the services of a domain controller to perform the initial authentication of the client. When the initial authentication of the client is successfully completed, the server receives a Digest session key. The server caches the session key and uses it to authenticate subsequent requests for resources from the authenticated client.If the SE is configured to use the extended format of WMT transaction logging and the extended WMT logging feature is enabled, then the SE logs usernames for any authenticated WMT requests. Usernames are logged for Negotiate, Digest, and basic authentication.
Note
By default, the extended WMT logging feature is disabled. If the extended logging format is enabled (using the wmt transaction-logs format extended global configuration command) but the extended WMT logging feature is disabled, the username field in the WMT transaction log will be empty.
Note
WMT Multicast Logging
WMT logs are logged to a working log on the local disk in one of the following files, depending upon where the sysfs is mounted on the SE:
•
•
Forwarding WMT Logs to Upstream Servers
You can decide whether you want this SE to forward its WMT logs to the upstream server (a Windows Media server or another SE). By default, SEs forward their WMT logs to the upstream server. This feature applies to all of the supported protocols. To disable this feature and configure the SE to not forward its WMT logs to the upstream server, enter the no wmt advanced server log-forwarding enable global configuration command. To re-enable this feature, enter the wmt advanced server log-forwarding enable global configuration command.
Examples
The following example displays request statistics. In this example, the statistics reported are the total number of requests served, type of content (live or VoD), transport protocol, and source of content:
ServiceEngine#show statistics wmt requestsUnicast Requests Statistics===========================Total unicast requests received: 0-------------------------------Total % of TotalUnicast Requests--------------------------------------------Streaming Requests served: 0 0.00%Mcast nsc file Request: 0 0.00%Authenticate Requests: 0 0.00%Requests error: 0 0.00%Total % of TotalStreaming Requests--------------------------------------------By Type of Content------------------Live content: 0 0.00%On-Demand Content: 0 0.00%By Transport Protocol---------------------HTTP: 0 0.00%RTSPT: 0 0.00%RTSPU: 0 0.00%By Source of Content--------------------Local: 0 0.00%Remote HTTP: 0 0.00%Remote RTSP: 0 0.00%Multicast: 0 0.00%CDN-Related WMT Requests------------------------CDN Content Hits: 0 0.00%CDN Content Misses: 0 0.00%CDN Content Live: 0 0.00%CDN Content Errors: 0 0.00%Fast Streaming related WMT Requests------------------------------------Normal Speed: 0 0.00%Fast Start Only: 0 0.00%Fast Cache Only: 0 0.00%Fast Start and Fast Cache: 0 0.00%Total % of TotalAuthenticated Requests--------------------------------------------By Type of Authentication-------------------------Negotiate: 0 0.00%Digest: 0 0.00%Basic: 0 0.00%The following example displays the multicast logging statistics sent to the multicast server:
10.1.101.2 2003-05-11 13:39:21 - asfm://239.1.4.5:4000 0 30 1 200 {5DC90EEB-CEB1-467C-9F7A-BCF5EEEDE3FF} 10.1.0.3055 en-US - - wmplayer.exe 10.1.0.3055 Windows_2000 10.0.0.2195 Pentium 0 152543 65389 asfm UDP WINDOWS_MEDIA_AUDIO_V2 MICROSOFT_MPEG-4_VIDEO_CODEC_V3 http://172.16.192.91/cisco.nsc - 166245 - 176 0 0 0 0 0 01 0 100 239.1.4.5 - - -The format of the example shown is as follows:
c-ip date time c-dns cs-uri-stem c-starttime x-duration c-rate c-status c-playerid c-playerversion c-playerlanguage cs(User-Agent) cs(Referer) c-hostexe c-hostexever c-os c-osversion c-cpu filelength filesize avgbandwidth protocol transport audiocodec videocodec channelURL sc-bytes c-bytes s-pkts-sent c-pkts-received c-pkts-lost-client c-pkts-lost-net c-pkts-lost-cont-net c-resendreqs c-pkts-recovered-ECC c-pkts-recovered-resent c-buffercount c-totalbuffertime c-quality s-ip s-dns s-totalclients s-cpu-util SE-action SE-bytes UsernameTable 2-83 describes the fields shown in this example.
The following example adds the filename extension mp3 to the list of filename extensions to be served by WMT:
ServiceEngine#wmt http allow extension mp3The show wmt http allow extension EXEC command shows the filename extensions included in the list after you have added or deleted filename extensions.
The following example shows that the filename extension mp3 has been added to the list of file extensions:
ServiceEngine#show wmt http allow extensionWMT http extensions allowed :asf mp3 none nsc wma wmvThe following example shows that an SE at a branch office is configured to send all its WMT cache miss traffic to a central SE at 172.16.30.30 through port 8080:
ServiceEngine(config)# wmt proxy outgoing http host 172.16.30.30 8080The following example shows that an SE at a branch office is configured to send all its cache miss traffic to a central SE at 172.16.30.31 through port 1700:
ServiceEngine(config)# wmt proxy outgoing http host 172.16.30.31 1700The following example sets the SE to generate WMT transaction logs in the extended Windows Media Services, Version 9.0 format:
ServiceEngine#wmt transaction-logs format extended wms-90The following example enables the logging of usernames to the WMT transaction log:
ServiceEngine#wmt extended transaction-log enableRelated Commands
clear
show running-config
show tech-support
show statistics wmt
show wmt
wmt (EXEC mode)write
To save startup configurations, use the write EXEC command.
write [erase | memory | terminal]
Syntax Description
Defaults
The configuration is written to NVRAM by default.
Command Modes
EXEC
Usage Guidelines
Use this command to either save running configurations to NVRAM or erase memory configurations. Following a write erase command, no configuration is held in memory, and a prompt for configuration specifics occurs after you reboot the SE.
Use the write terminal command to display the current running configuration in the terminal session window. The equivalent command is show running-config.
The write memory command saves modified Websense configuration files (the eimserver.ini, config.xml, and websense.ini files and the Blockpages directory) across disk reconfiguration and Internet Streamer CDS software release upgrades.
Note
You must execute the write memory command in order to save the most recent configuration modifications, including websense.ini file modifications and Websense URL filtering configuration changes. The write memory command enables the changes made from the external Websense Manager GUI to be saved across disk reconfiguration and upgrades (which might erase disk content).
The Websense configurations from the last use of the write memory command are retained under the following situations:
•
•
However, if the write memory command has never been used before, then default configurations will be applied when the content in the /local1/WebsenseEnterprise/EIM directory on the SE is erased.
Examples
The following command saves the running configuration to NVRAM:
ServiceEngine#write memoryRelated Commands
copy
show running-config
