After working on the SUSE linux system for a few years we've all become   accustomed where to find the various utilities that we need when we are   setting up servers or trying to diagnose problems.  Here are a few things I've found useful.  Hopefully they will benefit others.

Note: We have noticed that cutting and pasting commands from this online document sometimes replaces the dash "-" with a period "." so if you get an error, just make sure your pasted command looks the same.

RedHat vs SUSE Linux

Where to find the utilities you're used to getting out of Yast

For VSM 7 installs these utilities are present when the system is installed, but not on CPAM or IPICS.

Like Yast in SUSE, most of the utilities I'm comparing against Yast are  GUI utilities that you would access from the desktop under the 'System'  pulldown. If the utility has a "-tui" suffix, that means it's a Text  User Interface and it can be run from a putty window.

Software Management

system-cdinstall-helper

- This tool works like Yast  software management, it assumes you are installing software so it  expects you to have an install disk available.

system-config-packages / system-install-packages

-  These utilities are also like Yast's software management.  They behave  like a GUI front end for the command line 'yum' (Yellowdog Update  Manager) utility.

The RPM commands you are used to using still work in RedHat, but most  people that use RedHat will look for the 'yum' utility.  It's a bit like  Ubuntu's 'apt' and 'apt-get' utilities.  Yum is a tool that you would  use to manage what is currently installed and the system, or what  packages that are available match the string you are searching for.  It  allows you to search the installed packages, but for what we normally do  the command 'rpm -qa' still works fine.

RPM

Query for Cisco products

 rpm -qa | grep Cisco

Install

 rpm -ivh <package name>

Uninstall

 rpm -e <package name>

To remove all Cisco packages:

 rpm -qa | grep Cisco | xargs rpm -e

To install all the packages

 rpm -ivh Cisco*.rpm

NTP and Timezone

system-config-date / system-config-time

- These are  similar to Yast's Network services->NTP setup.  You can set the  system time and configure NTP / timezone with it.

The NTP commands at the command line interface are similar to what we use on SUSE today:

# ntpdc –p
# ntpdc -c as
# ntpq -c rl
# ntpq -c rv

Start by running this command on all of their servers

# hwclock --show ; date ; date -u

You get back time in these formats:

Thu Aug  5 09:29:47 2010  -0.271860 seconds
Thu Aug  5 09:31:13 PDT 2010
Thu Aug  5 16:31:13 UTC 2010

If the hardware clock is way off you can use

# hwclock --set --date=newdate

Where newdate might look like:

# hwclock --set --date="9/22/96 16:45:05"

it might be necessary to delete the /etc/adjtime file. You have to restart the ntp daemon afterward though.

To restart the ntp daemon

# /etc/init.d/ntpd restart

To query the local ntp info

# ntpq -p

To check the NTPD status

# ntpdc –p

Network Setup

system-config-network / system-config-network-gui

- The  network services tab in Yast has many of these settings.  You can edit  the IP network/IPsec/DNS/Hosts file from this utility.  On the desktop  you can get to this utility from the system pulldown  System->Administration->Network.

system-config-network-tui

- You can edit the interface hardware/IPsec/DNS/Hosts file from this utility in a tui (putty) interface like Yast's tui..

system-config-network-cmd

- network configuration  command line tool.  Running Yast from the command line allows the  network configuration in a similar text user interface.

Without command line arguments this dumps the current network configuration to the screen in text format.

system-control-network

- Allows the users to bring up or shut down the network interfaces.

             The command line equivalents would be

ifup

,

ifdown

, and

ifconfig

.

Firewall and Security settings

system-config-securitylevel

- this is the firewall configuration

system-config-securitylevel-tui

- the text user interface for the firewall configuration.

system-config-authentication

- password and NIS setup

authconfig-tui

is also available if needed from the command line

system-config-services

-  Yast has this under  System->"System Services (runlevel)".  This tool allows you to  graphically look at the services that are configured to run at each run  level

                         The command line version of this tool is:

chkconfig --list

Display and Input Device settings

system-config-keyboard

- This would be in the Hardware section of Yast for keyboard layout

system-config-language

- Yast offers this in System -> Language

system-config-display

- this would be found in the Hardware section of Yast as 'Graphics Card and Monitor'

Yast has an icon for Remote Administration to allow VNC connections; RedHat’s equivalent is the command:

vino-preferences

.

Password Recovery

SUSE

:

Hit any key when Linux starts to boot to get to the boot menu

You get a page with 2 options for booting, the regular mode and safe mode.  On the option line enter

init=/bin/bash

to tell the system to boot into the bash shell immediately.  The file  system should mount itself, but in case it doesn't, use this command:

mount -o remount,rw /

.  To change the root password use the command

passwd

then

reboot

.

Redhat

:

Hit any key when Linux starts to boot to get to the boot menu

The system will present you with boot options.  Highlight the line that starts with 'kernel' and press '

e

' to get to be able to edit the options. You will want to add a space then a number

1

.  After adding the 1, press

enter

and then press

b

to start the boot process.  You will be at a prompt where you can enter the commands

passwd

then

reboot

.  Again, you might have to enter the command

mount -o remount,rw /

if the system has not mounted the root file system.

User and Group tools

system-config-rootpassword

- Yast's Security and Users tab,  If you can get on the console, you can fix the root password.

system-config-users

- Graphical utility to edit user/groups on the system.

The console terminal program on SUSE is right on the bottom of the  screen.  To get to the terminal program on RedHat you need to use the  pulldown: Applications->Accessories->Terminal

Other System Utilities

While we don’t often use these tools, it is they are needed on occasion.

system-config-lvm

- Yast has LVM under the System heading.  

system-config-kdump

- Yast can get you this as a setting under System -> '/etc/sysconfig Editor'

MYSQL

CPAM

adding views:

mysql -u cpam -p --database=vxdb <  /opt/cisco/cpam/import/MySQL_Views.sql

VSM

create new:

mysql –u root –p < /usr/BWhttpd/bas/db/mysql-create-6.3.0.sql

backup:

mysqldump -u root -p[root_password] [database_name] > dumpfilename.sql

...or this command will get you the dump out of the last backup:

V6.X

ls -tr1 /usr/BWhttpd/bas/db/backups | tail -n1 | (read -a line; tar -xzf $line --to-stdout /usr/BWhttpd/bas/db/dumps/VSOM_*.sql > /root/dump.sql)

V7.X

ls -tr1 /usr/BWhttpd/vsom_be/db/backup/*.gz | tail -n1 | (read -a line; tar -xzf $line --to-stdout usr/BWhttpd/vsom_be/db/backup/VSOM_*.sql > /root/bas_out.sql)
 

Restore a database from a dump file:

mysql -u root -p[root_password] [database_name] < dumpfilename.sql

Run the below command and get the output file dbspace.txt. This is to find out what is consuming disk space on db partition:

ls –lR /db > dbspace.txt

To repair mysql tables in vsom

# mysqlcheck -u root -p —repair bas  <table_name>

Create a new mysql database called demo

mysql> CREATE DATABASE demo;

Create a new user called user1 for database demo

mysql> GRANT ALL ON demo.* TO user1@localhost IDENTIFIED BY 'mypassword';

Allow access to edit databases remotely

GRANT ALL PRIVILEGES ON *.* TO 'root'@'%.example.com' IDENTIFIED BY PASSWORD 'some_characters' WITH GRANT OPTION

TCPDUMP Commands

• The command in general:
  
  • Capital S means 'Specific' i.e. just traffic to and from the host you specify
  • Lower case s means the maximum size of the packet. '0' means anything.
  • pipe "|" tee means send it to the file and the console.
  • TCPdump on a CPAM server does work. The path just isn’t set up. Use the command with its full path: /usr/sbin/tcpdump

tcpdump -i eth0 –s 2000 host <IP of client PC> –w <file>.pcap

• capture packets from specific port to a file and to console

tcpdump -i eth0 -n port 80 -l | tee tcp.pcap

• capture packets from specific port to a file

tcpdump -i eth0 -n port 80 -s 0 -w tcp.pcap

• capture packets from specific host to a file

tcpdump -i eth0 -S host xx.xx.xx.xx -s 0 -w tcp.pcap

• capture packets to port 80 but not from one host

tcpdump -i eth0 -S port 80 and not host xx.xx.xx.xx -l | tee tcp.pcap

• capture packets to or from a host and write it to a UTC timestamped file

date +%T --utc | ( read -a line;/usr/sbin/tcpdump -i eth0 -s0 -w packet-$line.cap  host  10.154.66.151 )

Some helpful CPAM Commands

To get root: (log in as cpamadmin)

# sudo su

To get an ordered listing of the files:

# ls -alrth

To get to the ssh config page on a CPAM gateway

http://<address>/tac.shtml

To check the NTP sync, use below commands from CPAM ssh prompt.

Checking CPAM’s ntp sync.

/usr/sbin/ntpq -c peer
/usr/sbin/ntpq -c assoc
/usr/sbin/ntpq -c "pstat <association id from previous>"

Checking gateways sync from CPAM ssh.

/usr/sbin/ntpq -c "peer" <gateway IP address>
/usr/sbin/ntpq -c "assoc" <gateway IP address>
/usr/sbin/ntpq -c "pstat <assoc id from previous command>"  <gateway IP address>

To check if the CPAM upgrade is preceding issue this command:

# ls –ltr /db/cpam/vxdb

Look for timestamps to increment on the .ibd files. Also check the webapp.log for errors.

To manually collect a CPAM showtech:

# /opt/cisco/cpam/bin/showtech.sh

To check the services on CPAM:

# /sbin/service cpamadmin <stop / start / status>
# /sbin/service cpamacserver
# /sbin/service mysql <stop / start /status>

To turn on badge preview

Go to: Admin -> System Configuration -> Disable batch badge printing (uncheck)

To reset a CPAM standby server in recent versions of CPAM, Go to the URL

http://<address>/cmd/reset

(Use with caution! There is NO 'Are you sure?' safety net)

Getting to be root on a cpam server

# sudo su -

Getting the mysql password

# grep local.pass /opt/cisco/cpam/properties/cpsm.runtime.properties

Getting a Showtech from the CLI:

# /opt/cisco/cpam/bin/showtech.sh 

On CPAM Server, show tech is stored in

/opt/cisco/cpam/apache-tomcat/webapps/ROOT/

Getting the Session info:

Fetch the session information from the URL below :

http://CPAM_IP:9091/sessions.html

http://CPAM_IP:9091/clients.html

See what database processes are running:

1) SSH into the CPAM server as 'cpamadmin'

2) Get the CPAM database password

     For the 'cpam' user:

    # sudo grep password /opt/cisco/cpam/properties/vx.hibernate.properties

        hibernate.connection.password=9f6oDi7efO

     For the 'root' user:

    # grep rootpass /opt/cisco/cpam/properties/*

        cpsm.runtime.properties:cpsm.runtime.store.local.rootpass=XXXXX

     Get the CPAM database password from the output.

3) Use the MySQL command-line client to get the number of database process:

mysql -u cpam -p <enter_password>

mysql> show processlist;

Getting the logs from the server by manually generating a showtech

# sudo sh –x /opt/cisco/cpam/bin/showtech.sh

This will create a .zip file with the logs and configuration in the  current directory (run it from the cpamadmin user’s home directory  /home/cpamadmin).  The script takes at least 1 minute to complete due to  some performance information it gathers, and you may see an error  message regarding the permissions on “`cib.xml” that can be ignored.

Getting the decompressed config file from a CPAM gateway

1) Enable ssh for the gateway through GW webadmin

2) Login into gateway as root using sudo su

3) cd /mnt/flash

4) Use following command to create decompressed config file.

/physec/cmdcfg_fldump -cfg dump  <Config file name>.cfg  myconf.txt

5) Collect the myconf.txt and share it.

Linux Tricks

Link the java sdk to the 'java' for install

shell> ln -s s2sdk1.4.2_19 java

Follow a log as it is growing:

tail -f <filename>

Convert a file to linux from MS DOS

tr -d '\r' < inputfile > < outputfile >

Convert a file from MS-DOS to linux

dos2unix <filename>

Find system version:

cat /proc/version

To see the ip interface info and bring the ethernet port up.

ifconfig
ifup eth0

To see the characteristics of the ethernet interface

ethtool eth0

Setting eth3 to eth0

vi /etc/udev/rules.d/30-net_persistent_names.rules

After the file is opened, delete the lines at the end of the file that  start with SUBSYSTEM. Then reboot to have the system recreate those  lines automatically with the correct eth0 and eth1 device names.

To see the active connections on a system (not listeners):

netstat -tupen

To see the listening ports on a system:

netstat -tuplen

To see the file system layout

df -k

To see the size of files in your directories

du -xhs /* | egrep [0-9.]+[MG] | sort -n

To pull 60 days’ worth of VSM Logs

Support-report –d 60

To list files in a directory in order by age

ls -t

To remove an entire directory and its subdirectories (use with caution!)

rm -rf dirname/

Run a script and tail a log at the same time:

./scriptname ; tail -F /logs/logname

Clear out a log or text file:

cat /dev/null > <filename>

Get an SMD file dump:

# export LD_LIBRARY_PATH=/usr/BWhttpd/lib

# /usr/BWhttpd/bin/smdfiledump <smd_file_name>

Verify an md5 checksum

# md5sum -c filename.zip.md5 filename.zip

Remove all but the 9 oldest files in the directory. (remember the 'tail' count starts at 0)

# ls -1 -t | tail +10 | xargs -i rm {}

Pull the title of all the known camera types supported by the VSM server from the bas devices xml file

# grep -i 'title=' /usr/BWhttpd/bas/src/conf/bas_devices.xml | cut -f2 -d'"' | cut -f1 -d'"'

VSM 7 Useful commands:

We can determine the utilization by running the following command:

# /usr/BWhttpd/bin/reposdbtestclient dumpstoragemonshmem

If they are logging on as localadmin  user, they can run

# sudo   /usr/BWhttpd/bin/reposdbtestclient dumpstoragemonshmem

You can verify how much video data there is for each recording by running the command:

# du -hsxc /media?/1???

Also, dump a list of the archive files to a text file, you can do this with the command:

# ls -lR /media? > /tmp/archivefiles.txt