Execute the snmpwalk command to to retrieve the information of multiple components, services, and processes of LPSM using their respective OIDs. Refer to the System Monitoring via SNMP section for details.
Note
The username for SNMPv3 authentication in the Director setup is director.
Example:
snmpwalk
Execute the change-snmpv3-key command to change the DES encryption key for SNMPv3 authentication.
Note
The default value of the SNMPv3 authentication key is 5nMpvEenC^pt.
Example:
change-snmpv3-key
Execute the change-snmpv3-passwd command to change the password of the SNMPv3 authentication.
Note
The default value of the SNMPv3 authentication password is changeme.
Example:
change-snmpv3-passwd
Execute the legacy-snmp command to disable or enable SNMPv2.
Syntax:
legacy-snmp [option]
Options:
Option |
Description |
|---|---|
disable |
To disable SNMPv2 |
enable |
To enable SNMPv2 |
Example:
legacy-snmp enable
Execute the list-backups command to list all available LPSM backup files with their corresponding filename, backup name, date, and LPSM machine version.
Syntax:
list-backups [option]
Options:
Option |
Description |
|---|---|
To list all available backups |
|
-v, –version |
To list backups of a particular LPSM version |
-h, –help |
To get help |
Example:
list-backups –h
Execute the restore-backup command to restore a particular LPSM backup file.
Syntax:
restore-backup [option]
Options:
Option |
Description |
|---|---|
<filename> |
To restore a particular LPSM backup file |
-h, –help |
To get help |
Example:
restore-backup –h
Execute the mds-fix command to disable or enable the Microarchitectural Data Sampling fix.
Syntax:
mds-fix [option]
Options:
Option |
Description |
|---|---|
disable |
To disable the Microarchitectural Data Sampling fix |
enable |
To enable the Microarchitectural Data Sampling fix |
Example:
mds-fix disable
Execute the update-incoherent-config command to update the LPSM with the latest configuration of the newly added Fabric-enabled LogPoint.
Syntax:
update-incoherent-config [option]
Options:
Option |
Description |
|---|---|
To update the configuration of the newly added Fabric-enabled LogPoint |
|
-h, –help |
To get help |
Example:
update-incoherent-config --help
Execute the spectre2-fix command to disable or enable the Spectre Variant II fix.
Syntax:
spectre2-fix [option]
Options:
Option |
Description |
|---|---|
disable |
To disable the Spectre Variant II fix |
enable |
To enable the Spectre Variant II fix |
Example:
spectre2-fix enable
Execute the meltdown-fix command to disable the Meltdown fix.
Syntax:
meltdown-fix [option]
Options:
Option |
Description |
|---|---|
disable |
To disable the Meltdown fix |
enable |
To enable the Meltdown fix |
Example:
meltdown-fix disable
Execute the change-date command to change/reset the date of the system.
Example:
change-date
Execute the start-support command to start a remote connection for support and keep the support-port open for a specified time period.
Syntax:
start-support <timeout>(optional)
Options:
Option |
Description |
|---|---|
1 |
To start a support connection with a one hour timeout |
15 |
To start a support connection with a 15 hour timeout |
infinite |
To start a support connection with no timeout |
Example:
start-support 1
Note
Value of the timeout parameter must be between 1 and 23.
If the timeout parameter is not specified, the support connection remains active until the connection is disabled using the stop-support command.
The support connection is established only for one hour if the timeout parameter is not specified.
Execute the stop-support command to terminate the support connection.
Example:
stop-support
Execute the change-rsyslogip command to change the IP address of remote syslog server where the audit logs should be sent.
Example:
change-rsyslogip
Execute the uploadpatch command to upload a large sized patch of LPSM. You can use this command when patches are not uploaded from the GUI due to timeout limits.
Example:
uploadpatch
Execute the mount command to attach the filesystem found on a device to the big file tree.
Example:
mount
Execute the umount command to detach or free the loop device (if any) associated with the mount.
Note
You can mount and unmount the remote Network File System (NFS) and Common Internet File System (CIFS) using the mount and unmount commands.
Example:
umount
Execute the ifup command to bring a network interface up, making it available to transmit and receive data.
Syntax:
ifup <interface_name>
Example:
ifup eth0
Execute the ifdown command to take a network interface down, and place it in a state where it cannot transmit or receive data.
Syntax:
ifdown <interface_name>
Example:
ifdown eth0
You can create partitions in case the HDD is replaced in the server using either the gdisk or the sgdisk command.
Example:
gdisk
After replacing the HDD, you can make it bootable again using the grub-install command. Use this command when the first disk, where grub resides, crashes.
Example:
grub-install
Execute the fabric-auth command when the Fabric Storage connection is interrupted due to an internal server error.
Example:
fabric-auth
Execute the zfs command to configure the ZFS file systems and datasets within a ZFS storage pool.
Example:
zfs
Execute the netplan-apply command to migrate Logpoint instances to Netplan for network configuration. The command uses YAML configuration files to specify the necessary network settings for Logpoint.
After migrating Logpoint to Netplan, you can also use the command to update the existing network configuration.
Syntax:
netplan-apply <YAML file>
Example:
netplan-apply network_config.yaml
Note
The YAML files are stored inside /etc/netplan/.
Make sure the network parameters and their values provided in the YAML files are correct. Incorrect parameters can cause network disruptions or complete network outages.
You can use the lpsmfw-cli command with the iptables sub-command to:
Add new firewall rules
Remove firewall rules
View firewall rules for all three chains (INPUT, OUTPUT, and FORWARD)
View firewall rules for a particular chain (INPUT, OUTPUT, or FORWARD)
Flush firewall rules
Reload flushed firewall rules
View firewall policies for all three chains (INPUT, OUTPUT, and FORWARD)
View firewall policies for a particular chain (INPUT, OUTPUT, or FORWARD)
Note
From this version, the addfwports and rmfwports commands have been replaced by the lpsmfw-cli command.
Execute the lpsmfw-cli command to add and remove firewall ports. The command works with IP addresses/networks and numeric ports, but does not support domain names.
You can add new firewall rules to LPSM using the lpsmfw-cli iptables add command.
Syntax:
lpsmfw-cli iptables add <direction>
The <direction> can be in, out, or fwd for INPUT, OUTPUT, or FORWARD respectively.
The list of options and their expected parameters are listed below:
Option |
Expected parameter |
Description |
|---|---|---|
-s or –source |
IP address or IP network |
Source IP address |
-d or –destination |
IP address or IP network |
Destination IP address |
-p or –protocol |
tcp or udp |
Indicates the protocol used. Required if –sport or –dport option is used. |
-i or –in-interface |
Network interface name |
Indicates the input interface. Not required when the direction is out. |
-o or –out-interface |
Network interface name |
Indicates the output interface. Not required when the direction is in. |
-j or –jump |
Either ACCEPT or DROP |
Policy or action to take with the rule. This flag is required. |
-m or –multiport |
None |
Flag used to enable the multiport option. When this option is enabled, multiple sources or destination ports are supported. |
–sport |
Integer in the range of 0-65535 |
Source port. If this option is enabled, protocol -p is required. |
–dport |
Integer in the range of 0-65535 |
Destination port. If this option is enabled, protocol -p is required. |
Note
The source port (–sport) and destination port (–dport) can be specified multiple times. However, if the multiport option (m or –multiport) is not enabled, the first port specified using the command is used. If the multiport option is enabled, you can specify a maximum of 15 ports using one command.
Examples:
Allowing inbound connection from a host with IP 10.10.10.10 to communicate on port 443 over TCP:
$ lpsmfw-cli iptables add in -s 10.10.10.10 -p tcp --dport 443 -j ACCEPT
WARNING:root:configgenerator; regenerating config files; inbackground=True
[ OK ] Added iptables rule
$ lpsmfw-cli iptables show input | grep "10.10.10.10"
-A INPUT -s 10.10.10.10/32 -p tcp -m tcp --dport 443 -j ACCEPT
Allowing inbound connections from all hosts on port 443 over TCP
$ lpsmfw-cli iptables add in -p tcp --dport 443 -j ACCEPT
WARNING:root:configgenerator; regenerating config files; inbackground=True
[ OK ] Added iptables rule
$ lpsmfw-cli iptables show input | grep "443"
-A INPUT -p tcp -m tcp --dport 443 -j ACCEPT
You can remove firewall rules from LPSM using the lpsmfw-cli iptables rm command. The options that can be used with this command are identical to the lpsmfw-cli iptables add command.
Syntax:
lpsmfw-cli iptables rm
Note
You can only remove the rules which have been added using the lpsmfw-cli command.
Examples:
Removing allowed inbound connection from a host with IP 10.10.10.10 to communicate on port 443 over TCP
$ lpsmfw-cli iptables rm in -s 10.10.10.10 -p tcp --dport 443 -j ACCEPT
WARNING:root:configgenerator; regenerating config files; inbackground=True
[ OK ] Removed iptables rule
$ lpsmfw-cli iptables show input | grep "10.10.10.10"
Removing allowed inbound connections from all hosts on port 443 over TCP
$ lpsmfw-cli iptables rm in -p tcp --dport 443 -j ACCEPT
WARNING:root:configgenerator; regenerating config files; inbackground=True
[ OK ] Added iptables rule
$ lpsmfw-cli iptables show input | grep "443"
You can view the firewall rules for all three chains (INPUT, OUTPUT, and FORWARD) using the lpsmfw-cli iptables show command.
Syntax:
lpsmfw-cli iptables show
Example:
$ lpsmfw-cli iptables show
---------- INPUT ----------
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1:65535 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-mode
srcip,dstport --hashlimit-name dropped_tcp -j LOG --log-prefix "set_firewall; denied tcp; " --log-level 7
-A INPUT -p tcp -m tcp --dport 1:65535 -j DROP
---------- FORWARD ----------
-A FORWARD -j DROP
---------- OUTPUT ----------
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
-A OUTPUT -o tun+ -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun+ -p tcp -m tcp --dport 1:65535 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-
mode srcip,dstport --hashlimit-name dropped_tcp -j LOG --log-prefix "set_firewall; denied tcp; " --log-level 7
You can view the firewall rules for a particular chain (INPUT, OUTPUT, or FORWARD) using the lpsmfw-cli iptables show <chain_type> command.
Syntax:
lpsmfw-cli iptables show <chain_type>
The <chain_type> can be input, output, or forward for INPUT, OUTPUT, or FORWARD respectively.
Example:
$ lpsmfw-cli iptables show input
---------- INPUT ----------
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1:65535 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-mode
srcip,dstport --hashlimit-name dropped_tcp -j LOG --log-prefix "set_firewall; denied tcp; " --log-level 7
-A INPUT -p tcp -m tcp --dport 1:65535 -j DROP
You can first set the default firewall policy to ACCEPT for all three chains (INPUT, OUTPUT, and FORWARD) and then flush the firewall rules using the lpsmfw-cli iptables flush command.
Syntax:
lpsmfw-cli iptables flush
Example:
$ lpsmfw-cli iptables flush
[ OK ] Firewall is flushed
$ lpsmfw-cli iptables show
---------- INPUT ----------
---------- FORWARD ----------
---------- OUTPUT ----------
You can reload flushed firewall rules using the lpsmfw-cli iptables reload command.
Syntax:
lpsmfw-cli iptables reload
Example:
$ lpsmfw-cli iptables reload
WARNING:root:configgenerator; regenerating config files; inbackground=True
$ lpsmfw-cli iptables show
---------- INPUT ----------
-A INPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -i lo -j ACCEPT
-A INPUT -p tcp -m tcp --dport 1:65535 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-mode
srcip,dstport --hashlimit-name dropped_tcp -j LOG --log-prefix "set_firewall; denied tcp; " --log-level 7
-A INPUT -p tcp -m tcp --dport 1:65535 -j DROP
---------- FORWARD ----------
-A FORWARD -j DROP
---------- OUTPUT ----------
-A OUTPUT -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A OUTPUT -p icmp -m icmp --icmp-type 14 -j DROP
-A OUTPUT -o tun+ -p tcp -m tcp --dport 443 -j ACCEPT
-A OUTPUT -o tun+ -p tcp -m tcp --dport 1:65535 -m hashlimit --hashlimit-upto 1/min --hashlimit-burst 1 --hashlimit-
mode srcip,dstport --hashlimit-name dropped_tcp -j LOG --log-prefix "set_firewall; denied tcp; " --log-level 7
You can view the firewall policies (ACCEPT or DROP) for all three chains (INPUT, OUTPUT, and FORWARD) using the lpsmfw-cli iptables policy command.
Syntax:
lpsmfw-cli iptables policy
Example:
$ lpsmfw-cli iptables policy
INPUT - ACCEPT
FORWARD - DROP
OUTPUT - ACCEPT
You can view the firewall policies (ACCEPT or DROP) for a particular chain (INPUT, OUTPUT, or FORWARD) using the lpsmfw-cli iptables policy <chain_type> command.
Syntax:
lpsmfw-cli iptables policy <chain_type>
The <chain_type> can be input, output, or forward for INPUT, OUTPUT, or FORWARD respectively.
Example:
$ lpsmfw-cli iptables policy forward
FORWARD - DROP