Solutions

Backing up and collecting diagnostic configuration information on Director

Solutions ID:    KB1441
Version:    41.0
Status:    Published
Published date:    03/04/2013
Updated:    03/04/2013
 

Problem Description

BlueCoat Support has asked for an Archive (Archive all) of my Director configuration. How do I do this?

Blue Coat Support has asked for a Memory dump of DIrector. How do I do this?

How do I back up my Director configuration?

How can I back up Director?

How can I extract an overlay file for support?

 

Overview

This article discusses how to archive (that is, back up) Director and store the archive on a remote server that Director can access. Other than for safety and security reasons, you can optionally restore the archive on another Director appliance.

This article is written for SGME 5.4.1.1 and later; some features discussed in this article (for example, archiving Director using a job) are available only on SGME 5.4.1.1 and later.

For instructions on archiving Director on earlier SGME versions, see the Configuration and Management Guide. You can also refer to this article.

Archiving Director involves the following high-level tasks:

  1. Saving Director's current configuration using the configuration mode command: configuration write
  2. Recommended. Writing Director's configuration to a file using the configuration mode command: configuration write-to configuration-filename
  3. Create an encryption key pair. (You can optionally use the default key pair.)
  4. Archive Director using either the Management Console or command line. (Management Console archiving is available only on SGME 5.4.1.1 and later.)
  5. Sending the file to a off box location.
     

What an archive contains:

  • Director’s network configuration (IP address, DNS servers, and so on)
  • Profiles, overlays, jobs, groups, and devices
  • Objects associated with profiles, overlays, jobs, and groups (for example,
  • substitution variables, URL lists, regular expression lists, and so on)

The following are not included in an archive configuration:

  • Alerts
  • SNMP (after restoring the archive, SNMP will be disabled and SNMP contact information restores to default values)
  • NTP
  • The SGME software image.
  • Licenses
  • Private key and certificate, unless they were configured using the show key pair command

Resolution

  1. Back up your configuration.
  2. Check the configuration file.
  3. Make the configuration file the current file.
  4. Create an archive of your configuration and logs for Blue Coat Support.
  5. Create and send the debug dump file to  Blue Coat Support.
  6. Retrieve an overlay file that Director might pull from a ProxySG appliance.

NOTE: After each command in the Command Line Interface (CLI), you can enter a question mark "?" to display more information about it, such as sub-commands.

Task 1 - Back up your configuration

Log in to the CLI using SSH and enter the following:

>enable
#config t
(config)# configuration write
(config)#
configuration write to filename

Task 2 - Check the configuration file

Enter the following:

director (config) # show configuration files

The output should look like the following:
File initial:
Size: 4.9 kilobytes
File sgme-5.3.1.2 (active):
Size: 4.9 kilobytes
Free space remaining: 25.5 gigabytes

To rename a configuration file, enter:

(config) # configuration move <current_filename>  <new_filename>

Task 3 - Make the configuration file the current file

Enter the following:

(config) # configuration switch-to current 

Alternatively, the following command makes a older archive the current file:

(config) # configuration switch-to filename

NOTE: The argument -write - (used in Task 1) saves the active configuration to a file and makes the file the active configuration, but not the 'current' one.

Task 4 -  Create an archive of your configuration and logs for Blue Coat Support

Generate a private key:

(config)# archive generate key <mypublickeyname>

Use the private key to create a dump file:

(config)#  archive all create key <mypublickeyname>
# show archive key <mypublickeyname>

Important: You will be prompted for a pass phrase, which is the same as your key name. You will need to provide this public key to Blue Coat Support so that they can extract your archive. When Support extracts the archive onto the LAB Director appliance,  their admin password will change to your own password.  In other words, Support needs your password. Blue Coat recommends that you change your password after sending in the archive. Creating a key is necessary for Blue Coat Support to open the file on their own Director appliances. Archives created without a key can only be extracted on the same Director appliance that they were created on.

To create an archive without a key:

(config)#  archive all create <archive name>

To send the archive to an off-box location:

(config)#  archive all upload <name of archive file> ftp://ftp.<hostname_or_IP_address>/<name of archive file

To send the archive to Blue Coat Support, upload the debug dump to https://upload.bluecoat.com. Specify all of the information requested in the form, including the Service Request Number (Support ticket number).

Fetching and restoring Archive commands:

Archive all fetch <name of archive>ftp://<ip address of host>

Archive all restore <name of archive>  key <mypublickeyname>

TIPS:

  • Fetching an archive often means you need to resort to a 8.3 filename.
  • All archives and dump files are kept in the /local/userfiles folder.

Task 5 -  Create and send the debug dump file to Blue Coat Support

Generate the dump file:

(config)# debug dump generate  

Blue Coat will request for extra logging in the debug dump file. Please make sure the logging level is set to debug before you reproduce the issue and generate the dump file.  After you generate the file, change the logging level back to notice.

(config)# logging local debug 
(config)# debug dump generate 
(config)# logging local notice 

To send a memory dump file to an off-box location:

director (config)#  debug dump upload <name of dump file> ftp://<hostname_or_IP_address>/<folder_location>/<name_of_dump_file>   username <username>

TIPS:

  • Director will prompt you for a password.
  • Use a double forward slash after the DNS name, or IP address.
  • All archives and dumps are kept in the /local/Collectingolder, accessible with the shell command.
  • Specifying a username and password in the URL is not supported. A username and password can be specified in parameters on the command line.
     If  <your path entered here>  ends with a directory name, it must end with / .

If you are using Linux:

You can obtain some manual information by using the Linux prompt to collect the output of these commands. Refer to KB4178 for more information.

NOTE: Execute these commands only if specifically requested:

  • Debug dump 
  • ps aufx 
  • du –hs /tmp/* /var/* 
  • mount

Send the file to Blue Coat Support:

  1. Upload the debug dump file to https://upload.bluecoat.com.
  2. Include your contact information and ticket number in the submission form. Refer to KB4183 for more information.

To delete a dump file:

 (config)# debug dump delete <filename>

Task 6 -  Retrieve an overlay file that Director might pull from a ProxySG appliance

Method 1: Using the CLI

  1. Using SSH, log into the Command Line Interface (CLI).
  2. Enter enable mode.
  3. Enter conf t.
  4. Enter show config.
  5. Copy and paste the output into a text file.
  6. Send the file to Blue Coat Support.

Method 2: Using the Management Console

  1. Log in to the console and navigate to the Configure tab.
  2. Select the registered ProxySG appliance you want to use as the source of your profile.
  3. Right-click on the configuration library area on the right and click New Profile.
  4. Name the new profile, for example, 'My new profile'.
  5. Select Device, and choose the appliance you want to pull a profile/overlay file from.
  6. Click OK
  7. Edit this profile, and copy and paste the output into a text file.
  8. Send the file to Blue Coat Support.

NOTES:

  • The debug dump file contains all the necessary log information from Director. Blue Coat recommends that you collect the debug dump as a first step.
  • To send both a dump file and an archive to a FTP server, you may need to provide credentials. If this is the case, provide them on the same line, as per this example:
    director # archive config upload <name of archive> ftp://<ftp server address>/ username <name> password <password>
  • The attachment to this article discusses the details of archiving Director. Note the following:
    • The attachments are from the Director Configuration and Management Guide.
    • The page numbering in the attachment is the same as the page numbering in the Configuration and Management Guide books.
    • Some cross-references in the attachment do not work because they refer to other sections or chapters in the book.
    • The attachment discusses how to get the entire Director Configuration and Management Guide, and Blue Coat strongly recommends you do so.
    • If you do not see the attachment, log in to the Knowledge Base using your BlueTouch Online credentials.

Related Information

For more information on topics related to this article, see the following articles.

Topic Article #
Troubleshooting using the archive file KB4143
Troubleshooting tips for being unable to get into Director Management Console FAQ1007
Which ports must be open for Director KB3457
Upgrading Director KB1425
Releasing disk space KB3782

 

Attachment

archive-director.pdf
270K • < 1 minute @ 56k, < 1 minute @ broadband



Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
 
 
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.
 
 

Your response will be used to improve our document content.

Ask a Question