Cisco Guard Configuration Guide (Software Version 3.08) - Guard Diagnostics and Maintenance [Cisco Guard DDoS Mitigation Appliances]

Table Of Contents

Guard Diagnostics and Maintenance

Guard and Zone Files Transfer

Guard Log-file: From the Guard to an FTP Server

Guard Configuration File: From the Guard to an FTP Server

Guard/Zone Configuration-File: From an FTP Server to the Guard

Zone Configuration File: From the Guard to an FTP Server

Zone Log File: From the Guard to an FTP Server

Guard Report List: From the Guard to an FTP Server

Zone Reports: From the Guard to an FTP Server

The Guard Log-file

Displaying the Guard Log-file

Clearing the Guard Log-file

Guard Syslog and Log-file Export

Configuring the Syslog Export Parameters

Displaying the Exported Guard Syslog Configurations

Exporting the Guard's Log-file

Disabling the Guard Log-file Export

The Guard Event Log

Displaying On-line Event Logging

Terminating On-line Display of Event Logging

Configuring Logs and Reports History

Guard Diagnostics Commands

Display Guard's General Diagnostics Data

Display Guard's Memory Consumption

Displaying the Guard's CPU Status

ARP Cache

Netstat

Traceroute

Ping

Guard Disk Operations

Displaying Used Disk Space

Disk Cleaning

Guard Diagnostics and Maintenance

This chapter describes the commands relating to the Guard's diagnostics and maintenance operations. This chapter describes Guard and Zone files (configuration and log) transfer procedures, and additional Guard log and event files procedures (including Guard log file configurations). The chapter concludes in detailing the Guard's diagnostics commands.

Guard and Zone Files Transfer

The Guard has its log file for monitoring and recording its current events, performed actions, and the protective measures it undertook. In addition, the Guard has the configuration (running-config) and the Zone configuration (running-config) files. The Guard configuration file records the Guard's configuration parameters and the Zone log file records events relating to a specific Zone. These events could be detected attacks; protective actions the Guard took and so on. These files can be transferred (`copied'). The following file transfer procedures are:

•Guard Log-file: From the Guard to an FTP Server

•Guard Configuration File: From the Guard to an FTP Server

•Guard/Zone Configuration-File: From an FTP Server to the Guard

•Zone Configuration File: From the Guard to an FTP Server

•Zone Log File: From the Guard to an FTP Server

•Guard Report List: From the Guard to an FTP Server

•Zone Reports: From the Guard to an FTP Server

Guard Log-file: From the Guard to an FTP Server

This is the procedure in which the user transfers the Guard log-file to an FTP server to enable remote sharing of the Guard monitoring information.

To transfer the Guard log-file to an FTP server perform the following:

1. From the Global command group level type the following:
admin@GUARD# copy log ftp <server> <full-file-name> [<login>] 
[<password>] 
Where:

•server—The FTP server IP address.

•full-file-name—The log-file full file name.

Note The server assumes the user's home directory when a path is not specified.

•login—(Optional) The FTP server login name.

Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password.

•password—(Optional) The FTP server password.

Note If a password is not entered, the user will be prompted for the password.

2. Choose ENTER. The following prompt appears:
admin@GUARD# copy log ftp 10.0.0.191 log.txt user password
FTPing...
Passive mode off.
Local directory now /Cisco/ImpExp
admin@GUARD#
Guard Configuration File: From the Guard to an FTP Server

This is the procedure in which the user transfers the Guard configuration file (running-config) to an FTP server to enable implementing the Guard configuration parameters on another Guard or for backing up.

To transfer the Guard configuration file to an FTP server perform the following:

1. From the Global command group level type the following:
admin@GUARD# copy running-config ftp <server> <full-file-name> 
[<login>] [<password>] 
Where:

•server—The FTP server IP address.

•full-file-name—The log-file full file name.

Note The server assumes the user's home directory when a path is not specified.

•login—(Optional) The FTP server login name.

Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password.

•password—(Optional) The FTP server password.

Note If a password is not entered, the user will be prompted for the password.

2. Choose ENTER. The following prompt appears:
admin@GUARD# copy running-config ftp 10.0.0.191 run-conf.txt user 
password
FTP in progress...
admin@GUARD#
Guard/Zone Configuration-File: From an FTP Server to the Guard

This is the procedure in which the user transfers a Guard or a Zone configuration file from an FTP server and reconfigures itself according to the newly transferred configuration file. This may be performed to enable Guard configuration based on an existing Guard configuration file.

Note The new configuration overruns the existing one.

To transfer a Guard configuration file from an FTP server to a Guard perform the following:

1. From the Global command group level type the following:
admin@GUARD# copy ftp running-config <server> <full-file-name> 
[<login>] [<password>] 
Where:

•server—The FTP server IP address.

•full-file-name—The log-file full file name.

Note The server assumes the user's home directory when a path is not specified.

•login—(Optional) The FTP server login name.

Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password.

•password—(Optional) The FTP server password.

Note If a password is not entered, the user will be prompted for the password.

2. Choose ENTER. The following prompt appears:

Note The Guard displays the following warning message when FTP fails: Ftp failed. Check server, filename, username and password.
admin@GUARD# copy ftp running-config 10.0.0.191 
run-conf.txt user password
FTP in progress...
.
.
admin@GUARD#
While the command is being executed the user can view the Guard reconfiguring process and the commands being executed. This may take several minutes.

To transfer a Zone configuration file from an FTP server to a Guard perform the following:

1. From the Global command group level type the following:
admin@GUARD#copy zone <zone-name> running-config ftp <server> 
<full-file-name> [<login>] [<password>]
See parameter description in the above table (zone-name denotes the Zone name).

2. Choose ENTER. The following prompt appears:
admin@GUARD#
Zone Configuration File: From the Guard to an FTP Server

This is the procedure in which the user transfers the specified Zone running-config file to an FTP server to enable a remote monitoring of the Guard activities that relate to the Zone.

To transfer the Zone running-config file to an FTP server perform the following:

1. From the Global command group level type the following:
admin@GUARD# copy zone <zone-name> running-config ftp <server> 
<full-file-name> [<login>] [<password>] 
Where:

•zone-name—The Zone name.

•server—The FTP server IP address.

•full-file-name—The log-file full file name.

Note The server assumes the user's home directory when a path is not specified.

•login—(Optional) The FTP server login name.

Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password.

•password—(Optional) The FTP server password.

Note If a password is not entered, the user will be prompted for the password.

2. Choose ENTER. The following prompt appears:
admin@GUARD# copy zone scannet running-config ftp 10.0.0.191 
scannet-conf.txt user password
FTP in progress...
admin@GUARD#
Zone Log File: From the Guard to an FTP Server

This is the procedure in which the user transfers a specified Zone log file from the Guard to an FTP server. This may be performed for diagnostic purposes.

To transfer a Zone log file to an FTP server perform the following:

1. From the Global command group level type the following:
admin@GUARD# copy zone <zone-name> log ftp <server> 
<full-file-name> [<login>] [<password>]
Where:

•zone-name—The Zone name.

•server—The FTP server IP address.

•full-file-name—The log-file full file name.

Note The server assumes the user's home directory when a path is not specified.

•login—(Optional) The FTP server login name.

Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password.

•password—(Optional) The FTP server password.

Note If a password is not entered, the user will be prompted for the password.

2. Choose ENTER. The following sample screen appears:
admin@GUARD# copy zone scannet log ftp 10.0.0.191 scannet-log.txt 
user password
FTP in progress. . .
admin@GUARD#
Guard Report List: From the Guard to an FTP Server

The Guard enables the user to transfer the Guard report list to an FTP server for diagnostics and monitoring. See section "Exporting Reports" in Chapter 12, "Attack Reports," for further details.

Zone Reports: From the Guard to an FTP Server

The Guard enables the user to transfer a Zone's specific attack report to an FTP server for diagnostics and monitoring. See Section Exporting Reports attacks in Chapter 12, "Attack Reports," for further details.

The Guard Log-file

Displaying the Guard Log-file

The user may wish to display the Guard log for review and Guard diagnostics and monitoring. The user should issue the show log command for that purpose.

To display the Guard log perform the following:

1. From the Global command group level type the following:
admin@GUARD#show log
2. Choose ENTER. The following sample screen appears:
admin@GUARD#show log
Sep 29 10:58:10 localhost cm: self-protection, 5 protection-start: 
Activation of
 Guard Self Protection completed successfully
Sep 29 10:58:12 localhost cm: Guard, 5 INITIALIZATION: CM 
intialization completed successfully
Sep 29 10:58:12 localhost sshd[712]: Server listening on 0.0.0.0 
port 22.
Sep 29 11:01:28 localhost RHWatchdog: RHWatchdog: Changed logging 
facility to lo
cal4
Sep 29 11:01:28 localhost RHWatchdog: RHWatchdog: running in Guard 
mode
Sep 29 11:01:31 localhost cm: self-protection, 5 protection-start: 
Activation of
 Guard Self Protection completed successfully
...
admin@GUARD#
Clearing the Guard Log-file

The Guard enables the user to clear the log-file content.

To clear the log-file content perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# clear zone <zone-name> log
Or

From the Zone command group level type the following:
admin@GUARD-conf-zone-scannet# clear log
Where zone-name specifies the Zone name.

2. Choose ENTER. The following prompt appears:
admin@GUARD-conf#
Guard Syslog and Log-file Export

Exporting the Guard log file enables a remote user to view the Guard operations registered in the Guard log-file and also for remote diagnostics. The user can view from a remote host the Guard events as they are registered, on-line, in the Guard's log-file. The Guard's log-file is exported using the syslog mechanism and may be exported to several IP addresses. The facility and trap level may be configured for the exported log-file.

Note On-line Guard log export is only applicable with a remote syslog server. In case a remote syslog server is not available, use the copy log command to export the Guard's log-file.

Configuring the Syslog Export Parameters

To configure the syslog export parameters perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# logging {facility |host |trap}
Where:
•facility—Configures the export syslog facility The available facilities are local0 through local7.

Note Default is local4.

•host—Configures the remote syslog server's IP address to which the log will be exported.

•trap—Configures the severity level of the syslog traps sent to the remote syslog. Trap levels of lower severity include levels of higher severity. For example, if the trap level is set to warning, error, critical, alerts and emergencies will also be sent. The available trap levels from the highest to the least severity level are: emergencies, alerts, critical, errors, warnings, notification, informational, debugging.

2. Choose ENTER. Below is an example of the logging command:
admin@GUARD-conf# logging facility local3
admin@GUARD-conf# logging trap notifications
admin@GUARD-conf# logging host 10.0.0.191
admin@GUARD-conf#
Displaying the Exported Guard Syslog Configurations

The user may wish to display the syslog file configurations and the list of the Guard syslog -file export destination IPs.

To display the syslog export file definitions perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# show logging 
2. Choose ENTER. The prompt displays the following information:

•logging to host—The IP address of the remote syslog server.

•logging trap level—The severity level of the syslog traps sent to the remote syslog. Trap levels of lower severity include levels of higher severity. For example, if the trap level is set to warning- error, critical, alerts and emergencies will also be sent.

•logging facility—The logging facility where the log messages will be sent. The supported facilities for syslog are local0 through local7.

Below is an example of the show logging command:
admin@GUARD-conf# show logging
Logging to host: 10.0.0.191
Logging to host: 10.0.0.192
Logging trap level: notifications
Logging facility: local4
admin@GUARD-conf#
Exporting the Guard's Log-file

To export the Guard log-file to a remote host perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# export log <remote-syslog-server-ip>
Where remote-syslog-server-ip specifies the remote syslog server's IP address.

2. Choose ENTER.

Disabling the Guard Log-file Export

The user may disable the exporting of the Guard's log-file to one or all IP addresses.

To disable the Guard's log-file export to one or all IP addresses perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# no logging host <remote-syslog-server-ip>
Where remote-syslog-server-ip specifies the remote syslog server's IP address. Use `*' to disable export of the Guard's log-file to all IP addresses.

2. Choose ENTER.

Or alternatively:

1. From the Configuration command group level type the following:
admin@GUARD-conf# no export log <remote-syslog-server-ip> 
Where remote-syslog-server-ip specifies the remote syslog server's IP address. Use `*' to disable export of the Guard's log-file to all IP addresses.

2. Choose ENTER.

The Guard Event Log

Displaying On-line Event Logging

The user may wish to display and view the on-line logging of the Guard events.

To view a real time event log perform the following:

1. From the Global command group level type the following:
admin@GUARD# event monitor
2. Choose ENTER. The following screen appears:
admin@GUARD# event monitor
admin@GUARD#
********* New Event ************
Time = Oct  8 15:51:59
Type = added-events-client
Severity = 6
Sequence Number = 1
Message:
Event client added successfully.
********* End of Event ************
The screen constantly updates with events.

Terminating On-line Display of Event Logging

The user may wish to terminate the process of event logging display.

To terminate the display of the Guard event logging perform the following:

1. From the Global command group level type the following:
admin@GUARD# no event monitor
2. Choose ENTER. The following prompt appears:
admin@GUARD# no event monitor
admin@GUARD# Ending the event flow.
admin@GUARD#
The event monitoring display terminates.

Configuring Logs and Reports History

The Guard enables the user to configure how far back will the Guard record the logs and the attack reports (of both the Guard's and its Zone or Zones). See Chapter 12, "Attack Reports," for further details.

To configure report and log history perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# history {logs| reports} <days> [enforce-now]
Where:

•logs|reports—The desired records. logs selects the Guard and Zone logs; reports selects the zone attack report.

•days—An integer specifying the length of history time. The history time range is 1-60 days for the reports and 1-7 days for the logs.

Note The default history time is 7 days for the logs and 30 days for the reports.

•enforce-now—(Optional) The Guard immediately adopts (and if necessary erases) the recorded logs and reports history capacity to the current command.

2. Choose ENTER. The following prompt appears:
admin@GUARD-conf#
Guard Diagnostics Commands

This section describes a group of command designed to help in Guard diagnostics. These commands consist of the following:

•Display Guard's General Diagnostics Data

•Display Guard's Memory Consumption

•Displaying the Guard's CPU Status

•ARP Cache

•Netstat

•Traceroute

•Ping

Display Guard's General Diagnostics Data

The Guard enables the user to view a general display of diagnostics data.

Note The diagnostics data scope is wider when an RA-HDG card is installed. See below in this section for diagnostics data display when the Guard has an RA-HDG card installed.

To view a general display of the diagnostics data perform the following:

1. From the Global command group level type the following:
admin@GUARD#show diagnostic-info
Or alternatively:

From the Configuration command group level type the following:
admin@GUARD-conf#show diagnostic-info
2. Choose.ENTER. The following sample screen appears:
Accelerator card CPU speed: 750 MHZ
Accelerator card revision : B/I7
Accelerator card serial   : 03340027
CFE version               : 18
Recognition Average Sample Loss: 0.0%
Forward failures (no resources): 0 packets
The information display consists of the following items:

•Accelerator card CPU speed—Indicates the accelerator cards CPU speed.

•Accelerator card revision—Indicates the accelerator card revision number.

•Accelerator card serial—Indicates the accelerator card serial number.

•CFE version—Indicates the CFE version number

•Recognition Average Sample Loss—Indicates the calculated Recognition module packet sample loss.

•Forward failures (no resources)—Indicates the number of unsent packets due to lack of system recourses.

When an RA-HDG card is installed (see section "The Guard Rear Panel" in Chapter 2, "Initial Procedures," for further details) the Guard displays enhanced diagnostics data as shown in the below screen:
admin@Guard> show diagnostic-info
Accelerator card CPU speed: 750 MHZ
Accelerator card revision : B/I7
Accelerator card serial   : 03340027
CFE version               : 18
Recognition Average Sample Loss: 0.0%
Forward failures (no resources): 0 packets
Hardware diagnostics:
Fan Speeds:
   1: 72
   2: 55
   3: 54
   4: 55
   5: 70
Maximum Fans = 8
Installed Fans: 1 2 3 4 5
Running Fans: 1 2 3 4 5
System uptime = 778
The number of system restarts = 22
Blue Light state = OFF
System UUID = A0 F3 69 CC 39 B4 4A 12 89 D6 00 AC 2C A1 D6 ED
CPU 1 Temperature = 29.0
CPU 2 Temperature = 28.0
DASD 1 Temperature = 23.0
Ambient Temperature = 23.0
... ... ... ... 
The enhanced diagnostics data are:

•Fan Speeds—The Guard displays its fan speed.

•Maximum Fans—The Guard displays it's capability of installed fans.

•Installed Fans—The Guard displays the number of currently installed fans.

•Running Fans—The Guard displays the number of currently running fans.

•System uptime—The Guard displays the number of hours the system has been up and running.

•The number of system restarts—The Guard displays the number of times the system restarted.

•Blue Light state—The Guard displays the blue LED.

•System UUID—The Guard displays the system's Universal Unique ID.

•CPU 1 Temperature—The Guard displays microprocessor no. 1 temperature.

•CPU 2 Temperature—The Guard displays microprocessor no. 2 temperature.

•DASD 1 Temperature—The Guard displays the hard disk drive temperature.

•Ambient Temperature—The Guard displays the current ambient system temperature.

The Guard has several inner status indicating LEDs. These are normally OFF. When turned ON they indicate a problem, as the diagnostics screen will show:

•LED: Diagnostics Panel Location 9 PCI Bus Function 0 on

•LED: Diagnostics Panel Location 8 NMI Function 0 on

•LED: Diagnostics Panel Location 7 DASD Fault Function 0 on

•LED: Diagnostics Panel Location 6 Current Over Specification Function 0 on

•LED: Diagnostics Panel Location 5 Memory Fault Function 0 on

•LED: Diagnostics Panel Location 4 Non-redundant Power Function 0 on

•LED: Diagnostics Panel Location 1 Power Supply Function 1 on

•LED: Diagnostics Panel Location 0 Power Supply Function 0 on

•LED: Front Panel Location 4 System Error Function 0 on

•LED: Front Panel Location 3 System Information Function 0 on

•LED: Fan Location 7 Fan Function 7 on

•LED: Fan Location 6 Fan Function 6 on

•LED: Fan Location 5 Fan Function 5 on

•LED: Fan Location 4 Fan Function 4 on

•LED: Fan Location 3 Fan Function 3 on

•LED: Fan Location 2 Fan Function 2 on

•LED: Fan Location 1 Fan Function 1 on

•LED: Fan Location 0 Fan Function 0 on

•LED: System Board Location 7 Memory Function 3 on

•LED: System Board Location 6 Memory Function 2 on

•LED: System Board Location 5 Memory Function 1 on

•LED: System Board Location 4 Memory Function 0 on

•LED: System Board Location 3 VRM Function 1 on

•LED: System Board Location 2 VRM Function 0 on

•LED: System Board Location 1 CPU Function 1 on

•LED: System Board Location 0 CPU Function 0 on

•LED: Diagnostics Panel Location 15 Temperature Over Specification Function 0 on

•LED: Diagnostics Panel Location 14 PCI Bus Function 2 on

•LED: Diagnostics Panel Location 13 CPU VRM Mismatch Function 0 on

•LED: Diagnostics Panel Location 12 Fan Fault Function 0 on

•LED: Diagnostics Panel Location 11 PCI Bus Function 1 on

•LED: Diagnostics Panel Location 10 SP Fault Function 0 on

Display Guard's Memory Consumption

To display the Guard memory consumption perform the following:

1. From the Global command group level type the following:
admin@GUARD# show memory
Or alternatively:

From the Configuration command group level type the following:
admin@GUARD-conf# show memory 
2. Choose ENTER. The following sample screen appears:
admin@GUARD# show memory
              total    used    free    shared   buffers   cached
  In KBytes:  2065188  146260  1918928    0     2360      69232
  Recognition Used Memory: 0.3%
admin@GUARD# 
Displaying the Guard's CPU Status

To display the Guard CPU status perform the following:

1. From the Global or Configuration command group level type the following:
admin@GUARD# show cpu
2. Choose ENTER. The following sample screen appears:
admin@GUARD# show cpu
Host CPU:  0.0% user,  0.1% system,  0.0% nice, 99.0% idle
admin@GUARD#
ARP Cache

To view and configure the Cisco Guard ARP cache perform the following:

1. From the Global command level prompt line type the following:
admin@GUARD# arp <param>
Or alternatively:

From the Configuration command group level type the following:
admin@GUARD-conf# arp <param>
Or alternatively:

From the Zone command group level type the following:
admin@GUARD-conf-zone-<zone-name># arp <param>
Where param specifies the various parameters used for manipulating the Guard ARP cache. Refer to any reliable authority on Linux for further details.

Caution Configuration of the Guard ARP cache requires excellent knowledge of the Guard system and the networks where it's installed.

2. Choose ENTER. The following screen appears.
admin@GUARD# arp -e
Address        HWtype  HWaddress           Flags Mask  Iface
10.10.1.254    ether   00:02:B3:C0:61:67   C           eth0
10.10.8.11     ether   00:02:B3:45:B9:F1   C           eth0
10.10.8.253    ether   00:D0:B7:46:72:37   C           eth0
10.10.10.54    ether   00:03:47:A6:44:CA   C           eth0
admin@GUARD#
Netstat

To display the Guard network connections, routing tables, and interface statistics perform the following:

1. From the Global command group level type the following:
admin@GUARD# netstat  <param>
Or

From the Configuration command group level type the following:
admin@GUARD-conf# netstat  <param>
Or

From the Zone command group level type the following:
admin@GUARD-conf-zone-<zone-name># netstat  <param>
Where param specifies the various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details.

2. Choose ENTER. The following partial screen appears:
admin@GUARD# netstat -v
Active Internet connections (w/o servers)
Proto Recv-Q Send-Q Local Address   Foreign Address         State
tcp        0      0 localhost:1111  localhost:32777    ESTABLISHED
tcp        0      0 localhost:8200  localhost:32772    ESTABLISHED
...
tcp        0      0 localhost:33464 localhost:8200     TIME_WAIT
tcp        1      0 localhost:1113  localhost:33194    CLOSE_WAIT
...
Active UNIX domain sockets (w/o servers)
Proto RefCnt Flags       Type       State         I-Node Path
unix  8      [ ]         DGRAM                    1023   /dev/log
unix  2      [ ]         DGRAM                    7753
...
unix  2      [ ]         STREAM     CONNECTED     928
unix  3      [ ]         STREAM     CONNECTED     890  /tmp/.zserv
...
netstat: no support for `AF IPX' on this system.
netstat: no support for `AF AX25' on this system.
netstat: no support for `AF X25' on this system.
netstat: no support for `AF NETROM' on this system.
admin@GUARD#
Traceroute

To display a specified traced route perform the following:

1. From the Global command group level type the following:
admin@GUARD# traceroute <ip-address> [<param>]
Or

From the Configuration command group level type the following:
admin@GUARD-conf# traceroute <ip-address> [<param>]
Or

From the Zone command group level type the following:
admin@GUARD-conf-zone-<zone-name># traceroute <ip-address> 
[<param>]
Note The traceroute command in the Guard displays only IP addresses and not names.

Where:

•ip-address—The IP address to trace the route to.

•param—(Optional) Various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details.

2. Choose ENTER. The following screen appears:
admin@GUARD# traceroute 10.10.10.34
traceroute to 10.10.10.34 (10.10.10.34), 30 hops max, 38 byte 
packets
 1 10.10.10.34 (10.10.10.34) 0.577 ms  0.203 ms  0.149 ms
admin@GUARD#
Ping

To ping a specified network element perform the following:

1. From the Global command group level type the following:
admin@GUARD# ping <ip-address> [<param>]
Or alternatively:

From the Configuration command group level type the following:
admin@GUARD-conf# ping <ip-address> [<param>]
Or alternatively:

From the Zone command group level type the following:
admin@GUARD-conf-zone-<zone-name># ping <ip-address> [<param>]
Where:

–ip-address—The IP address of the system to ping.

–param—(Optional) Various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details.
2. Choose ENTER. The following screen appears:
admin@GUARD# ping 10.10.10.30 -n 1
PING 10.10.10.30 (10.10.10.30) from 10.10.10.30 : 56(84) bytes of 
data.
64 bytes from 10.10.10.30: icmp_seq=1 ttl=255 time=0.026 ms
......
admin@GUARD#
Guard Disk Operations

Displaying Used Disk Space

The Guard records its activity logs and Zone attack reports. When the Guard records take over a certain disk space the Guard warns the user. If the used disk space continues to grow the Guard might erase logs and reports to clear valuable disk space. The user is therefore encouraged to configure the Guard to record a reduced number of days back and store often the Guard records on an FTP server.

To display the disk used space perform the following:

1. From the Global or Configuration command group level type the following:
admin@GUARD# show disk-usage
Or

From the Configuration command group level type the following:
admin@GUARD-conf# show disk-usage
2. Choose ENTER. The following sample screen appears:
admin@GUARD# show disk-usage
2%
Note The Guard enters a warning message at its syslog when the used disk space reaches about 80% of the disk maximum capacity. The user is advised to transfer log and report records to an ftp server. See the "Guard and Zone Files Transfer" section for details. When disk usage reaches 90% of the disk maximum capacity the Guard erases information to reduce used disk space to about 80%.

Disk Cleaning

The user may configure the Guard to erase its stored logs and reports to match the configured log and report storing parameters (see the "Configuring Logs and Reports History" section in this chapter for further details).

To reduce used disk space perform the following:

1. From the Configuration command group level type the following:
admin@GUARD-conf# disk-clean
2. Choose ENTER. The following prompt appears:
admin@GUARD-conf# 

	Cisco Guard Configuration Guide (Software Version 3.08)
	Guard Diagnostics and Maintenance
Cisco Guard Configuration Guide (Software Version 3.08) Preface Overview Initial Procedures Guard Configuration Zone Traffic Diversion Zone Configurations On-Demand Protection Routine Guard Procedures Guard Diagnostics and Maintenance Advanced Filter Procedures Advanced Policy Procedures Interactive Recommendations Mode Attack Reports Glossary Diversion Configuration Diversion Troubleshooting	Download this chapter Guard Diagnostics and Maintenance Download the complete book Cisco Guard User Guide (Software Version 3.0.8), Book-Length PDF (PDF - 4 MB) Table Of Contents Guard Diagnostics and Maintenance Guard and Zone Files Transfer Guard Log-file: From the Guard to an FTP Server Guard Configuration File: From the Guard to an FTP Server Guard/Zone Configuration-File: From an FTP Server to the Guard Zone Configuration File: From the Guard to an FTP Server Zone Log File: From the Guard to an FTP Server Guard Report List: From the Guard to an FTP Server Zone Reports: From the Guard to an FTP Server The Guard Log-file Displaying the Guard Log-file Clearing the Guard Log-file Guard Syslog and Log-file Export Configuring the Syslog Export Parameters Displaying the Exported Guard Syslog Configurations Exporting the Guard's Log-file Disabling the Guard Log-file Export The Guard Event Log Displaying On-line Event Logging Terminating On-line Display of Event Logging Configuring Logs and Reports History Guard Diagnostics Commands Display Guard's General Diagnostics Data Display Guard's Memory Consumption Displaying the Guard's CPU Status ARP Cache Netstat Traceroute Ping Guard Disk Operations Displaying Used Disk Space Disk Cleaning Guard Diagnostics and Maintenance This chapter describes the commands relating to the Guard's diagnostics and maintenance operations. This chapter describes Guard and Zone files (configuration and log) transfer procedures, and additional Guard log and event files procedures (including Guard log file configurations). The chapter concludes in detailing the Guard's diagnostics commands. Guard and Zone Files Transfer The Guard has its log file for monitoring and recording its current events, performed actions, and the protective measures it undertook. In addition, the Guard has the configuration (running-config) and the Zone configuration (running-config) files. The Guard configuration file records the Guard's configuration parameters and the Zone log file records events relating to a specific Zone. These events could be detected attacks; protective actions the Guard took and so on. These files can be transferred (`copied'). The following file transfer procedures are: •Guard Log-file: From the Guard to an FTP Server •Guard Configuration File: From the Guard to an FTP Server •Guard/Zone Configuration-File: From an FTP Server to the Guard •Zone Configuration File: From the Guard to an FTP Server •Zone Log File: From the Guard to an FTP Server •Guard Report List: From the Guard to an FTP Server •Zone Reports: From the Guard to an FTP Server Guard Log-file: From the Guard to an FTP Server This is the procedure in which the user transfers the Guard log-file to an FTP server to enable remote sharing of the Guard monitoring information. To transfer the Guard log-file to an FTP server perform the following: 1. From the Global command group level type the following: admin@GUARD# copy log ftp <server> <full-file-name> [<login>] [<password>] Where: •server—The FTP server IP address. •full-file-name—The log-file full file name. Note The server assumes the user's home directory when a path is not specified. •login—(Optional) The FTP server login name. Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password. •password—(Optional) The FTP server password. Note If a password is not entered, the user will be prompted for the password. 2. Choose ENTER. The following prompt appears: admin@GUARD# copy log ftp 10.0.0.191 log.txt user password FTPing... Passive mode off. Local directory now /Cisco/ImpExp admin@GUARD# Guard Configuration File: From the Guard to an FTP Server This is the procedure in which the user transfers the Guard configuration file (running-config) to an FTP server to enable implementing the Guard configuration parameters on another Guard or for backing up. To transfer the Guard configuration file to an FTP server perform the following: 1. From the Global command group level type the following: admin@GUARD# copy running-config ftp <server> <full-file-name> [<login>] [<password>] Where: •server—The FTP server IP address. •full-file-name—The log-file full file name. Note The server assumes the user's home directory when a path is not specified. •login—(Optional) The FTP server login name. Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password. •password—(Optional) The FTP server password. Note If a password is not entered, the user will be prompted for the password. 2. Choose ENTER. The following prompt appears: admin@GUARD# copy running-config ftp 10.0.0.191 run-conf.txt user password FTP in progress... admin@GUARD# Guard/Zone Configuration-File: From an FTP Server to the Guard This is the procedure in which the user transfers a Guard or a Zone configuration file from an FTP server and reconfigures itself according to the newly transferred configuration file. This may be performed to enable Guard configuration based on an existing Guard configuration file. Note The new configuration overruns the existing one. To transfer a Guard configuration file from an FTP server to a Guard perform the following: 1. From the Global command group level type the following: admin@GUARD# copy ftp running-config <server> <full-file-name> [<login>] [<password>] Where: •server—The FTP server IP address. •full-file-name—The log-file full file name. Note The server assumes the user's home directory when a path is not specified. •login—(Optional) The FTP server login name. Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password. •password—(Optional) The FTP server password. Note If a password is not entered, the user will be prompted for the password. 2. Choose ENTER. The following prompt appears: Note The Guard displays the following warning message when FTP fails: Ftp failed. Check server, filename, username and password. admin@GUARD# copy ftp running-config 10.0.0.191 run-conf.txt user password FTP in progress... . . admin@GUARD# While the command is being executed the user can view the Guard reconfiguring process and the commands being executed. This may take several minutes. To transfer a Zone configuration file from an FTP server to a Guard perform the following: 1. From the Global command group level type the following: admin@GUARD#copy zone <zone-name> running-config ftp <server> <full-file-name> [<login>] [<password>] See parameter description in the above table (zone-name denotes the Zone name). 2. Choose ENTER. The following prompt appears: admin@GUARD# Zone Configuration File: From the Guard to an FTP Server This is the procedure in which the user transfers the specified Zone running-config file to an FTP server to enable a remote monitoring of the Guard activities that relate to the Zone. To transfer the Zone running-config file to an FTP server perform the following: 1. From the Global command group level type the following: admin@GUARD# copy zone <zone-name> running-config ftp <server> <full-file-name> [<login>] [<password>] Where: •zone-name—The Zone name. •server—The FTP server IP address. •full-file-name—The log-file full file name. Note The server assumes the user's home directory when a path is not specified. •login—(Optional) The FTP server login name. Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password. •password—(Optional) The FTP server password. Note If a password is not entered, the user will be prompted for the password. 2. Choose ENTER. The following prompt appears: admin@GUARD# copy zone scannet running-config ftp 10.0.0.191 scannet-conf.txt user password FTP in progress... admin@GUARD# Zone Log File: From the Guard to an FTP Server This is the procedure in which the user transfers a specified Zone log file from the Guard to an FTP server. This may be performed for diagnostic purposes. To transfer a Zone log file to an FTP server perform the following: 1. From the Global command group level type the following: admin@GUARD# copy zone <zone-name> log ftp <server> <full-file-name> [<login>] [<password>] Where: •zone-name—The Zone name. •server—The FTP server IP address. •full-file-name—The log-file full file name. Note The server assumes the user's home directory when a path is not specified. •login—(Optional) The FTP server login name. Note The FTP server assumes anonymous login when the user does not insert a login name. The server will not prompt the user for a password. •password—(Optional) The FTP server password. Note If a password is not entered, the user will be prompted for the password. 2. Choose ENTER. The following sample screen appears: admin@GUARD# copy zone scannet log ftp 10.0.0.191 scannet-log.txt user password FTP in progress. . . admin@GUARD# Guard Report List: From the Guard to an FTP Server The Guard enables the user to transfer the Guard report list to an FTP server for diagnostics and monitoring. See section "Exporting Reports" in Chapter 12, "Attack Reports," for further details. Zone Reports: From the Guard to an FTP Server The Guard enables the user to transfer a Zone's specific attack report to an FTP server for diagnostics and monitoring. See Section Exporting Reports attacks in Chapter 12, "Attack Reports," for further details. The Guard Log-file Displaying the Guard Log-file The user may wish to display the Guard log for review and Guard diagnostics and monitoring. The user should issue the show log command for that purpose. To display the Guard log perform the following: 1. From the Global command group level type the following: admin@GUARD#show log 2. Choose ENTER. The following sample screen appears: admin@GUARD#show log Sep 29 10:58:10 localhost cm: self-protection, 5 protection-start: Activation of Guard Self Protection completed successfully Sep 29 10:58:12 localhost cm: Guard, 5 INITIALIZATION: CM intialization completed successfully Sep 29 10:58:12 localhost sshd[712]: Server listening on 0.0.0.0 port 22. Sep 29 11:01:28 localhost RHWatchdog: RHWatchdog: Changed logging facility to lo cal4 Sep 29 11:01:28 localhost RHWatchdog: RHWatchdog: running in Guard mode Sep 29 11:01:31 localhost cm: self-protection, 5 protection-start: Activation of Guard Self Protection completed successfully ... admin@GUARD# Clearing the Guard Log-file The Guard enables the user to clear the log-file content. To clear the log-file content perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# clear zone <zone-name> log Or From the Zone command group level type the following: admin@GUARD-conf-zone-scannet# clear log Where zone-name specifies the Zone name. 2. Choose ENTER. The following prompt appears: admin@GUARD-conf# Guard Syslog and Log-file Export Exporting the Guard log file enables a remote user to view the Guard operations registered in the Guard log-file and also for remote diagnostics. The user can view from a remote host the Guard events as they are registered, on-line, in the Guard's log-file. The Guard's log-file is exported using the syslog mechanism and may be exported to several IP addresses. The facility and trap level may be configured for the exported log-file. Note On-line Guard log export is only applicable with a remote syslog server. In case a remote syslog server is not available, use the copy log command to export the Guard's log-file. Configuring the Syslog Export Parameters To configure the syslog export parameters perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# logging {facility \|host \|trap} Where: •facility—Configures the export syslog facility The available facilities are local0 through local7. Note Default is local4. •host—Configures the remote syslog server's IP address to which the log will be exported. •trap—Configures the severity level of the syslog traps sent to the remote syslog. Trap levels of lower severity include levels of higher severity. For example, if the trap level is set to warning, error, critical, alerts and emergencies will also be sent. The available trap levels from the highest to the least severity level are: emergencies, alerts, critical, errors, warnings, notification, informational, debugging. 2. Choose ENTER. Below is an example of the logging command: admin@GUARD-conf# logging facility local3 admin@GUARD-conf# logging trap notifications admin@GUARD-conf# logging host 10.0.0.191 admin@GUARD-conf# Displaying the Exported Guard Syslog Configurations The user may wish to display the syslog file configurations and the list of the Guard syslog -file export destination IPs. To display the syslog export file definitions perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# show logging 2. Choose ENTER. The prompt displays the following information: •logging to host—The IP address of the remote syslog server. •logging trap level—The severity level of the syslog traps sent to the remote syslog. Trap levels of lower severity include levels of higher severity. For example, if the trap level is set to warning- error, critical, alerts and emergencies will also be sent. •logging facility—The logging facility where the log messages will be sent. The supported facilities for syslog are local0 through local7. Below is an example of the show logging command: admin@GUARD-conf# show logging Logging to host: 10.0.0.191 Logging to host: 10.0.0.192 Logging trap level: notifications Logging facility: local4 admin@GUARD-conf# Exporting the Guard's Log-file To export the Guard log-file to a remote host perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# export log <remote-syslog-server-ip> Where remote-syslog-server-ip specifies the remote syslog server's IP address. 2. Choose ENTER. Disabling the Guard Log-file Export The user may disable the exporting of the Guard's log-file to one or all IP addresses. To disable the Guard's log-file export to one or all IP addresses perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# no logging host <remote-syslog-server-ip> Where remote-syslog-server-ip specifies the remote syslog server's IP address. Use `' to disable export of the Guard's log-file to all IP addresses. 2. Choose ENTER. Or alternatively: 1. From the Configuration command group level type the following: admin@GUARD-conf# no export log* <remote-syslog-server-ip> Where remote-syslog-server-ip specifies the remote syslog server's IP address. Use `' to disable export of the Guard's log-file to all IP addresses. 2. Choose ENTER. The Guard Event Log Displaying On-line Event Logging The user may wish to display and view the on-line logging of the Guard events. To view a real time event log perform the following: 1. From the Global command group level type the following: admin@GUARD# event monitor* 2. Choose ENTER. The following screen appears: admin@GUARD# event monitor admin@GUARD# ******* New Event ******** Time = Oct 8 15:51:59 Type = added-events-client Severity = 6 Sequence Number = 1 Message: Event client added successfully. ***** End of Event ******** The screen constantly updates with events. Terminating On-line Display of Event Logging The user may wish to terminate the process of event logging display. To terminate the display of the Guard event logging perform the following: 1. From the Global command group level type the following: admin@GUARD# no event monitor 2. Choose ENTER. The following prompt appears: admin@GUARD# no event monitor admin@GUARD# Ending the event flow. admin@GUARD# The event monitoring display terminates. Configuring Logs and Reports History The Guard enables the user to configure how far back will the Guard record the logs and the attack reports (of both the Guard's and its Zone or Zones). See Chapter 12, "Attack Reports," for further details. To configure report and log history perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# history {logs\| reports*} <days> [enforce-now] Where: •logs\|reports—The desired records. logs* selects the Guard and Zone logs; reports selects the zone attack report. •days—An integer specifying the length of history time. The history time range is 1-60 days for the reports and 1-7 days for the logs. Note The default history time is 7 days for the logs and 30 days for the reports. •enforce-now—(Optional) The Guard immediately adopts (and if necessary erases) the recorded logs and reports history capacity to the current command. 2. Choose ENTER. The following prompt appears: admin@GUARD-conf# Guard Diagnostics Commands This section describes a group of command designed to help in Guard diagnostics. These commands consist of the following: •Display Guard's General Diagnostics Data •Display Guard's Memory Consumption •Displaying the Guard's CPU Status •ARP Cache •Netstat •Traceroute •Ping Display Guard's General Diagnostics Data The Guard enables the user to view a general display of diagnostics data. Note The diagnostics data scope is wider when an RA-HDG card is installed. See below in this section for diagnostics data display when the Guard has an RA-HDG card installed. To view a general display of the diagnostics data perform the following: 1. From the Global command group level type the following: admin@GUARD#show diagnostic-info Or alternatively: From the Configuration command group level type the following: admin@GUARD-conf#show diagnostic-info 2. Choose.ENTER. The following sample screen appears: Accelerator card CPU speed: 750 MHZ Accelerator card revision : B/I7 Accelerator card serial : 03340027 CFE version : 18 Recognition Average Sample Loss: 0.0% Forward failures (no resources): 0 packets The information display consists of the following items: •Accelerator card CPU speed—Indicates the accelerator cards CPU speed. •Accelerator card revision—Indicates the accelerator card revision number. •Accelerator card serial—Indicates the accelerator card serial number. •CFE version—Indicates the CFE version number •Recognition Average Sample Loss—Indicates the calculated Recognition module packet sample loss. •Forward failures (no resources)—Indicates the number of unsent packets due to lack of system recourses. When an RA-HDG card is installed (see section "The Guard Rear Panel" in Chapter 2, "Initial Procedures," for further details) the Guard displays enhanced diagnostics data as shown in the below screen: admin@Guard> show diagnostic-info Accelerator card CPU speed: 750 MHZ Accelerator card revision : B/I7 Accelerator card serial : 03340027 CFE version : 18 Recognition Average Sample Loss: 0.0% Forward failures (no resources): 0 packets Hardware diagnostics: Fan Speeds: 1: 72 2: 55 3: 54 4: 55 5: 70 Maximum Fans = 8 Installed Fans: 1 2 3 4 5 Running Fans: 1 2 3 4 5 System uptime = 778 The number of system restarts = 22 Blue Light state = OFF System UUID = A0 F3 69 CC 39 B4 4A 12 89 D6 00 AC 2C A1 D6 ED CPU 1 Temperature = 29.0 CPU 2 Temperature = 28.0 DASD 1 Temperature = 23.0 Ambient Temperature = 23.0 ... ... ... ... The enhanced diagnostics data are: •Fan Speeds—The Guard displays its fan speed. •Maximum Fans—The Guard displays it's capability of installed fans. •Installed Fans—The Guard displays the number of currently installed fans. •Running Fans—The Guard displays the number of currently running fans. •System uptime—The Guard displays the number of hours the system has been up and running. •The number of system restarts—The Guard displays the number of times the system restarted. •Blue Light state—The Guard displays the blue LED. •System UUID—The Guard displays the system's Universal Unique ID. •CPU 1 Temperature—The Guard displays microprocessor no. 1 temperature. •CPU 2 Temperature—The Guard displays microprocessor no. 2 temperature. •DASD 1 Temperature—The Guard displays the hard disk drive temperature. •Ambient Temperature—The Guard displays the current ambient system temperature. The Guard has several inner status indicating LEDs. These are normally OFF. When turned ON they indicate a problem, as the diagnostics screen will show: •LED: Diagnostics Panel Location 9 PCI Bus Function 0 on •LED: Diagnostics Panel Location 8 NMI Function 0 on •LED: Diagnostics Panel Location 7 DASD Fault Function 0 on •LED: Diagnostics Panel Location 6 Current Over Specification Function 0 on •LED: Diagnostics Panel Location 5 Memory Fault Function 0 on •LED: Diagnostics Panel Location 4 Non-redundant Power Function 0 on •LED: Diagnostics Panel Location 1 Power Supply Function 1 on •LED: Diagnostics Panel Location 0 Power Supply Function 0 on •LED: Front Panel Location 4 System Error Function 0 on •LED: Front Panel Location 3 System Information Function 0 on •LED: Fan Location 7 Fan Function 7 on •LED: Fan Location 6 Fan Function 6 on •LED: Fan Location 5 Fan Function 5 on •LED: Fan Location 4 Fan Function 4 on •LED: Fan Location 3 Fan Function 3 on •LED: Fan Location 2 Fan Function 2 on •LED: Fan Location 1 Fan Function 1 on •LED: Fan Location 0 Fan Function 0 on •LED: System Board Location 7 Memory Function 3 on •LED: System Board Location 6 Memory Function 2 on •LED: System Board Location 5 Memory Function 1 on •LED: System Board Location 4 Memory Function 0 on •LED: System Board Location 3 VRM Function 1 on •LED: System Board Location 2 VRM Function 0 on •LED: System Board Location 1 CPU Function 1 on •LED: System Board Location 0 CPU Function 0 on •LED: Diagnostics Panel Location 15 Temperature Over Specification Function 0 on •LED: Diagnostics Panel Location 14 PCI Bus Function 2 on •LED: Diagnostics Panel Location 13 CPU VRM Mismatch Function 0 on •LED: Diagnostics Panel Location 12 Fan Fault Function 0 on •LED: Diagnostics Panel Location 11 PCI Bus Function 1 on •LED: Diagnostics Panel Location 10 SP Fault Function 0 on Display Guard's Memory Consumption To display the Guard memory consumption perform the following: 1. From the Global command group level type the following: admin@GUARD# show memory Or alternatively: From the Configuration command group level type the following: admin@GUARD-conf# show memory 2. Choose ENTER. The following sample screen appears: admin@GUARD# show memory total used free shared buffers cached In KBytes: 2065188 146260 1918928 0 2360 69232 Recognition Used Memory: 0.3% admin@GUARD# Displaying the Guard's CPU Status To display the Guard CPU status perform the following: 1. From the Global or Configuration command group level type the following: admin@GUARD# show cpu 2. Choose ENTER. The following sample screen appears: admin@GUARD# show cpu Host CPU: 0.0% user, 0.1% system, 0.0% nice, 99.0% idle admin@GUARD# ARP Cache To view and configure the Cisco Guard ARP cache perform the following: 1. From the Global command level prompt line type the following: admin@GUARD# arp <param> Or alternatively: From the Configuration command group level type the following: admin@GUARD-conf# arp <param> Or alternatively: From the Zone command group level type the following: admin@GUARD-conf-zone-<zone-name># arp <param> Where param specifies the various parameters used for manipulating the Guard ARP cache. Refer to any reliable authority on Linux for further details. Caution Configuration of the Guard ARP cache requires excellent knowledge of the Guard system and the networks where it's installed. 2. Choose ENTER. The following screen appears. admin@GUARD# arp -e Address HWtype HWaddress Flags Mask Iface 10.10.1.254 ether 00:02:B3:C0:61:67 C eth0 10.10.8.11 ether 00:02:B3:45:B9:F1 C eth0 10.10.8.253 ether 00:D0:B7:46:72:37 C eth0 10.10.10.54 ether 00:03:47:A6:44:CA C eth0 admin@GUARD# Netstat To display the Guard network connections, routing tables, and interface statistics perform the following: 1. From the Global command group level type the following: admin@GUARD# netstat <param> Or From the Configuration command group level type the following: admin@GUARD-conf# netstat <param> Or From the Zone command group level type the following: admin@GUARD-conf-zone-<zone-name># netstat <param> Where param specifies the various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details. 2. Choose ENTER. The following partial screen appears: admin@GUARD# netstat -v Active Internet connections (w/o servers) Proto Recv-Q Send-Q Local Address Foreign Address State tcp 0 0 localhost:1111 localhost:32777 ESTABLISHED tcp 0 0 localhost:8200 localhost:32772 ESTABLISHED ... tcp 0 0 localhost:33464 localhost:8200 TIME_WAIT tcp 1 0 localhost:1113 localhost:33194 CLOSE_WAIT ... Active UNIX domain sockets (w/o servers) Proto RefCnt Flags Type State I-Node Path unix 8 [ ] DGRAM 1023 /dev/log unix 2 [ ] DGRAM 7753 ... unix 2 [ ] STREAM CONNECTED 928 unix 3 [ ] STREAM CONNECTED 890 /tmp/.zserv ... netstat: no support for `AF IPX' on this system. netstat: no support for `AF AX25' on this system. netstat: no support for `AF X25' on this system. netstat: no support for `AF NETROM' on this system. admin@GUARD# Traceroute To display a specified traced route perform the following: 1. From the Global command group level type the following: admin@GUARD# traceroute <ip-address> [<param>] Or From the Configuration command group level type the following: admin@GUARD-conf# traceroute <ip-address> [<param>] Or From the Zone command group level type the following: admin@GUARD-conf-zone-<zone-name># traceroute <ip-address> [<param>] Note The traceroute command in the Guard displays only IP addresses and not names. Where: •ip-address—The IP address to trace the route to. •param—(Optional) Various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details. 2. Choose ENTER. The following screen appears: admin@GUARD# traceroute 10.10.10.34 traceroute to 10.10.10.34 (10.10.10.34), 30 hops max, 38 byte packets 1 10.10.10.34 (10.10.10.34) 0.577 ms 0.203 ms 0.149 ms admin@GUARD# Ping To ping a specified network element perform the following: 1. From the Global command group level type the following: admin@GUARD# ping <ip-address> [<param>] Or alternatively: From the Configuration command group level type the following: admin@GUARD-conf# ping <ip-address> [<param>] Or alternatively: From the Zone command group level type the following: admin@GUARD-conf-zone-<zone-name># ping <ip-address> [<param>] Where: –ip-address—The IP address of the system to ping. –param—(Optional) Various parameters that specify the type of displayed information. Refer to any reliable authority on Linux for further details. 2. Choose ENTER. The following screen appears: admin@GUARD# ping 10.10.10.30 -n 1 PING 10.10.10.30 (10.10.10.30) from 10.10.10.30 : 56(84) bytes of data. 64 bytes from 10.10.10.30: icmp_seq=1 ttl=255 time=0.026 ms ...... admin@GUARD# Guard Disk Operations Displaying Used Disk Space The Guard records its activity logs and Zone attack reports. When the Guard records take over a certain disk space the Guard warns the user. If the used disk space continues to grow the Guard might erase logs and reports to clear valuable disk space. The user is therefore encouraged to configure the Guard to record a reduced number of days back and store often the Guard records on an FTP server. To display the disk used space perform the following: 1. From the Global or Configuration command group level type the following: admin@GUARD# show disk-usage Or From the Configuration command group level type the following: admin@GUARD-conf# show disk-usage 2. Choose ENTER. The following sample screen appears: admin@GUARD# show disk-usage 2% Note The Guard enters a warning message at its syslog when the used disk space reaches about 80% of the disk maximum capacity. The user is advised to transfer log and report records to an ftp server. See the "Guard and Zone Files Transfer" section for details. When disk usage reaches 90% of the disk maximum capacity the Guard erases information to reduce used disk space to about 80%. Disk Cleaning The user may configure the Guard to erase its stored logs and reports to match the configured log and report storing parameters (see the "Configuring Logs and Reports History" section in this chapter for further details). To reduce used disk space perform the following: 1. From the Configuration command group level type the following: admin@GUARD-conf# disk-clean 2. Choose ENTER. The following prompt appears: admin@GUARD-conf#
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.