CiscoWorks 1160 Security Information Management Solution Engine 3.1 Installation and Configuration Guide - Administering the Security Information Management Solution Engine [CiscoWorks Security Information Management Solution]

Table Of Contents

Administering the Security Information Management Solution Engine

Logging In and Out of the System

Backing Up and Restoring Your SIMS Engine

Shutting Down and Reloading the SIMS Engine

Setting System Date and Time

Setting Date and Time Using NTP

Setting Date and Time Manually

Configuring the Ethernet Ports

Administering Management Services

Viewing System Information

Using the Maintenance Image

Booting from the Maintenance Image

Recovering from Loss of All Administrator Passwords

Installing a Replacement SIMS Engine

Removing the Old SIMS Engine

Installing the Replacement SIMS Engine

Using the Recovery DVD

Reimaging the SIMS Engine

Using the Rescue Image

Administering the Security Information Management Solution Engine

This chapter describes the major system administration tasks for the SIMS Engine. It contains:

•Logging In and Out of the System

•Backing Up and Restoring Your SIMS Engine

•Shutting Down and Reloading the SIMS Engine

•Setting System Date and Time

•Configuring the Ethernet Ports

•Administering Management Services

•Viewing System Information

•Using the Maintenance Image

•Recovering from Loss of All Administrator Passwords

•Installing a Replacement SIMS Engine

•Using the Recovery DVD

For information about administration tasks not covered in this document, see the netForensics documentation set.

Logging In and Out of the System

You can connect to the SIMS Engine system in the following ways:

•Enter the SIMS Engine URL in a browser.

•Telnet to the system.

•Connect a console to the SIMS Engine console port.

If you are connected to the SIMS Engine through the web, enter a valid username and password in the login screen to log in, and click the Logout button to log out.

If you are connected to the SIMS Engine through the CLI, enter a valid username and password at the login prompt to log in, and enter the exit command to log out.

Backing Up and Restoring Your SIMS Engine

The SIMS Engine should be backed up at regular intervals. Before attempting to back up or restore your SIMS Engine, make sure the username and password is valid on the target system, the target directory exists and has the proper permissions for the username and password, and the system allows FTP. Backing up the SIMS Engine will preserve all domains, roles, and users.

You back up and restore your SIMS Engine by using the following CLI commands. For more information about the CLI commands, see "Command Reference."

•To back up your SIMS Engine, use the backup command.

•To configure your SIMS Engine's backup location, use the backupconfig command.

•To restore your SIMS Engine, use the restore command.

Shutting Down and Reloading the SIMS Engine

The SIMS Engine can be shut down using either the web interface or the CLI. Rebooting the system starts the management services installed on the system, even if they were stopped prior to the reboot.

To shut down the SIMS Engine using the CLI, enter the shutdown command before powering off the SIMS Engine. If you power off the SIMS Engine without entering this command, you might disable the system.

To reboot the system using the CLI, enter the reload command. The login prompt appears when the reboot is complete.

To erase the system configuration and reboot the system using the CLI, enter the erase config command. After the system reboots you must reconfigure the system using the setup program, as described in the "Configuring the SIMS Engine" section.

For more information about these commands, see "Command Reference."

Setting System Date and Time

The SIMS Engine uses Universal Coordinated Time (UTC) for keeping the time and date. The SIMS Engine uses the client's local time to display the time and date when connected via the web interface. It uses UTC to display the time and date when connected via Telnet or a console, or when viewing log files.

You can set and maintain the system date and time using either of two methods:

•Use the ntp server CLI command to assign one or more network time protocol (NTP) servers with which the system will synchronize its date and time. This method is recommended. For more information, see the "Setting Date and Time Using NTP" section.

•Use the clock CLI command to set the date and time manually, updating it as needed. For more information, see the "Setting Date and Time Manually" section.

To display the system time, enter the show clock command. For more information about the show clock commands, see the "show clock" section.

Setting Date and Time Using NTP

NTP is the recommended method for configuring time and date on the system. If your network uses NTP to set the date and time on devices, enter the following command in the CLI to designate an NTP server for the system to use to set the system clock:
# ntp server ip-address
where ip-address is the IP address of an NTP server.

If you disable NTP, set the system clock to UTC manually as described in the "Setting Date and Time Manually" section. If you do not set the system clock manually after disabling NTP, the system clock might become inaccurate when the system is rebooted.

Setting Date and Time Manually

If your network does not use NTP to set the system time on devices and the time is not set correctly, set the date and time to UTC manually by entering the following command in the CLI:
# clock set hh:mm:ss month day year
where hh:mm:ss is the current time (for example, 13:32:00), month is the current month (for example, January, February), day is the day of the month (for example, 31), and year is the current year (for example, 2001).

For more information about the clock set command, see the "clock" section.

Configuring the Ethernet Ports

The SIMS Engine uses 10/100/1000 Mbps Ethernet connectors. The Ethernet 0 interface is configured when the SIMS Engine is configured. To enable or change an additional interface configuration, enter the interface command in the CLI. For instructions about using this CLI command, see the "interface" section.

Any of the SIMS Engine's Ethernet ports can be individually configured to allow connections via the following protocols:

•Cisco Discovery Protocol (CDP)

•Hypertext transfer protocol (HTTP)

•Internet Control Message Protocol (ICMP)

•Secure shell (SSH) 1 and 2

•Simple network management protocol (SNMP)

•Telnet

To enable CDP on an individual Ethernet port, use the cdp command. For more information, see cdp. To disable any of the other protocols listed above on an individual Ethernet port, use the firewall command. For more information about the firewall command, including a detailed example of its use, see firewall.

Administering Management Services

The SIMS Engine allows you to administer all management services at once. All commands that affect management services affect all of them at once; the logs that collect services information collect information about all of them.

You can stop and restart the management services if the system is not responding correctly to a management application. This should cause the services to reset and function properly again. Management services are restarted automatically when you reboot.

To stop management services, enter the following command in the CLI:
# services stop
To start management services, enter the following command in the CLI:
# services start
To view management services status, enter the following command in the CLI:
# services status
Viewing System Information

To view system information, use the show commands, such as show clock. For instructions about using this CLI command, see "Command Reference."

Using the Maintenance Image

The SIMS Engine has an operating system image and a default system configuration (hereafter collectively called the maintenance image) stored in Flash memory. You can use the maintenance image to boot the system to perform some system administration tasks and disaster recovery.

You can run only the following commands while the system is running from the maintenance image: reload, erase config, and fsck.

For instructions about using these CLI commands, see
"Command Reference."

While the maintenance image is running, you can do the following tasks, which you cannot do when the system is booted from the disk:

•Recover from loss of all administrative user account passwords.

•Perform disk filesystem integrity checks.

Booting from the Maintenance Image

As a security measure, you can boot from the maintenance image only while connected to the system console.

Step 1 Connect a console to the SIMS Engine's console port, and log on as admin.

Step 2 Reboot the system by doing one of the following:

•Reload the system if it is running. For instructions about using the reload command, see the "reload" section.

•Power on the system if it is powered off.

•Power the system off and then back on if you cannot log in because you have lost all user account passwords.

Step 3 When a menu prompts you to select which image to boot from, use the arrow keys to select CiscoBreR, then press Enter.

The system boots from the image you selected.

Note If you do not press Enter, the system automatically boots from the selected image after 10 seconds.

Step 4 After you complete all necessary tasks, reboot the system by entering the reload command and allow the system to boot from the disk (the default boot order).

Recovering from Loss of All Administrator Passwords

If you cannot log in to the system because you cannot remember the administrator account names or passwords, you can recover by booting from the maintenance image, erasing the existing configuration from Flash memory, and reconfiguring the system using the setup program.

To recover from the loss of all administrator passwords:

Step 1 Boot the system from the maintenance image as described in the "Booting from the Maintenance Image" section.

Step 2 Enter the erase config command to erase the system configuration. The system reboots.

Step 3 Allow the system to boot from disk (the default boot order).

Step 4 Configure the system from the setup program, as described in the "Configuring the SIMS Engine" section.

Step 5 After the system reboots, reconfigure the SIMS Engine by following the steps outlined in the "Installing the SIMS Engine" section.

Installing a Replacement SIMS Engine

This section describes tasks you should perform when installing a replacement
SIMS Engine (a new unit intended to replace an existing unit), to make the transition as easy as possible. These tasks are in addition to the installation and configuration processes described in "Installing and Configuring the Security Information Management Solution Engine."

Removing the Old SIMS Engine

Before removing the old SIMS Engine:

Step 1 Enter the command show config in the CLI to view the SIMS Engine's configuration.

Step 2 Record the configuration.

Step 3 Back up the old SIMS Engine. See the "Backing Up and Restoring Your SIMS Engine" section for details.

Step 4 Enter the shutdown command.

The system shuts down.

Step 5 Power down and remove the old system.

Installing the Replacement SIMS Engine

To install the replacement SIMS Engine:

Step 1 Install and power on the new SIMS Engine.

See the following:

•"Installing the SIMS Engine" section

•"Connecting to the Power Source" section

•"Connecting Cables" section

•"Powering On the SIMS Engine" section

Step 2 Run the setup program.

See "Configuring the SIMS Engine" section.

Step 3 Use the configuration settings that you recorded from the old system to answer the setup program prompts.

Step 4 Restore the information saved when you backed up the old system. For more information, see the "Backing Up and Restoring Your SIMS Engine" section.

Using the Recovery DVD

A Recovery DVD is included with your SIMS Engine. With this DVD you can perform two functions: you can re-image the SIMS Engine, or you can boot from the rescue image.

Note After you use the Recovery DVD to reimage your SIMS Engine, you must download any software updates. Although every effort has been made to validate the accuracy of the software version on the Recovery DVD, you must review the SIMS Engine's software downloads on http://www.cisco.com for any software updates.

Reimaging the SIMS Engine

Use the SIMS Engine Recovery DVD to re-image the SIMS Engine should it become necessary. This will destroy all data and install a new image.

If you want to use this procedure to upgrade to a new release of software, be sure to perform a backup before reimaging your machine.

Caution Reimaging the machine removes all data on the hard drive, including all network management data stored by the SIMS application. See the netForensics documentation for information about backing up network management data.

To reimage your SIMS Engine, perform the following steps:

Step 1 Connect a console to the SIMS Engine's console port. For the location of the console port, see the "Front Panel Features" section.

Step 2 Log in as the user admin, and enter the password created when the SIMS Engine was configured.

Step 3 Put the Recovery DVD in the SIMS Engine's DVD-ROM. For the location of the DVD-ROM, see the "Front Panel Features" section.

Step 4 Enter the reload command. The SIMS Engine will reboot. For instructions about using this CLI command, see the "reload" section.

Step 5 At the Do you wish to reload and start the install? (yes/[no]/rescue): prompt, enter yes. If you do not want to re-image your SIMS Engine, enter rescue. For more information about the rescue image, see the "Using the Rescue Image" section.

Step 6 When the SIMS Engine ejects the Recovery DVD, remove it. Leave the console connected to the SIMS Engine.

The Security Information Management Solution Engine reboots and then begins the install process. You will see the files being copied.

Step 7 Wait until the installation process is complete (approximately 20 minutes), and the machine will reboot. The login prompt displays and the machine will reboot again.

Step 8 When the login prompt displays on the console, disconnect the console cable.

Using the Rescue Image

The rescue image is similar to the maintenance image, but is accessible via the Recovery DVD. Use the rescue image if you cannot, but need to, use the maintenance image. You can use it to boot the system to perform some system administration tasks and disaster recovery. You can run only the following commands while the system is running from the rescue image: reload, erase config, and fsck. For more information about using the rescue image, see the "Using the Maintenance Image" section.

To boot from the rescue image, perform the following steps:

Step 1 Connect a console to the SIMS Engine's console port. For the location of the console port, see the "Front Panel Features" section.

Step 2 Log in as the user admin. The user admin's password was created when the SIMS Engine was configured.

Step 3 Put the Recovery DVD in the SIMS Engine's DVD-ROM. For the location of the DVD-ROM, see the "Front Panel Features" section.

Step 4 Enter the reload command. The SIMS Engine will reboot.

Step 5 At the Do you wish to continue (yes/[no]/rescue): prompt, enter rescue. The SIMS Engine will boot from the rescue image.

	CiscoWorks 1160 Security Information Management Solution Engine 3.1 Installation and Configuration Guide
	Administering the Security Information Management Solution Engine
CiscoWorks 1160 Security Information Management Solution Engine 3.1 Installation and Configuration Guide Supplemental License Agreement Cisco 90-Day Limited Hardware Warranty Terms Preface Product Overview Preparing for Installation Installing and Configuring the Security Information Management Solution Engine Administering the Security Information Management Solution Engine Troubleshooting Technical Specifications Command Reference	Download this chapter Administering the Security Information Management Solution Engine Table Of Contents Administering the Security Information Management Solution Engine Logging In and Out of the System Backing Up and Restoring Your SIMS Engine Shutting Down and Reloading the SIMS Engine Setting System Date and Time Setting Date and Time Using NTP Setting Date and Time Manually Configuring the Ethernet Ports Administering Management Services Viewing System Information Using the Maintenance Image Booting from the Maintenance Image Recovering from Loss of All Administrator Passwords Installing a Replacement SIMS Engine Removing the Old SIMS Engine Installing the Replacement SIMS Engine Using the Recovery DVD Reimaging the SIMS Engine Using the Rescue Image Administering the Security Information Management Solution Engine This chapter describes the major system administration tasks for the SIMS Engine. It contains: •Logging In and Out of the System •Backing Up and Restoring Your SIMS Engine •Shutting Down and Reloading the SIMS Engine •Setting System Date and Time •Configuring the Ethernet Ports •Administering Management Services •Viewing System Information •Using the Maintenance Image •Recovering from Loss of All Administrator Passwords •Installing a Replacement SIMS Engine •Using the Recovery DVD For information about administration tasks not covered in this document, see the netForensics documentation set. Logging In and Out of the System You can connect to the SIMS Engine system in the following ways: •Enter the SIMS Engine URL in a browser. •Telnet to the system. •Connect a console to the SIMS Engine console port. If you are connected to the SIMS Engine through the web, enter a valid username and password in the login screen to log in, and click the Logout button to log out. If you are connected to the SIMS Engine through the CLI, enter a valid username and password at the login prompt to log in, and enter the exit command to log out. Backing Up and Restoring Your SIMS Engine The SIMS Engine should be backed up at regular intervals. Before attempting to back up or restore your SIMS Engine, make sure the username and password is valid on the target system, the target directory exists and has the proper permissions for the username and password, and the system allows FTP. Backing up the SIMS Engine will preserve all domains, roles, and users. You back up and restore your SIMS Engine by using the following CLI commands. For more information about the CLI commands, see "Command Reference." •To back up your SIMS Engine, use the backup command. •To configure your SIMS Engine's backup location, use the backupconfig command. •To restore your SIMS Engine, use the restore command. Shutting Down and Reloading the SIMS Engine The SIMS Engine can be shut down using either the web interface or the CLI. Rebooting the system starts the management services installed on the system, even if they were stopped prior to the reboot. To shut down the SIMS Engine using the CLI, enter the shutdown command before powering off the SIMS Engine. If you power off the SIMS Engine without entering this command, you might disable the system. To reboot the system using the CLI, enter the reload command. The login prompt appears when the reboot is complete. To erase the system configuration and reboot the system using the CLI, enter the erase config command. After the system reboots you must reconfigure the system using the setup program, as described in the "Configuring the SIMS Engine" section. For more information about these commands, see "Command Reference." Setting System Date and Time The SIMS Engine uses Universal Coordinated Time (UTC) for keeping the time and date. The SIMS Engine uses the client's local time to display the time and date when connected via the web interface. It uses UTC to display the time and date when connected via Telnet or a console, or when viewing log files. You can set and maintain the system date and time using either of two methods: •Use the ntp server CLI command to assign one or more network time protocol (NTP) servers with which the system will synchronize its date and time. This method is recommended. For more information, see the "Setting Date and Time Using NTP" section. •Use the clock CLI command to set the date and time manually, updating it as needed. For more information, see the "Setting Date and Time Manually" section. To display the system time, enter the show clock command. For more information about the show clock commands, see the "show clock" section. Setting Date and Time Using NTP NTP is the recommended method for configuring time and date on the system. If your network uses NTP to set the date and time on devices, enter the following command in the CLI to designate an NTP server for the system to use to set the system clock: # ntp server ip-address where ip-address is the IP address of an NTP server. If you disable NTP, set the system clock to UTC manually as described in the "Setting Date and Time Manually" section. If you do not set the system clock manually after disabling NTP, the system clock might become inaccurate when the system is rebooted. Setting Date and Time Manually If your network does not use NTP to set the system time on devices and the time is not set correctly, set the date and time to UTC manually by entering the following command in the CLI: # clock set hh:mm:ss month day year where hh:mm:ss is the current time (for example, 13:32:00), month is the current month (for example, January, February), day is the day of the month (for example, 31), and year is the current year (for example, 2001). For more information about the clock set command, see the "clock" section. Configuring the Ethernet Ports The SIMS Engine uses 10/100/1000 Mbps Ethernet connectors. The Ethernet 0 interface is configured when the SIMS Engine is configured. To enable or change an additional interface configuration, enter the interface command in the CLI. For instructions about using this CLI command, see the "interface" section. Any of the SIMS Engine's Ethernet ports can be individually configured to allow connections via the following protocols: •Cisco Discovery Protocol (CDP) •Hypertext transfer protocol (HTTP) •Internet Control Message Protocol (ICMP) •Secure shell (SSH) 1 and 2 •Simple network management protocol (SNMP) •Telnet To enable CDP on an individual Ethernet port, use the cdp command. For more information, see cdp. To disable any of the other protocols listed above on an individual Ethernet port, use the firewall command. For more information about the firewall command, including a detailed example of its use, see firewall. Administering Management Services The SIMS Engine allows you to administer all management services at once. All commands that affect management services affect all of them at once; the logs that collect services information collect information about all of them. You can stop and restart the management services if the system is not responding correctly to a management application. This should cause the services to reset and function properly again. Management services are restarted automatically when you reboot. To stop management services, enter the following command in the CLI: # services stop To start management services, enter the following command in the CLI: # services start To view management services status, enter the following command in the CLI: # services status Viewing System Information To view system information, use the show commands, such as show clock. For instructions about using this CLI command, see "Command Reference." Using the Maintenance Image The SIMS Engine has an operating system image and a default system configuration (hereafter collectively called the maintenance image) stored in Flash memory. You can use the maintenance image to boot the system to perform some system administration tasks and disaster recovery. You can run only the following commands while the system is running from the maintenance image: reload, erase config, and fsck. For instructions about using these CLI commands, see "Command Reference." While the maintenance image is running, you can do the following tasks, which you cannot do when the system is booted from the disk: •Recover from loss of all administrative user account passwords. •Perform disk filesystem integrity checks. Booting from the Maintenance Image As a security measure, you can boot from the maintenance image only while connected to the system console. Step 1 Connect a console to the SIMS Engine's console port, and log on as admin. Step 2 Reboot the system by doing one of the following: •Reload the system if it is running. For instructions about using the reload command, see the "reload" section. •Power on the system if it is powered off. •Power the system off and then back on if you cannot log in because you have lost all user account passwords. Step 3 When a menu prompts you to select which image to boot from, use the arrow keys to select CiscoBreR, then press Enter. The system boots from the image you selected. Note If you do not press Enter, the system automatically boots from the selected image after 10 seconds. Step 4 After you complete all necessary tasks, reboot the system by entering the reload command and allow the system to boot from the disk (the default boot order). Recovering from Loss of All Administrator Passwords If you cannot log in to the system because you cannot remember the administrator account names or passwords, you can recover by booting from the maintenance image, erasing the existing configuration from Flash memory, and reconfiguring the system using the setup program. To recover from the loss of all administrator passwords: Step 1 Boot the system from the maintenance image as described in the "Booting from the Maintenance Image" section. Step 2 Enter the erase config command to erase the system configuration. The system reboots. Step 3 Allow the system to boot from disk (the default boot order). Step 4 Configure the system from the setup program, as described in the "Configuring the SIMS Engine" section. Step 5 After the system reboots, reconfigure the SIMS Engine by following the steps outlined in the "Installing the SIMS Engine" section. Installing a Replacement SIMS Engine This section describes tasks you should perform when installing a replacement SIMS Engine (a new unit intended to replace an existing unit), to make the transition as easy as possible. These tasks are in addition to the installation and configuration processes described in "Installing and Configuring the Security Information Management Solution Engine." Removing the Old SIMS Engine Before removing the old SIMS Engine: Step 1 Enter the command show config in the CLI to view the SIMS Engine's configuration. Step 2 Record the configuration. Step 3 Back up the old SIMS Engine. See the "Backing Up and Restoring Your SIMS Engine" section for details. Step 4 Enter the shutdown command. The system shuts down. Step 5 Power down and remove the old system. Installing the Replacement SIMS Engine To install the replacement SIMS Engine: Step 1 Install and power on the new SIMS Engine. See the following: •"Installing the SIMS Engine" section •"Connecting to the Power Source" section •"Connecting Cables" section •"Powering On the SIMS Engine" section Step 2 Run the setup program. See "Configuring the SIMS Engine" section. Step 3 Use the configuration settings that you recorded from the old system to answer the setup program prompts. Step 4 Restore the information saved when you backed up the old system. For more information, see the "Backing Up and Restoring Your SIMS Engine" section. Using the Recovery DVD A Recovery DVD is included with your SIMS Engine. With this DVD you can perform two functions: you can re-image the SIMS Engine, or you can boot from the rescue image. Note After you use the Recovery DVD to reimage your SIMS Engine, you must download any software updates. Although every effort has been made to validate the accuracy of the software version on the Recovery DVD, you must review the SIMS Engine's software downloads on http://www.cisco.com for any software updates. Reimaging the SIMS Engine Use the SIMS Engine Recovery DVD to re-image the SIMS Engine should it become necessary. This will destroy all data and install a new image. If you want to use this procedure to upgrade to a new release of software, be sure to perform a backup before reimaging your machine. Caution Reimaging the machine removes all data on the hard drive, including all network management data stored by the SIMS application. See the netForensics documentation for information about backing up network management data. To reimage your SIMS Engine, perform the following steps: Step 1 Connect a console to the SIMS Engine's console port. For the location of the console port, see the "Front Panel Features" section. Step 2 Log in as the user admin, and enter the password created when the SIMS Engine was configured. Step 3 Put the Recovery DVD in the SIMS Engine's DVD-ROM. For the location of the DVD-ROM, see the "Front Panel Features" section. Step 4 Enter the reload command. The SIMS Engine will reboot. For instructions about using this CLI command, see the "reload" section. Step 5 At the Do you wish to reload and start the install? (yes/[no]/rescue): prompt, enter yes. If you do not want to re-image your SIMS Engine, enter rescue. For more information about the rescue image, see the "Using the Rescue Image" section. Step 6 When the SIMS Engine ejects the Recovery DVD, remove it. Leave the console connected to the SIMS Engine. The Security Information Management Solution Engine reboots and then begins the install process. You will see the files being copied. Step 7 Wait until the installation process is complete (approximately 20 minutes), and the machine will reboot. The login prompt displays and the machine will reboot again. Step 8 When the login prompt displays on the console, disconnect the console cable. Using the Rescue Image The rescue image is similar to the maintenance image, but is accessible via the Recovery DVD. Use the rescue image if you cannot, but need to, use the maintenance image. You can use it to boot the system to perform some system administration tasks and disaster recovery. You can run only the following commands while the system is running from the rescue image: reload, erase config, and fsck. For more information about using the rescue image, see the "Using the Maintenance Image" section. To boot from the rescue image, perform the following steps: Step 1 Connect a console to the SIMS Engine's console port. For the location of the console port, see the "Front Panel Features" section. Step 2 Log in as the user admin. The user admin's password was created when the SIMS Engine was configured. Step 3 Put the Recovery DVD in the SIMS Engine's DVD-ROM. For the location of the DVD-ROM, see the "Front Panel Features" section. Step 4 Enter the reload command. The SIMS Engine will reboot. Step 5 At the Do you wish to continue (yes/[no]/rescue): prompt, enter rescue. The SIMS Engine will boot from the rescue image.
	© 1992-2009 Cisco Systems, Inc. All rights reserved. Terms & Conditions \| Privacy Statement \| Cookie Policy \| Trademarks of Cisco Systems, Inc.