Documente Academic
Documente Profesional
Documente Cultură
Director
2014 Blue Coat Systems, Inc. All rights reserved. BLUE COAT, PROXYSG, PACKETSHAPER, CACHEFLOW,
INTELLIGENCECENTER, CACHEOS, CACHEPULSE, CROSSBEAM, K9, DRTR, MACH5, PACKETWISE, POLICYCENTER, PROXYAV,
PROXYCLIENT, SGOS, WEBPULSE, SOLERA NETWORKS, DEEPSEE, DS APPLIANCE, SEE EVERYTHING. KNOW EVERYTHING.,
SECURITY EMPOWERS BUSINESS, BLUETOUCH, the Blue Coat shield, K9, and Solera Networks logos and other Blue Coat logos are
registered trademarks or trademarks of Blue Coat Systems, Inc. or its affiliates in the U.S. and certain other countries. This list may not be
complete, and the absence of a trademark from this list does not mean it is not a trademark of Blue Coat or that Blue Coat has stopped
using the trademark. All other trademarks mentioned in this document owned by third parties are the property of their respective
owners. This document is for informational purposes only.
BLUE COAT MAKES NO WARRANTIES, EXPRESS, IMPLIED, OR STATUTORY, AS TO THE INFORMATION IN THIS DOCUMENT.
BLUE COAT PRODUCTS, TECHNICAL SERVICES, AND ANY OTHER TECHNICAL DATA REFERENCED IN THIS DOCUMENT ARE
SUBJECT TO U.S. EXPORT CONTROL AND SANCTIONS LAWS, REGULATIONS AND REQUIREMENTS, AND MAY BE SUBJECT TO
EXPORT OR IMPORT REGULATIONS IN OTHER COUNTRIES. YOU AGREE TO COMPLY STRICTLY WITH THESE LAWS,
REGULATIONS AND REQUIREMENTS, AND ACKNOWLEDGE THAT YOU HAVE THE RESPONSIBILITY TO OBTAIN ANY
LICENSES, PERMITS OR OTHER APPROVALS THAT MAY BE REQUIRED IN ORDER TO EXPORT, RE-EXPORT, TRANSFER IN
COUNTRY OR IMPORT AFTER DELIVERY TO YOU.
Americas:
Blue Coat Systems, Inc.
420 N. Mary Ave.
Sunnyvale, CA 94085
ii
Contents
Chapter 1: Introduction
iii
#line-vty ......................................................................................................................................
#monitoring................................................................................................................................
#no ...............................................................................................................................................
#ping............................................................................................................................................
#push-policy...............................................................................................................................
#reload ........................................................................................................................................
#remote-config...........................................................................................................................
#show ..........................................................................................................................................
#slogin.........................................................................................................................................
#ssl ...............................................................................................................................................
#standby .....................................................................................................................................
#tcpdump upload url................................................................................................................
#traceroute..................................................................................................................................
#write ..........................................................................................................................................
55
56
59
60
61
62
63
69
87
88
89
90
91
92
iv
Contents
vi
Chapter 1: Introduction
This document describes all of the commands offered in the Blue Coat Director
Command-Line Interface (CLI). First the terms and conventions used throughout this
documented are described. Then the commands are listed along with syntax and
descriptions of their functionality.
Chapter 1 Introduction
The organization of this document; conventions used; descriptions of the CLI modes;
and instructions for saving your configuration.
Description
sadmin
Throughout this book, commands that are restricted to particular users are noted. An
example follows:
(config) # username username {role {role_name} user-group
user_group_name}
Chapter 1: Introduction
Document Conventions
The following table lists the typographical and CLI syntax conventions used in this
manual.
Table 11 Document conventions
Convention
Description
Italics
Monospaced font
Monospaced italics
Monospaced boldface
{ }
[ ]
Optional parameters.
Case-Insensitivity
Commands and parameters are case-insensitive.
All string comparisons are case-insensitive unless otherwise specified. The cases of
characters in strings to be stored persistently are maintained, however.
Command Abbreviation
You can abbreviate commands, provided you supply enough command characters as to
be unambiguous. For example:
# configure terminal
Incorrect:
(config) # group Group of Groups
If you use a colon character in a field or parameter (for example, in a URL), either
enclose the entire URL in double quotation marks or escape it by preceding it
with a / character.
Examples of using a colon character in a URL:
http/://www.example.com
http://www.example.com
To use a question mark in a field or parameter (for example, in a URL), first enter
cli help disable, which causes Director to ignore the question mark character.
Command Modes
Director has the following command modes:
Standard, which is the mode when you first log in to Director. This mode allows
you to monitor Director without making changes.
Enable, which provides more advanced control than standard mode. However,
enable mode commands do not allow you to make permanent changes to
Directors configuration.
Initially, enable mode does not require a password; however, Blue Coat strongly
recommends you set an enable mode password.
Configuration, which enables you to configure the Director appliance and devices
connected to it.
The command prompt changes to reflect the mode you are using:
Prompt
Mode
>
(config) #
10
Chapter 1: Introduction
General Conventions
Following are possible results if you enter more parameters than are allowed for a
particular command:
The command could have no effect and you will receive an error message and
some usage help. This is true of most commands, unless otherwise noted.
The surplus parameters could be ignored and the valid part of the command will
be executed. This is the case for some no commands. This behavior is
implemented to make it easier for users to negate commands that they have in
their cut and paste buffer, such as from the output of show configuration.
If the response is an error, there will be one or more lines that begin with %. These
lines will contain user-printable strings explaining the error. The cli printmessage-codes command allows you to print error codes along with each error
message.
The last line printed will always be the prompt for the next command from the
user. Initially, it will be hostname >, where hostname is the fully-qualified host
name of Director. If no host name is defined, the prompt is director >.
In enable mode the prompt is hostname #, and in configuration mode it is
hostname (config) #. When entering a submode, the word config is suffixed
by another string, as documented in the command description.
The prompt can also be overridden by the cli prompt-override command.
If you type an incomplete command, for example, show, the response will look
like:
% Type 'show ?' for help.
If you type an ambiguous command, for example, e, the response will look like:
% Ambiguous command 'e'.
% Type 'e?' for a list of possibilities.
11
If you type an unrecognized command, for example, cle, the response will look
like:
% Unrecognized command 'cle'.
% Type '?' for help.
Note that this can occur after valid commands, such as conf tu:
% Unrecognized command 'tu'
% Type 'conf ?' for help.
URL Syntax
All commands that accept a URL as a download source or upload destination follow the
same conventions. This includes content management commands with urls-from and
regexes-from arguments, because Director downloads a file list from the supplied URL.
All such URLs are formatted as:
protocol://host/path
HTTP
FTP
12
Chapter 1: Introduction
FTP and SCP URLs can specify absolute or relative paths (relative to the home directory of
the specified user).
A URL such as:
ftp://host/path
is equivalent to:
debug upload dump mydump.tgz ftp://host/path1/path2/mydump.tgz
13
14
This chapter describes and provides examples for the standard and enable mode CLI
commands.
15
> cli
Synopsis
Changes the CLI's treatment of modes. This command is also available in enable
and configuration modes.
Syntax
> cli {capture {file | help disable | print-message-codes | promptoverride string | raw-input | watch {config-changes {enable |
disable} | console-logging {enable | disable} | health-changes
{enable | disable} | partner-changes {enable | disable}}
Subcommands
> cli capture file filename
Captures CLI output to a file in your home directory, specifying the name of
the file to which to capture. The capture applies only to the current session
and is automatically terminated when the administrator logs out. The capture
file remains but capture would not be automatically enabled for subsequent
command line sessions.
When capturing is enabled, the following is captured:
The prompt and full command entered when you press Enter
If filename already exists, the output is appended to it. The file remains open
for write until any of the following conditions is met:
you leave the CLI (which includes running the "xyzzy" command),
The help system is normally invoked with the '?' key. The command help
disable disables the help system, and you must then type out help to access
the help system. To re-enable the help system, use the command no cli help
disable.
16
This option applies only to the current session and is not persistent across
sessions.
Note: You must enter cli help disable before entering a command (such as
a URL) that includes a question mark. In other words, any command in which
you enter a question mark character (?) fails unless you enter cli help
disable first.
> cli print-message codes
Print error codes along with each error message. Not every error has an
associated code but codes can be useful to help Blue Coat Support
troubleshoot an issue.
Examples follow:
Note: This command applies only to the current session; it does not persist
among sessions or apply to other administrators who are logged in to
Director at the same time.
> cli prompt-override prompt_string
Changes the prompt from its default behavior (the hostname, followed by
punctuation and words to indicate what command mode you are in) to
display a single prompt all the time. This option applies only to the current
session and is not persistent across sessions.
> cli raw-input
Enters raw input mode (help, completion, and command line editing would
be disabled for this session).
> cli watch {config-changes | console-logging | health-changes |
partner-changes} {enable | disable}
Enables you to watch (or not watch) changes to configuration, console log
messages, health change notifications, or partner change notifications. When
you enable change notification, the first line of the message is:
% Configuration changed.
For example, the following command disables console log messages during
the session:
cli watch console-logging disable
Note: This setting is not stored in persistent storage; it applies only to the
current command line session.
Example
director > cli help disable
director > ?
% (code 2) Unrecognized command '?'.
% (code 53) Type 'help' for help.
17
> enable
Synopsis
Use this command to enter enable mode. Enable mode commands enable you to
view and change your configuration settings. In some configurations, you must
provide a password.
Syntax
> enable
This changes the prompt to the enable prompt after you enter the enable
password:
Enable Password:
director #
Example
director > enable
Enable Password:******
director #
18
> exit
Synopsis
Use this command to exit the command line. This command will close some SSH
applications, such as putty.
Syntax
> exit
Example
director > exit
19
> help
Synopsis
Lists all top-level commands currently available. This command is helpful for
those with small terminal screens for whom the list of commands shown by '?'
scrolls off the screen. This command also provides information about how to use
the help feature.
Syntax
> help
Example
director > help
Commands currently available:
cli
no
tcpdump
help
standby
exit
slogin
enable
show
upgrade-package
ping
traceroute
20
> no
Synopsis
Use this command to negate certain options related to CLI commands, content,
and devices.
Syntax
> no {cli options}
Subcommands
> no cli options
> no cli capture
The command no cli help disable re-enables the help system so that
typing the command '?' will give help on completing the line.
> no cli print-message-codes
Disables raw input mode (help, completion, and command line editing
would be reenabled).
Example
director > no cli print-message-codes
director >
21
> ping
Synopsis
Use this command to send ICMP echo request packets. This command is also
available in enable and configuration modes.
Syntax
> ping [-c count] [-i delay] [-s packet-size] host [programoptions]
-c count specifies how many ping packets to send. Without this parameter,
ping continues until you press Control+C.
-i delay specifies the delay, in seconds, between ping packets.
-s packet_size specifies the size of ping packets, in bytes.
host specifies the host for which you want to send ICMP echo request
packets.
> ping program_options
The ping command supports standard UNIX options. For a list of available
options, enter ping by itself.
Example
director > ping -c 2 10.25.36.47
PING 10.25.36.47 (10.25.36.47): 56 data bytes
64 bytes from 10.25.36.47: icmp_seq=0 ttl=255 time=0.202 ms
64 bytes from 10.25.36.47: icmp_seq=1 ttl=255 time=0.214 ms
----10.25.36.47 PING Statistics---2 packets transmitted, 2 packets received, 0.0% packet loss
round-trip min/avg/max/stddev = 0.202/0.208/0.214/0.008 ms
22
> show
Synopsis
Use this command to display running system information.
Syntax
> show [subcommands]
Subcommands
> show arp
Displays IP statistics.
> show ip default-gateway [configured]
23
listen ports.
> show ip udp [conns]
The udp command displays UDP statistics and the udp conns command
displays UDP connection information.
> show ldap-server
Displays the login banner displayed for access to the Director Management
Console.
> show monitoring
24
Displays tcpdump.
> show telnet-management
The version command displays normal system version information and the
version detail command displays full version information in a compact
format.
Example
director > show privilege
Currently logged in as admin
Your current privilege level is 1
Your maximum allowed privilege level is 15
25
> slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director CLI. This command is also available in
enable and configuration modes.
The slogin command supports password authentication only. RSA authentication
is not supported.
Important: When the slogin command is run from configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
Syntax
> slogin [-l username] hostname [program_options]
Subcommands
> slogin -l username
Example
director > slogin -l admin 10.25.36.47
admin@10.25.36.47's password:
10.25.36.47 - Blue Coat SGOS>
26
> standby
Synopsis
Configures the Directors standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs.
Normally, only one Director is active in a standby pair; the active Director is the
only Director that performs configuration and monitoring tasks. The active
Director mirrors its configuration and state data to the partner Director, which
does not allow administrative access so that synchronization can be maintained
between the two Directors.
Syntax
> standby {make-active | make-primary partner_ip password | makesecondary partner_ip username | make-standalone}
Subcommands
> standby make-active
Makes this Director active. You use the active Director for all Director tasks,
including remote administration using overlays, profiles, jobs, and so on. The
normal state of the primary Director is active.
> standby make-primary secondary_ip-address password
Makes this Director the primary appliance in a standby pair. The primary
Director performs all day-to-day Director operations. All changes on the
primary Director are propagated to the secondary Director by means of the
sync utility running over SSH.
The primary Director continually executes SSH commands on the secondary
Director to verify connectivity.
When you execute the make-primary command, the Director reboots.
> standby make-secondary primary_ip-address password
Makes this Director the secondary appliance in a standby pair. The secondary
Director takes over for the primary Director when a failure occurs. The
normal state of the secondary Director is reserve, which means it cannot
perform any monitoring or configuration operations and will not accept
Management Console connections. If you configure the secondary Director to
be active, it performs all functions previously performed by the primary
Director.
When you execute the make-secondary command, Director reboots. To
access the secondary Director, you must log in with the standbyuser user
name.
> standby make-standalone
27
Takes the Director out of the standby pair. This is the factory default state of
Director. A standalone Director cannot participate in a standby pair until an
administrator changes its identity to primary or secondary.
When you execute the make-standalone command, Director reboots.
Example
director > standby make-primary 192.168.0.2 thunder
28
> tcpdump
Synopsis
Starts tcpdump in the background with the program option parameters provided.
If tcpdump was already running, this starts another instance (presumably with
parameters that pass through a disjoint set of packets, otherwise some will be
printed twice). Control returns to the user immediately, and packets are printed as
they arrive.
Important: If you do not specifically exclude packets between Director and the
host you are connecting from, an infinite feedback loop results because printing
packets generates SSH/telnet traffic, which generates more packets.
This command is also available in enable and configuration modes.
Syntax
> tcpdump {filter options | start | stop}
Subcommands
> tcpdump filter options
Starts tcpdump.
> tcpdump stop
Stops tcpdump.
Example
director > tcpdump -i ether-0 -c 3
director > tcpdump start
tcpdump: listening on ether-0
director >
tcpdump: listening on eth0, link-type EN10MB (Ethernet), capture
size 96 bytes
3 packets captured
3 packets received by filter
0 packets dropped by kernel
director > tcpdump stop
29
> traceroute
Synopsis
Determines the route packets take to a destination. The command executes until
the entire route to the host is traced, or until you press Control+C. This command
is also available in enable and configuration modes.
Syntax
> traceroute host
Subcommands
None.
Example
director > traceroute 172.16.45.142
1: 172.16.45.141 (172.16.45.141)
1: 172.16.45.142 (172.16.45.142)
Resume: pmtu 1500 hops 1 back 1
30
> upgrade-package
Synopsis
Enables you to roll back to the previously installed software version.
Subcommands
> upgrade-package rollback
Enables you to roll back to the previously installed system image. After you roll
back, Director reboots.
If there is no package to which to roll back, the following message displays:
No previously installed package available for rollback.
31
# archive
Synopsis
Use this command to manipulate Director backups (that is, archives) on this
Director appliance.
Note: Director does not archive its IP addresses so an archive taken on one
Director appliance can be restored on another Director appliance without
changing the target Directors IP addresses.
Syntax
# archive {{all | config | device-backup | event-log | job-report}
{create [archive_name url [username username password password]
| key keyname]} | delete archive_name | move archive_name_old
archive_name_new | fetch {archive_name url [username username
password password]} | upload {archive_name} url [username
username password password]}} | {delete key keyname | generate
key keyname | input key keyname {show | no-show}}
Subcommands
See one of the following sections:
allIncludes configuration, event log, device backup, and job report backup
data.
Note: The following configuration settings are not preserved when you create an
archive:
Directors IP addresses
SNMP (after restoring the archive, SNMP will be disabled and SNMP contact
information reverts to its default values)
NTP
32
job-reportIncludes job report data only. Job reports list the job commands
as well as errors that are encountered.
Entering show archive key ? displays the available archive keys on this
Director appliance. The keys passphrase is the user name of the user who
created the passphrase.
To add that key to the target Director appliance, use input key keyname
command.
Note: The following error indicates you do not have the appropriate privilege to use
this command:
% Error while generating key "test2"
Reads the RSA key pair and imports it in this Director appliance. Use this
command before you restore an archive that was created on another Director
appliance. In other words, if the key for the archive is not stored on this
Director appliance, use this command to import the key on this Director
before you restore the archive.
The show or no-show attributes can be used to make the key viewable or nonviewable with the show archive key keyname command. If the input key is
encrypted, you must enter the decryption passphrase. The passphrase is the
user name of the user who created the key.
Note that a zero length passphrase is not valid.
33
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see Specifying What to Archive on page 32.
Prerequisite: Creating and uploading an archive requires the archive file be
encrypted with an existing encryption key. For more information about
generating an archive key, see Working With Archive Keys on page 33.
The upload current parameters are required to create and upload the archive
file to an external server in one step. current is a reserved archive name that can
be used only for this purpose. The current archive is temporary; after the archive
is uploaded, it is deleted from Director.
For information about valid URL syntax, see URL Syntax on page 12.
An example follows:
director# archive all upload current
scp://192.168.0.50/director/ username director password bluecoat
key default
The command creates an archive file, encrypts it using the default key, and
uploads it to an external server using the SCP protocol, storing the archive in a
directory named director.
Creating an Archive and Optionally Encrypting It
To create an archive, encrypt it with an archive key, and optionally uploading the
archive to an external server, use the following syntax:
director (config)# archive {all | config | device-backup | eventlog | job-report} {create [archive_name url [username username
password password] | [key keyname]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see Specifying What to Archive on page 32.
For information about valid URL syntax, see URL Syntax on page 12.
The username and password parameters are required only if the external server
requires authentication.
If you omit archive_name, the archive is created with a name like the following:
sgmearchive-director-all-2008.12.03-004256.tgz
34
This command creates and archive named director_510_sgme5.4_12-0208.tgz and encrypts it with the key named default.
Deleting or Renaming Archives
To rename or delete an existing archive, you must specify the name of the archive.
Examples follow:
director # archive all delete sgme_5.4.1.1_510.tgz
director # archive device-backup move sgme_5.4.1.1_backups.tgz
sgme_5.4.1.1_backups_old.tgz
Fetching an Archive
Fetching an archive downloads it from an external server to this Director. To
restore the archive on Director, you must use the configuration mode command
discussed in Restoring an Archive on page 102.
Command syntax follows:
director # archive {all | config | device-backup | event-log | jobreport} fetch {archive_name url [username username password
password]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see Specifying What to Archive on page 32.
The archive_name parameter is required and it specifies the name of the archive file
to store on this Director appliance. url must also contain the archive file name if
there is more than one archive in the directory specified by url. If archive_name and
the file name in url are different, archive_name specifies the name of the archive
that is stored on this Director.
The username and password parameters must be used only if the external server
requires authentication.
For information about valid URL syntax, see URL Syntax on page 12.
For example,
director # archive all fetch sgme_5.4.1.1_510.tgz ftp://
192.168.0.50/director-5.4.1.1-36821-3192.tgz username director
password bluecoat
If the archive was encrypted using a key that is not stored on this Director
appliance, you must input the key as discussed in Working With Archive
Keys on page 33.
To restore (that is, install) the archive on this Director appliance, you must use
the configuration mode command discussed in Restoring an Archive on
page 102.
Uploading an Archive
To upload an archive to an external server, use the following command:
35
director # archive {all | config | device-backup | event-log | jobreport} upload {archive_name url [username username password
password]}
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see Specifying What to Archive on page 32.
archive_name must match the name of a previously saved archive on this Director.
to display archive names, enter one of the following commands;
director (config)# archive {all | config | device-backup | eventlog | job-report} upload ?
director (config)# show archive {all | config | device-backup |
event-log | job-report}
url can optionally specify a different archive file name to store on url.
The username and password parameters must be used only if the external server
requires authentication.
For information about valid URL syntax, see URL Syntax on page 12.
For example,
director # archive all upload sgme_5.4.1.1_12-5-08.tgz ftp://
198.162.0.50/director-5.4.1.1.tgz username director password
bluecoat
Example
The following example shows how to create an archive on the source Director,
upload it to an FTP server, and to install it on the target Director. The source and
target Directors can be the same Director appliances or different Director
appliances.
When prompted, enter a passphrase for the private key. Copy the entire key
to a text editor application; you will need it later.
Input the private key you copied earlier and, when prompted, enter the
private keys pass phrase.
36
37
# clear
Synopsis
This command clears specified options. This command is also available in
configuration mode.
Syntax
# clear [subcommands]
Subcommands
# clear arp statistics
Example
director # clear arp statistics
38
# cli
Synopsis
Sets CLI options. This command is also available in standard and configuration
modes. For information, see >cli on page 16.
39
# configure
Synopsis
Starts configuration mode, which enables you to manage the Director features.
See Chapter 3: "Configuration Mode Commands" for detailed information about
this command.
40
# content
Synopsis
Issues content management commands, which enable you to pre-populate the
object cache on selected devices with the content you specify. You specify content
by URL, and content commands also enable you to prioritize, delete, query, and
revalidate those URLs. In addition, URLs can be specified individually, by URL
list, or by regular expressions.
You can optionally place text files containing URL lists and regular expressions on
a Web server to which Director and the devices have access. Subcommands that
use urls-from can be used to distribute, query, revalidate, or delete content on
devices using these text files. For example, suppose you place a text file
containing a regular expression list of URLs on a Web server at URL http://
www.example.com/private/list-of-urls.txt. Use the content distribute urlsfrom command to cause devices to get the content list from list-of-urls.txt at
that URL; use content revalidate urls-from to validate the URLs; or use
content delete urls-from to delete content listed in list-of-urls.txt from
devices. (Other variations are discussed in this section; the preceding are
examples only and not a complete list.)
Similarly, you can create a URL list specified by a unique identifier and use the
URL list to distribute, query, revalidate, or delete content on devices.
This command is also available in configuration mode.
Syntax
# content subcommands
Subcommands
This section discusses the following subcommands:
delete on page 42
distribute on page 43
regex-list on page 47
revalidate on page 47
Note: For a discussion of the options subcommand, see (config) #content options on
page 111.
cancel command
Cancels currently executing content commands.
# content cancel command {{all | {command_id {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} | all}
41
To cancel all currently executing content commands on all devices and groups,
enter:
# content cancel command all
To get valid values for the addr-device, device, group, model, or os-version
subcommands, enter ? for the value. For example:
director # content cancel command 1 group ?
<group ID>
Austin
AustinDev
AustinDevGroup1
Sunnyvale
SunnyvaleDev
SunnyvaleQA
delete
Deletes content from the object cache of specified devices based on whether the
content matches URLs or regular expression.
# content delete {{regex url_regex | regexes-from url | regex-list
regex-list_id | url-list url_list_id | urls-from url | url url}
{addr-device ip_address_or_hostname | all | device device_id |
group group_id | model model | os-version sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-byte-cache model ?
<model ID>
200-B
200-C
Examples:
42
To delete content from the object cache of specified devices, where the
content is specified by url. In other words, this command deletes one
piece of content:
distribute
Adds (that is, pre-populates) the object cache of specified devices with content
specified by URL or regular expression.
Note: The content distribute command replaces the deprecated content
pull command.
# content distribute {{url url | url-list url_list_id | urls-from
url} {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content distribute url-list CEOUpdate model ?
<model ID>
200-B
200-C
Examples:
43
In the event devices purge their object cache, makes sure that higher priority
content is purged after lower priority content. A device purges its object cache
for a variety of reasons, including low available disk space.
# [no] content priority one-time {{priority#_0-7 regex-list regexlist_id | regexes-from url | urls-from url | url-list
url_list_id} {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}}
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content priority one-time 7 regexes-from https://
myserver.example.com/regexes/regexes.txt model ?
<model ID>
200-B
200-C
Examples:
To set the priority for objects specified by a regular expression list on the
specified set of devices:
# [no] content priority one-time priority#_0-7 regex-list regexlist_id {addr-device ip_address_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version}
To set the priority for objects specified by URLs listed in a text file stored
at url. (The URL you specify must be reachable by Director and the
devices you specify. The URL must also specify the full path to the text
file as well as the text file name.)
To set the priority for objects in a specified URL list object on the specified
set of devices:
content query
Returns information about the contents of devices object cache. Options include
verbosity of the returned information, and filtering by a variety of parameters.
The content query commands can return the following levels of detail:
concise
detail
summary
44
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # content query in-progress detail os-version ?
<os-version>
5.3.1.11
5.4.2.1
Queries devices for information on the objects they are storing and displays
concise execution status of content commands for the specified command ID.
The concise parameter provides the execution status for the specified
command and other information, such as the command name, the start time
and possibly the end time.
The detail command provides additional information about the specified
command ID. The format of the output for the detail command depends on
the type of command (that is, output for the content distribute command
is different than that for the content cancel command).
For the detail and summary commands, it is possible to filter the output
based on a device or group ID. It is also possible to further filter the output to
display only successful, failed, remaining, pending, or issued device
commands.
The definition of the successful and failed commands is specific to each
command.
For the content distribute, delete, and revalidate commands, a
command is successful if it could be delivered to the device. For content
query commands, a command is successful if the content is present in the
devices object cache.
Example:
# content query command CEO_Update09 detail status pending
45
# content query info {concise | detail | summary} {url url | urlsfrom url | url-list list} {addr-device ip_address_or_hostname |
all | device device_id | group group_id | model model | osversion sgos_version}
Runs the show content command for the specified URLs, and displays the
results for the devices specified.
The concise, detail, and summary parameters determine the level of
information returned:
detail displays each URL with the complete response from the device.
46
revalidate
Revalidates content in the specified devices object cache.
# content revalidate {{regex regex | regex-list list_id | regexesfrom url | url url | url-list list_id | urls-from url {addrdevice ip_address_or_hostname} {all | device device_id | group
group_id | model model | os-version sgos_version}}
To get valid values for the addr-device, device, group, model, or os-version
subcommands, enter ? for the value. For example:
director # content query in-progress detail os-version ?
<os-version>
5.3.1.11
5.4.1.2
Examples:
To revalidate objects specified by URLs listed in a text file stored at url. (The
URL you specify must be reachable by Director and the devices you specify.
The URL must also specify the full path to the text file as well as the text file
name.)
# content revalidate urls-from url {addr-device
ip_address_or_hostname | all | device device_id | group
group_id | model model | os-version sgos_version}
47
# debug
Synopsis
System debugging information and commands.
Syntax
# debug [subcommands]
Subcommands
# debug dump
# debug dump delete filename
Renames the old dump file name to the new dump file name.
# debug dump upload filename url
Uploads the specified debugging dump file to a remote URL in one of the
formats discussed in URL Syntax on page 12.
If the path ends with a directory name, it must end with / (a forward
slash).
Example
director # debug dump generate
Generating debugging dump...
Dump file successfully written to
sgmeinfo-cjd-d2-2004.04.23-163334.tgz
48
# device
Synopsis
Use this command to reconnect to a device with which you have lost the
connection.
Syntax
# device [subcommands]
Subcommands
# device device_id reconnect
Example
director # device 10.25.36.47 reconnect
49
# disable
Synopsis
Exits enable mode and returns you to standard mode.
Syntax
# disable
Example
director # disable
director >
50
# exit
Synopsis
Exits the system. If you want to exit enable mode and return to standard mode,
use the Enable mode command disable.
Syntax
# exit
Example
director # exit
Connection closed by foreign host.
51
# file
Synopsis
This command manages text files created with commands such as cli capture.
This command is also available in configuration mode.
Syntax
# file [subcommands]
Subcommands
# file text-file
# file text-file delete filename
Uploads the specified text file to a remote URL in one of the URL formats
discussed in URL Syntax on page 12.
If the path ends with a directory name, it must end with / (a forward
slash).
Example
director # file text-file move myfile.txt yourfile.txt
52
# help
Synopsis
Lists all top-level commands currently available. This command is also available
in standard and configuration modes. See >help on page 20 for more
information.
53
# job
Synopsis
This command allows you to immediately execute or cancel a specified job, or
immediately update the status of all jobs.
Syntax
# job [subcommands]
Subcommands
# job job_id
# job job_id cancel
Example
director # job 2004Apr23112257PDT cancel
54
# line-vty
Synopsis
This command sets the number of screen lines. If the number of lines to output is
greater than the screen size, the CLI output handler pauses output by displaying
the --More-- prompt. The default value of screen size is 24.
Press the Enter key to display more lines one by one the space bar to display
another group of screen lines, or enter, q or Control+C to end further displays. If
the number of lines is set to 0 (zero), then paging is disabled.
Important: This is a per-session variable and it is not saved to the
configuration database.
Syntax
# line-vty length number
Specifies the number of screen lines that will display. Set to 0 (zero) to disable
paging.
Example
director # line-vty length 0
55
# monitoring
Synopsis
Refreshes the health monitoring statistics for one or more devices; and generates
health reports and Performance Analysis reports for devices and e-mails those
reports.
Syntax
director # monitoring {refresh health-state {all | device device_id
| group group_id}} | {generate-report {health | performance}
subcommands}}}
Subcommands
This section discusses the following subcommands:
generate-report health
director# monitoring generate-report health {{all | device
device_id | group group_id | model model | os-version
sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year} {mail {From: email_address_list | To:
email_address_list | Cc: email_address_list | BCC:
email_address_list}} [username username | password password]
Specify the devices for which to generate and e-mail reports using the
parameters: {all | device device_id | group group_id | model
model | os-version sgos_version}
To get valid values for parameters other than all, enter the parameter
followed by the question mark character. For example, to get valid values
for os-version groups, enter:
director (config) # monitoring generate-report health osversion ?
Specify the period of time over which to average report values using the
parameters: {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year}
56
Description
From:
To:
Cc:
BCC:
username
password
Note: To set up the SMTP server, see (config) #mail-config on page 147.
The following example shows how to generate health reports for all devices
in the SGOS 5.4.1.1 OS Version group, compiled over the last day, to two
users. The SMTP server requires authentication from the user named
email.user@example.com.
director# monitoring generate-report health os-version 5.4.1.1
Last-Day mail From: director.user@bluecoat.com To:
john.doe@example.com,jane.doe@example.com username
email.user@example.com password bluecoat
generate-report performance
Generates and e-mails performance analysis reports for specified devices.
director# monitoring generate-report performance {{all | device
device_id | group group_id | model model | os-version
sgos_version} {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year} {Bytes | Kilo-Bytes | Mega-Bytes | Giga-Bytes} {mail
{From: email_address_list | To: email_address_list | Cc:
email_address_list | Bcc: email_address_list}} [username
username | password password]
Specify the devices for which to generate and e-mail reports using the
parameters: {all | device device_id | group group_id | model
model | os-version sgos_version}
To get valid values for parameters other than all, enter the parameter
followed by the question mark character. For example, to get valid values
for os-version groups, enter:
director # monitoring generate-report health os-version ?
57
Specify the period of time over which to average report values using the
parameters: {Last-Hour | Last-Day | Last-Week | Last-Month |
Last-Year}
Description
From:
To:
Cc:
BCC:
username
password
Note: To set up the SMTP server, see (config) #mail-config on page 147.
The following example shows how to generate performance reports for all
devices in the SGOS 5.4.1.1 OS Version group, compiled over the last day in
units of MB, to two users. The SMTP server requires authentication from the
user named email.user@example.com.
director# monitoring generate-report performance os-version 5.4.1.1
Last-Day Mega-Bytes mail From: director.user@bluecoat.com To:
john.doe@example.com,jane.doe@example.com username
email.user@example.com password bluecoat
refresh health-state
director# monitoring refresh health-state {all | device device_id |
group group_id}
58
# no
Synopsis
This command negates specified options.
Syntax
# no subcommands
Subcommands
# no cli
# no cli capture
The command no cli help disable re-enables the help system so that
typing the command '?' will give help on completing the line.
# no cli print-message-codes
Specifies not to print error codes along with each error message.
# no cli prompt-override
Disables raw input mode (help, completion, and command line editing
would be reenabled).
# no content priority one-time
Example
director # no session 192.168.0.2 username admin
59
# ping
Synopsis
Sends ICMP echo request packets. This command is also available in standard
and configuration modes. See >ping on page 22 for more information.
60
# push-policy
Synopsis
This command is related to content filtering policy. This command is available to
delegated users. If admin, sadmin, or another privilege 15 user runs the command,
an error is displayed.
This command is intended to be used by delegated users because the user must be
a member of a user group that is associated with a device or custom group. In
addition, the device or custom group with which the user is associated must be
associated with a Content Policy overlay.
Before a delegated user can use this command, the sadmin user must perform all
of the following tasks:
Create delegated user groups and associate users with user groups
For more information about content filtering policy commands and role-based
access, see Content Filtering Policy and Role-Based Access on page 7.
Syntax
# push-policy {device device_id | group custom_group_name |
central}
Subcommands
# push-policy device device_id
61
# reload
Synopsis
This command allows you to reboot or shut down this machine. This command is
also available in Configuration mode.
Syntax
# reload [halt [force] | force]
Subcommands
# reload
With no optional subcommands, reboots this machine, but warns you if there
are outstanding configuration changes.
Blue Coat strongly recommends using the write memory command before
the reload command to avoid losing pending configuration changes. For
more information, see #write on page 92.
# reload force
Example
director # reload halt force
62
# remote-config
Synopsis
Configures and manages remote devices. More options are available in configure
mode as discussed in (config) #remote-config on page 175.
Syntax
# remote-config subcommands
Subcommands
This command has the following subcommands:
clear-byte-cache on page 63
clear-dns-cache on page 63
clear-object-cache on page 64
diff on page 64
execute on page 65
overlay on page 66
profile on page 67
reboot on page 67
reconnect on page 67
This command enables you to clear the byte cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-byte-cache model ?
<model ID>
200-B
200-C
clear-dns-cache
# remote-config clear-dns-cache {all | device device_id | group
group_id | model model | os-version sgos_version}
63
This command enables you to clear the DNS cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-dns-cache model ?
<model ID>
200-B
200-C
clear-object-cache
# remote-config clear-object-cache {all | device device_id | group
group_id | model model | os-version sgos_version}
This command enables you to clear the object cache on single devices, all
devices, or groups of devices.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config clear-object-cache group ?
<group ID>
Austin
AustinDev
AustinDevGroup1
Sunnyvale
SunnyvaleDev
SunnyvaleQA
diff
# remote-config diff [context | unified] {{backups first_device_id
first_backup_id second_device_id second_backup_id} | {overlays
first_overlay_id second_overlay_id} | {profiles
first_profile_id second_profile_id}}
Compares backups, overlays, or profiles using a diff utility and formats the
output in one of the following ways:
context format uses an identification line for each file, containing the
filename and modification date.
unified (default) uses plus and minus signs to indicate differences: each
line that occurs only in the left file is preceded by a minus sign, each line
that occurs only in the right file is preceded by a plus sign, and common
lines are preceded by a space.
download-system url
# remote-config download-system url url {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}
64
execute
# remote-config execute {{addr-device ip_or_hostname | all | device
device_id | group group_id | model model | os-version
sgos_version} {command command | disable-health | enable-health
| input [errors-only]}}
Note: To get help for commands you can execute, you must first designate a
device using remote-config help device device_id as discussed in help
device on page 178.
Enables you to perform the following operations on a single configured
device, all configured devices, or a group of configured devices:
command command executes a single command. To run enable mode
commands on a device, you must use the input parameter.
enable-health enables health monitoring on the devices.
disable-health disables health monitoring on the devices.
input [errors-only] runs a set of commands. After you enter remoteconfig execute followed by input, type the set of commands to execute
For example, to run commands that cause all devices to display their
version and bandwidth gains, enter the following:
65
(Press Control+D)
To run the same commands but display only error messages, enter the
following:
director # remote-config execute all input errors-only
Enter your commands now. Press Ctrl-D to finish, Ctrl-C
to abort.
exit
show version
show bandwidth-gain
config t
(Press Control+D)
license-key update
# remote-config license-key update {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}} [errors-only |
username web_power_username password web_power_password]
Note: The BlueTouch Online user name and password are not validated.
They are used only if the license must be fetched from BlueTouch Online.
(BlueTouch Online was previously referred to as WebPower.)
overlay
# remote-config overlay overlay_id execute {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} [errors-only]
66
Note: Usually, a profile or overlay displays results for all devices in a group when the
profile or overlay is executed on a group of devices under a banner similar to:
+------------------------------------------| Output for device "name"
+-------------------------------------------
However, if the group has no substitution variables defined for it but some of the
devices in the group have substitution variables defined for them, profile or overlay
execution displays errors for the devices without substitution variables and it displays
the result of the command execution for devices with substitution variables.
The error displays as follows:
Error: The device <name> does not have a value for the required
substitution variable variable-name.
profile
# remote-config profile profile_id execute {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version} [errors-only]
Executes the specified profile against the specified device or group of devices,
optionally displaying only errors.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config profile 510Edge execute os-version ?
<os-version>
5.3.1.11
5.4.1.2
reboot
# remote-config reboot {addr-device ip_address_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version}
Reboots the given device or group of devices. The command waits until all
the specified devices have finished rebooting before returning. This command
can therefore be used, for example, in schedules when you need to reboot a
device between two other commands.
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config reboot device ?
<device ID>
Dev142
QA143
reconnect
# remote-config reconnect {addr-device ip_address_or_hostname | all
| device device_id | group group_id | model model | os-version
sgos_version}
Reconnects the given device or group of devices. this command does not wait
for the reconnect process to complete before returning. It just initiates the
reconnect process.
67
To get valid values for the addr-device, device, group, model, or osversion subcommands, enter ? for the value. For example:
director # remote-config reconnect device ?
<device ID>
Dev142
QA143
validate-system version
# remote-config validate-system version version {addr-device
ip_address_or_hostname | all | device device_id | group group_id
| model model | os-version sgos_version}
However, the following command fails if any device is not running SGOS
5.3.0.6:
# remote-config validate-system version 5.3.0.6 all
Example
director # remote-config backup restore device 10.25.36.47 bu2
68
# show
Synopsis
Use this command to display running system information.
Syntax
# show subcommands
Subcommands
This section discusses the following subcommands:
access-lists on page 70
archive on page 70
arp on page 71
banner on page 71
category-list on page 71
cli on page 72
clock on page 72
configuration on page 72
content on page 73
device-hierarchy on page 73
devices on page 73
file on page 75
folder-hierarchy on page 75
folders on page 75
groups on page 75
hosts on page 76
interfaces on page 76
ip on page 76
jobs on page 77
jobs-detailed on page 78
lcd on page 78
ldap-server on page 78
license on page 78
69
line-vty on page 78
list-settings on page 79
mail-config on page 79
ntp on page 80
platform on page 80
privilege on page 80
radius on page 80
remote-config on page 80
require-config-lock on page 82
role on page 82
role-hierarchy on page 83
role-substitution-variable on page 83
running-config on page 83
sessions on page 83
snmp on page 83
special-groups on page 83
ssh on page 84
standby-settings on page 84
status on page 84
syslog on page 85
tacacs on page 85
tcpdump on page 85
telnet-management on page 85
upgrade-package on page 85
user-group on page 85
usernames on page 86
version on page 86
#slogin on page 87
70
# show archive
# show archive all [archive_name]
certificate-signing-request
# show certificate-signing-request
71
For admin and super-admin users this displays all the categories from the
master category list. For the delegated users it displays the categories
associated with them. If the categories are not associated to particular
delegated user, and the categories are associated to all the users in the
usergroup, those categories are displayed.
For information about categories, see KB article 1567 and the Blue Coat
WebFilter URL Categories data sheet.
cli
#show cli-timeout
Displays the CLI timeout configured on the appliance. The default value is
900 seconds/15minutes.
clock
# show clock
Displays a list of the names of all configuration files on the system, or, if
you specify a filename, displays the contents of the specified
configuration file's saved state.
# show configuration lock-holder
Displays identity and idle time of the holder on the write lock for this
node.
# show configuration options {exclude-devices | exclude-jobs |
exclude-priorities | exclude-groups}
exclude-devices displays the Directors configuration without
commands related to device configuration.
exclude-jobs displays the Directors configuration without commands
related to job configuration.
exclude-priorities displays the Directors configuration without
commands related to content priority configuration.
exclude-groups displays the Directors configuration without
72
Command line: Configuration changes are saved only after you enter
the write memory command. Until then, the changes are part of
Directors running configuration.
Displays a summary of the regular expression list or, with the optional
list_id parameter, displays information about a particular regular
expression ID.
# show content url-list [list_id]
Displays a summary of the URL expression list or, with the optional
list_id parameter, displays information about a particular URL ID.
debug dumps
# show debug dumps
Displays a list of the dump files saved on the system followed by the space
available for dump files.
device-hierarchy
# show device-hierarchy
73
Displays detailed information about the specified device; that is, its
address, name, comment, Web configuration port, protocol, authtype,
simple authentication info (username, and password), model, SGOS
version, and RSA authentication information (user name, client user
name and identity, and known host key).
Entering a device ID and the optional substitution-variable
parameter displays all substitution variables defined for that device and
inherited from groups to which the device belongs (in other words, the
group hierarchy to which the device belongs).
For example,
director # show devices Dev142 substitution-variable
Substitution-Variable:SNMPContact
Value:user@example.com
Device:Dev142
Substitution-Variable:DNS
Value:172.16.36.10
Group:Austin
Substitution-Variable:SNMPContact
Value:user@example.com
Group:AustinDev
Substitution-Variable:DNSAlt
Value:10.107.4.77
Group:Sunnyvale
This example shows that the device Dev142 has one substitution variable
defined for it; and two other variables (DNS and DNSAlt) it inherits from
groups to which it belongs.
# show devices max-supported
Without an optional parameter, displays the state of all devices that were
added to this Director. Add one of the optional arguments to display the
state of certain devices (for example, the configured parameter displays
the state of configured devices only).
# show devices versions
74
file
# show file
# show file systems
Displays a list of valid file systems for the local machine. Each is shown
with the following: their filename; full capacity; amount of remaining free
space; miscellaneous flags; and type, which is either image (can hold
software images) or var (where all machine-specific information is kept:
logs, configurations, home Directories, etc.).
# show file text-files [filename]
Displays the contents of a text file, using the UNIX less command. If no
filename is specified, a list of files is displayed. Common keystrokes used
with the less command:
b to move up a page
q to quit
folder-hierarchy
# show folder-hierarchy
Displays the hierarchy of folders for profiles, overlays, jobs, and content
collections.
folders
# show folders [folder_id]
Displays information about the specified group. This includes its group ID,
friendly name, comment, its parent's group ID (if it is not a top-level group), a
list of all its devices (ID only) and a list of all its subgroups (ID only). If the
named group does not exist, an error is given.
If no group is specified, a list of all groups (their ID and friendly name only) is
displayed.
Entering a group ID and the optional substitution-variable parameter
displays all substitution variables defined for that group and inherited from
other groups.
75
For example,
director # show groups AustinDev substitution-variable
Substitution-Variable:SNMPContact
Value:user@example.com
Group:AustinDev
Substitution-Variable:DNS
Value:172.16.36.10
Group:Austin
This example shows that the group AustinDev has one substitution variable
defined for it and it inherits one variable (DNS) from a parent group.
For more information about substitution variables, see the Blue Coat Director
Configuration and Management Guide.
hosts
# show hosts
Displays the values that can be set by the user with their configured
values.
ip
# show ip
76
The tcp command displays TCP statistics, the tcp conns command
displays TCP connection information, and the tcp listeners command
displays TCP listener information.
# show ip [udp [conns]]
The udp command displays UDP statistics and the udp conns command
displays UDP connection information.
jobs
# show jobs [job_id {commands | date-time-pairs | execution
subcommands | status | time-of-day | substitution-variables |
validate}]
77
An example follows:
director # show jobs Job1 validate
overlay:SG210Basic
device:Dev142
% Conflicts found, unable to apply the substitution
variables.
Target-Device:Dev142
Substitution-Variable:DNS
Value:10.107.4.77
Group:Sunnyvale
Value:10.107.4.60
Group:AustinDev
Displays the LCD panel settings PIN. A value of 0000 means that no PIN is
set. To set the front panel LCD PIN, see (config) #lcd on page 141.
ldap-server
# show ldap-server
Displays the validity of the currently installed license on your Blue Coat
Director.
line-vty
# show line-vty
78
list-settings
# show list-settings
Displays the list settings for the logged in user. If the list settings are not set
for the user, the list settings are inherited from the user-group the delegated
user belongs to.
This command is available to delegated users only.
# show logging
Displays all configuration parameters associated with logging: the list of SCP
servers; the logging trap level; and the console log level.
mail-config
# show mail-config
This command displays alerts with a specific metric, severity, state, status,
range for number of days; optionally, for a device or for a group. You must
specify a metric to view and you can optionally filter the results by severity,
state, status, and number of days.
metric subcommands follow:
connection status
threshold limit
crossed a threshold
79
motherboard over-temperature)
Note: The alerts displayed by a particular device are SGOS version-dependant.
Director displays only the alerts that are supported by the version of SGOS the device
runs.
Examples:
director # show monitoring alerts metric all severity warning
Displays Network Time Protocol (NTP) configuration: the current list of NTP
servers, their version numbers, and whether they are marked as preferred.
Also indicates whether NTP is enabled.
Note: Version 3 is hardcoded into the configuration database when the
management node is created. When the NTP server is up, the correct version
is returned.
platform
# show platform
Displays the current user's privilege level, both current and maximum. The
current level will reflect only what mode the user is in (standard, enable, or
configuration); the maximum level will be whatever is configured as the
maximum privilege level for that username.
radius
# show radius
Displays the given backups available for all the devices on the system. If
you specify a device ID, only the given backups available for this device
are displayed. If you specify a device ID and a backup ID, the contents of
the specified backup are displayed.
80
Displays the device used for command line completion and help.
# show remote-config license-key username
Displays the BlueTouch Online user name, if any, entered when applying
a license upgrade to a device. (BlueTouch Online was previously referred
to as WebPower.)
# show remote-config overlays [{overlay_id | substitutionvariables | {validate | all | device device_id | group
group_id | model model_number | os-version sgos_version}
substitution-variable}]
Displays a list of all the profiles in the system, and their comments. If you
specify profile_id, this command displays the contents of the given
profile, along with its comment and friendly name.
If you specify profile_id and the optional substitution-variable
parameter, the names of any substitution variables defined for that profile
display.
81
This command is used for content filtering policy. This command is available
for the sadmin, admin, and privilege 15 users.
Displays the list of user groups. For example,
director # show role delegated-admin user-groups
unassigned
Fin_policy
HR_policy
# show role delegated-admin user-groups policy-file-association
Displays the categories assigned to the users. The all option displays the
categories of the user group level. If categories are not set for the user, the
categories are inherited from the user-group the delegated user belongs to.
82
role-hierarchy
# show role-hierarchy
This command is used for content filtering policy. This command is available
for the sadmin, admin, and all privilege 15 users.
Displays the hierarchy of user groups (used for content filtering policy). For
example,
# show role-hierarchy
delegated-admin:
unassigned
Finance_policy
HR_policy
role-substitution-variable
# show role-substitution-variable {device device_id | group
custom_group_name}
This command is used for content filtering policy. This command is available
for the sadmin, admin, delegated-admin, and all privilege 15 users.
Displays the substitution variables defined for the specified device or custom
group.
# show role-substitution-variable user-group user-group-name
sessions
# show sessions
83
Devices in custom groups and for each device, which model and
operating system group it belongs to.
ssh
# show ssh
# show ssh client
RSA authorized public keys for all users or for the specified user.
# show ssh client [identity [user username]]
Displays known host identities for all users or for the specified user.
# show ssh client [knownhosts [user username]]
Displays known host public keys for all users or for the specified user.
# show ssh server [hostkey | knownhosts]
Displays the standby pair settings for the Director. This includes the identity
of the primary and secondary. For more information, see Chapter 12,
Configuring Director Redundancy, in the Blue Coat Director Configuration and
Management Guide.
status
# show status
84
b to move up a page
q to quit
Displays whether or not Telnet logins are enabled, and displays options
related to the Telnet server.
upgrade-package
# show upgrade-package
This command is used for content filtering policy. This command is available
for the sadmin, admin, delegated-admin, and all privilege 15 users.
Displays objects associated with the specified user group name. For example,
to display the objects associated with the user group named Finance_policy:
85
Assoc-Device displays the device IDs of all devices associated with the
user group
usernames
# show usernames [username]
Displays a list of all usernames of all the users in the system. The privilege
level is listed for each username. If a username is specified, the information is
shown only for that user.
Note that this list does not reflect who is currently logged in.
version
# show version [detail]
Displays version information for the software installed on the local machine
and also includes Directors hardware serial number. If you use the version
detail command, the output contains a few more fields, and is shown in a
more compact format.
86
# slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director CLI. This command is also available in
Standard and Configuration mode. For information, see >slogin on page 26.
Important: When the slogin command is run from Configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
87
# ssl
(Introduced in SGME 6.1.9.1) Configure security settings on the Director
appliance. For more information on the subcommands, see (config) #ssl on page
197.
88
# standby
Configures the Directors standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs. For information, see >standby on page 27.
89
Syntax
# tcpdump upload url
Upload a tcpdump file to an external server. url must be in one of the formats
discussed in URL Syntax on page 12.
For information about other options available with tcpdump, see >tcpdump on
page 29.
Example
# tcpdump upload ftp://192.168.0.2/uploads/
# tcpdump upload ftp://192.168.0.2/uploads/tcpdump.txt
90
# traceroute
Synopsis
Determines the route packets take to a destination. This command is also
available in standard and configuration modes. For information, see
>traceroute on page 30.
91
# write
Synopsis
Writes running configuration to persistent storage, making the changes
permanent. This command is also available in configuration mode.
Syntax
# write memory
Example
director # write memory
92
With the configure command you can attempt to acquire a write lock on the
configuration state of this Director. If you succeed, you enter Configuration mode. This
affects what set of commands are available. The word config is inserted into the
prompt to the left of the trailing # character.
Syntax
configure terminal [force]
If you fail to acquire a write lock (because someone else had the lock), you will
see an error message containing information about the current lock holder. The
full output will look similar to the following example:
director # configure terminal
% Lock is currently owned by:
Username: admin
Remote address: 10.25.36.47
Last active: 2004/04/28 07:29:05
Note that active here means making configuration changes, rather than any
keystrokes in the CLI.
If the force option is specified, the Director will break the lock of anyone else
who has it, instead of failing. The other client will be notified asynchronously
that it has lost the lock. After the lock is broken, the breaker automatically
acquires the lock.
93
LDAP: Supports authentication and authorization. You can configure all new
LDAP users to have privilege level 15 access, if needed. For more
information, see (config) #ldap-server on page 166.
Important: To use RADIUS authentication, you must specify a shared secret (also
referred to as a key) when you configure the RADIUS server in Director.
The aaa authentication login default command enables you to use any
combination of the preceding mechanisms to authenticate and authorize users.
Use the aaa authentication login default command to determine the order
in which the repositories are searched. Local authentication must always be
searched.
For example, suppose your company has RADIUS and TACACS servers to
authenticate and authorize users. When a user named joe.jones logs in to
Director, you can configure Director to search for joe.jones in RADIUS,
TACACS, and local user repositories.
The following command causes Director to first search RADIUS; if joe.jones is
not found, Director searches TACACS; if joe.jones is not found, Director
searches its local repository; and if joe.jones is not found, Director denies the
login attempt:
(config) # aaa authentication login default radius tacacs local
If you have only a RADIUS server to authenticate and authorize users, use the
following command:
(config) # aaa authentication login default radius local
Note that local must always be in the list.
Syntax
(config) # aaa authentication login default {local | radius |
tacacs} subcommands
94
Subcommands
(config) # aaa authentication login default local {radius
[tacacs+]| tacacs+ [radius]}
Configures default authentication for login using the local password file.
(config) # aaa authentication login default radius {local [tacacs+]
| tacacs+ [local]}
Example
director (config) # aaa authentication login default tacacs+ local
radius
95
(config) # abort-on-errors
Causes a job to stop executing if errors are encountered. This command should
not be used in the command line; the command is used only by the Management
Console and is listed here for completeness.
96
Syntax
(config) # [no] access-list access_list_name
Protocol
Enables you to selectively permit, deny, or reject traffic from the following IP
protocols (transport layer and below only):
tcp
udp
0 (echo-reply)
3 (unreachable)
4 (source-quench)
97
5 (redirect)
8 (echo)
gt (greater than)
lt (less than)
== (equal to)
Subcommands
This section discusses the following subcommands:
comment
deny on page 99
exit on page 99
help on page 99
permit on page 99
comment
(config acl access_list_name) # [no] comment comment
98
Drops packets using the specified IP protocol from any source address. To
drop packets for all IP protocols, enter ip for ip_protocol. For more
information, including information about the ICMP protocol, source and
destination addresses, and port number matching for TCP and UDP
protocols, see Subcommands on page 98.
Prefacing this command with the optional no command removes the deny
rule.
(config acl access_list_name) # deny ip_protocol source_ip_address
wildcard_mask {any | destination_ip_address
destination_wildcard | host ip_address} [log]
Drops packets using the specified IP protocol from a specified source address.
(config acl access_list_name) # deny ip_protocol host ip_address
{any | destination_ip_address wildcard_mask | host ip_address}
[log]
Drops the packet for the host source address for the specified IP protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in (config) #interface interface_number on
page 133.
exit
(config acl access_list_name) # exit
Passes the packet through for any source address for the specified IP
protocol. To pass the packet through for all IP protocols, enter ip for
ip_protocol. For more information, including information about the
ICMP protocol, source and destination addresses, and port number
matching for TCP and UDP protocols, see Subcommands on page 98.
Prefacing this command with the optional no command removes the
permit rule.
(config acl access_list_name) # permit ip_protocol
source_ip_address source_wildcard {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
99
Passes the packet through for the host source address for the specified IP
protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in (config) #interface interface_number on
page 133.
reject
(config acl access_list_name) # [no] reject ip_protocol
(config acl access_list_name) # reject ip_protocol any {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for any source address for
the specified IP protocol. For more information, including information
about the ICMP protocol, source and destination addresses, and port
number matching for TCP and UDP protocols, see Subcommands on
page 98.
Prefacing this command with the optional no command removes the
reject rule.
(config acl access_list_name) # reject ip_protocol
source_ip_address source_wildcard {any |
destination_ip_address destination_wildcard | host
ip_address} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for the specified source
address for the specified IP protocol.
(config acl access_list_name) # reject ip_protocol host
ip_address {any | destination_ip_address
destination_wildcard | host} [log]
Either returns an error code to the sender of the packet or responds with
an ICMP unreachable message, depending on whether matching is done
on outbound or inbound traffic, respectively, for the host source address
for the specified IP protocol.
After you set up an access list, you must associate it with a Director interface
using an access group as discussed in (config) #interface interface_number on
page 133.
show access-lists
(config acl access_list_name) # show access-lists
100
Example
director (config acl bc) # deny udp 10.107.0.62 0.0.255.255
192.168.0.11 0.0.255.255 gt 5000
director (config acl bc) # show access-lists
Access-list bc, type "filter"
0: deny 0.0.0.0 255.255.255.255 10.107.0.62 0.0.0.0 ip log
1: deny 10.107.0.62 0.0.255.255 192.168.0.11 0.0.255.255 udp gt
5000
101
(config) # archive
Synopsis
Manipulates archives on this system. With the exception of the restore
subcommand, this command is also available in enable mode. See #archive on
page 32 for information.
Note: Director does not archive its IP addresses so an archive taken on one Director
appliance can be restored on another Director appliance without changing the target
Directors IP addresses.
Syntax
Restoring an Archive
To restore an archive (that is, to install an archive located on this Director
appliance), use the following command:
director (config)# archive {all | config | device-backup | eventlog | job-report} restore archive_name [key keyname]}
Prerequisites: Before restoring an archive, you must perform all of the following
tasks:
If the archive was encrypted with a key that is not already stored on this
Director, you must input the archive key.
For the meaning of the all, config, device-backup, event-log, and jobreport parameters, see Specifying What to Archive on page 32.
archive_name must match the name of a previously saved archive on this Director.
to display archive names, enter one of the following commands;
director (config)# archive {all | config | device-backup | eventlog | job-report} restore ?
director (config)# show archive {all | config | device-backup |
event-log | job-report}
If the archive was encrypted with an archive key, you must enter a value for the
key parameter.
For example,
director (config)# archive all restore sgmearchive-director-all2008.12.03-004256.tgz key mykey
102
(config) # arp
Synopsis
Adds a permanent entry to the Address Resolution Protocol (ARP) cache or sets
parameters for ARP.
Syntax
(config) # arp subcommands
Subcommands
(config) # arp ip_address MAC_address
Sets the ARP cache timeout value in seconds. The default value is 14400
seconds (4 hours).
Example
director (config) # arp timeout 28800
103
(config) # banner
Synopsis
Changes the banner displayed on an SSH command session and serial console.
The default banner is similar to the following:
Copyright (c) 1997-2009, Blue Coat Systems, Inc.
Welcome to SG-ME 6.1.1.1 #45678 2012.01.05-013904
For configuring a banner for the Director Management Console, see (config)
#login-banner on page 143.
Syntax
(config) # banner input banner-text
The input parameter enables you to enter banner text. After input, enter the
banner text, ending with Control+D.
Subcommands
There are no subcommands of this command.
Example
director (config) # banner input
Enter your banner now.
Press Ctrl-D when finished, or Ctrl-C to abort.
Welcome to Director for Example Corp.
Director is running SGME 6.1 build 76543
director (config) # show banner
Welcome to Director for Example Corp.
Director is running SGME 6.1 build 76543
104
(config) # cdn
Synopsis
This command has been deprecated; use (config) #content options on page 111
instead.
105
(config) # clear
Synopsis
Clears certain options. This command is also available in enable mode. See
#clear on page 38 for information.
106
(config) # cli
Synopsis
Sets Command Line Interface (CLI) options.
Syntax
(config) # cli [subcommands]
Subcommands
(config) # cli sg-cli-timeout time_duration
Sets the amount of time of user inactivity before the administrator is logged
out of the command line session on the ProxySG appliance. The timeout
applies to standard, enable, and configuration mode sessions. The default
value is 1440 minutes.
This setting applies to all users and is persistent across sessions (provided
you use the write memory command as discussed in #write on page 92).
It is only read when an administrator logs in, so if multiple administrators are
logged in when the timeout is changed, it will immediately affect only the
administrator who made the change. The others will be affected the next time
they log in.
(config) # show sg-cli-timeout
Display the timeout period set for CLI sessions on the ProxySG appliance.
(config) # cli timeout time_duration
Sets the amount of time of user inactivity before the administrator is logged
out of the command line session. The timeout applies to standard, enable, and
configuration mode sessions.
This setting applies to all users and is persistent across sessions (provided
you use the write memory command as discussed in #write on page 92).
It is only read when an administrator logs in, so if multiple administrators are
logged in when the timeout is changed, it will immediately affect only the
administrator who made the change. The others will be affected the next time
they log in.
(config) # show cli timeout
Example
director (config) # cli timeout 2h 30m
107
(config) # clock
Synopsis
Use this command to set the current system time, and optionally also the date.
This command is not available if a local NTP server is running. Note that, unlike
most configuration commands, this command does not wait for a write memory
command to be committed to persistent storage.
Syntax
(config) # clock [subcommands]
Subcommands
(config) # clock set time_[h]h:mm[:ss] [date_yyyy/mm/dd]
Sets the local timezone. A state or province is required for some countries (for
example, United States and Canada), but not for others (for example, Europe,
Australia).
Example
director (config) # clock timezone america united_states california
los_angeles
108
(config) # configuration
Synopsis
Manipulates configuration files. A configuration includes the following:
Objects associated with profiles, overlays, jobs, and groups (for example,
substitution variables, URL lists, regular expression lists, and so on)
Alerts
SNMP (after restoring the archive, SNMP will be disabled and SNMP contact
information reverts to its default values)
NTP
Syntax
director (config) # configuration {delete {filename | initial} |
destroy-old-files | move {{source_filename | initial}
destination_filename} | new filename [keep-console] | restorefactory-defaults | restore-sgme4-files | revert | switch-to
{filename | initial} write [to]}
Subcommands
(config) # configuration delete {filename | initial}
Moves the specified configuration file from the first filename or the initial
configuration to the destination file name. This command can also be used to
rename a file.
(config) # configuration new filename [keep-console]
Restore the configuration back to factory defaults. Use this command only in
if necessary; for example, if errors prevent you from using Director. You can
also use it to reset Director to defaults after testing Director in your
deployment.
After using this command, Director reboots.
109
Use this command only if you downgrade from SGME 5.3.x to SGME 4.2.2.1
to restore the SGME 4.2.2.1 configuration files.
(config) # configuration revert
Reverts the running state of the system back to the last-saved state.
(config) # configuration switch-to {filename | initial}
Example
director (config) # configuration switch-to fn-2
110
#content on page 41
Syntax
director (config)# content options {throttle delay delay_sec numcommands integer | timeout {completed-cmds seconds |
outstanding-cmds seconds}}
Sets options to manipulate the number of content commands that complete per
unit time.
where
delay_sec is the number of minutes to delay between sending batches of content,
integer is the number of content commands to send in one batch, and seconds is
111
#content on page 41
Syntax
director (config)# content url-list list_id {comment comment |
create | name name | input}
Subcommands
director (config)# content url-list list_id comment comment
Enables you to input a URL list. Put each URL on a separate line. When
youre finished, press Control+D to save the list or Control+C to cancel
without saving the list.
Note: Every URL must start with the protocol (also referred to as the schema);
for example, http://. URLs that start with www. or a similar prefix are not
valid and will result in job execution failure.
112
(config) # continue-on-errors
Causes a job to continue executing if errors are encountered. This command
should not be used in the command line; the command is used only by the
Management Console and is listed here for completeness.
113
(config) # debug
Synopsis
System debugging information and commands. This command is also available in
enable mode. See #debug on page 48 for information about this command.
114
This command is required only if you use a port other than the default, 22.
(config device device_id) # front-panel-pin pin
This command is required only if a front panel PIN is set on the device.
Commands for SSH Simple Authentication
SSH Simple authentication means Director uses an unencrypted user name and
password to authenticate itself with the device. Because the user name and
password are not encrypted, Blue Coat strongly recommends you use SSH-RSA
authentication as discussed in the next section.
For Director to authenticate itself with a device non-securely using SSH Simple
authentication, you must enter the following commands in addition to the
commands discussed in Common Authentication Commands on page 115:
(config device device_id) # auth simple password password
(config device device_id) # auth simple username username
Add the device using SSH Simple authentication and upload keyrings to the
device to change it to SSH-RSA
The commands required to perform these tasks are discussed in this section.
Register the device with Director, which adds it and causes it to authenticate
using SSH-RSA in one step
This is discussed in Chapter 4, Registering Devices, in the Blue Coat Director
Configuration and Management Guide.
115
The auth simple username and auth simple password commands are
required for Director to use the devices CLI to set up SSH-RSA
authentication.
(config device device_id) # auth rsa username director
This reserved user name is required for Director to authenticate the device.
(config device device_id) # auth rsa key {copy device_id sshv1} |
generate sshv2}
This command gives you the choice of copying a keyring from another device
or generating a new keyring for the device.
(config device device_id) # pushkey sshv2
(config device device_id) # authtype rsa
Syntax
(config) # device device_id
Note: The device ID can be a maximum of 250 characters in length and cannot
include the following characters: {, }, <, >, (, ), #, or $.
Subcommands
See one of the following sections:
no on page 118
116
address
(config device device_id) # address hostname_or_ip_address
Sets the SSH-RSA key pair for connections to this device to be a copy of
the key used for device_id2. This command does not change any
settings for device_id2, so any future changes to the key for device_id2
will not be automatically be copied to this device.
(config device device_id) # auth rsa key generate sshv2
Specifies or changes the known host public key for this device.
(config device device_id) # auth rsa username director
Sets the username that will be used to log in to a device if authtype is set to
rsa.
Important: The user name must be director or connection to Director will
fail.
(config device device_id) # auth simple {password password |
username username}
Sets the password that Director uses to log in to a device if the authtype
command is set to simple.
Important: For Director to connect to the device, you must supply both a user
name and a password. For example, if the devices user name is admin and
the password is bluecoat, enter the following commands:
(config device device_id) # auth simple password bluecoat
(config device device_id) # auth simple username admin
authtype
(config device device_id) # authtype [rsa | simple]
117
dnsname
(config device device_id) # dnsname name
Enter the hostname for this device. This options allows you to use a human
readable name instead of a dotted IP address to access the device.
enable-password
(config device device_id) # enable-password enable-password
118
Resets the protocol for this device to its default, which is telnet.
(config device device_id) # no web-config port
Resets the port for the Web configuration interface on this device to the
default, which is 8082.
overlay
director (config device device_id) # overlay
content_policy_overlay_id
Logs into the device and adds Directors RSA-SSH public key to its
authorized key list.
pushpassword
(config device device_id) # pushpassword {enable-password password
| front-panel-pin pin | password password}
Sets the enable password, front panel PIN, and login password on this device
and device record.
reconnect
119
Director.
substitution-variable
(config device device_id) # substitution-variable name input
Sets the devices HTTPS Console port. To find this value, log in to the
ProxySG Management Console for the device and click Services >
Management Services. The port value displays in the right pane in the Port
column for HTTPS-Console.
120
(config) # device-acl
Synopsis
Associates a device or a custom group with a user group. Delegated users in this
user group can push block lists and allow lists to these devices or groups.
This command is used with content filtering policy. This command is available for
the sadmin user only.
For more information about content filtering policy commands, see Content
Filtering Policy and Role-Based Access on page 7.
Syntax
director (config) # [no] device-acl role delegated-admin user-group
user_group_name {device device_id | group custom_group_name}
For example, the following command associates the user group Finance_policy
with the custom group DevAustin:
director (config) # device-acl role delegated-admin user-group
Finance_policy group DevAustin
Related Commands
121
122
Syntax
(config) # dmc request-timeout <number_of_seconds>
Subcommands
There are no subcommands for this command.
Example
Set the request timeout to be 31 seconds and then verify the setting using the
#show command.
(config) # dmc request-timeout 31
(config) # show dmc request-timeout
DMC request timeout: 31
123
Syntax
(config) # dmc timeout time
Subcommands
(config) # no dmc timeout
Resets the timeout period for Director Mangement Console sessions to the
default timeout of 15 minutes.
(config) # show dmc timeout
Display the timeout period set for Director Mangement Console sessions.
124
(config) # exit
Synopsis
This command allows you to exit configuration mode and return to enable mode.
Syntax
(config) # exit
Example
director (config) # exit
director #
125
(config) # file
Manipulates files on this system. This command is also available in enable mode.
126
Syntax
(config) # folder folder_id subcommands
Subcommands
This section discusses the following topics:
Specifies the parent of this folder; in other words, makes this folder the child
of folder_id.
127
Preceding the command with the optional no parameter removes the parent
folder from this folder, meaning this folder becomes a top-level folder.
director (config folder folder_id) # profile profile_id
With no optional parameter, deletes the specified folder. The contents of the
folder, if any, remain in other folders or, if this was the only folder, move to the
Unassigned folder. Other options follow:
(config) # no folder folder_id comment
Deletes the specified job from the folder but does not delete the job itself.
(config) # no folder folder_id name
Deletes the specified overlay from the folder but does not delete the
overlay itself.
(config) # no folder folder_id parent
Removes parent folders from this folder, making this folder a top-level
folder.
(config) # no folder folder_id profile profile_id
Deletes the specified profile from the folder but does not delete the profile
itself.
(config) # no folder folder_id regex-list list_id
Deletes the specified regular expression lists from the folder but does not
delete the list itself.
(config) # no folder folder_id url-list list_id
Deletes the specified URL list from the folder but does not delete the list
itself.
128
Syntax
(config) # group group_id
Subcommands
(config group group_id) # [no] comment comment
Sets the comment associated with a group. This can be used to hold longer,
more detailed information than the friendly name. Unlike the friendly name,
the comment is shown only when information about this group is specifically
requested.
Preceding the command with the optional no parameter removes the
comment from this group.
(config group group_id) # create
Sets the friendly name associated with a group. If the group already had a
name, the old name is overwritten.
(config group group_id) # [no] parent parent_group_id
129
The input command loads the value of the substitution variable into Director.
Enter the entire contents of the variable value, ending with Control+D.
Preceding this command with the optional no parameter removes the
substitution variable from the group. The input parameter is not valid if the
command is preceded by no.
For more information about substitution variables, see the Blue Coat Director
Configuration and Management Guide.
Example
director (config) # group g1
director (config group g1) # device 10.25.36.47
130
(config) # help
Lists all top-level commands currently available. This command is also available
in Standard and Enable modes. See >help on page 20 for more information.
131
(config) # hostname
Synopsis
Sets this machines hostname.
Syntax
(config) # hostname hostname
Sets Directors host name. When you change the host name, the prompts of all
logged in clients are changed as soon as you press another key.
Important: Make sure your DNS servers can resolve the host name you enter
to Directors IP address.
Example
director (config) # hostname Director_2
director_2 (config) #
132
Syntax
(config) # interface interface_number
Subcommands
See one of the following sections:
Configuring an Interface
Configuring an Interface
This section discusses how to configure an interfaces duplex, IP address, and
speed settings; and how to disable an interface.
(config interface interface_number) # [no] duplex {half | full |
auto}
Set the duplex for this interface. Preceding the command with the optional no
parameter removes the duplex setting.
(config interface interface_number) # [no] ip address ip_address
netmask
Sets the IP address and netmask on this interface. Preceding the command
with the optional no parameter removes the IP address.
To set an interfaces default gateway and DNS servers, see (config) #ip on
page 135.
(config interface interface_number) # [no] ipv6address ip_address
netmask
Sets the IP v6 address and netmask on this interface. Preceding the command
with the optional no parameter removes the IP address.
To set an interfaces default gateway and DNS servers, see (config) #ip on
page 135.
(config interface interface_number) # [no] shutdown
Sets the speed for this interface. Note that if the speed command is set to
auto, duplex is also automatically set to auto. Preceding the command with
the optional no parameter restores the default auto setting.
133
Other Commands
(config interface interface_number) # exit
134
(config) # ip
Synopsis
Configures IP protocol settings, including default gateway, static routing, and
detailed IP protocol options.
Syntax
(config) # [no] ip {subcommands}
Subcommands
(config) # [no] ip access-list {list_name | extended list_name}
Adds a domain name that will be used to the DNS suffix list. This list is used
to complete unqualified host names. Do not include a leading period
character in domain_name.
The specified domain name is added to the bottom of the list. If the domain
you enter was already in the list, this command has no effect.
(config) # [no] ip host hostname ip_address
Adds a static mapping between a host name and an IP address. Note that
multiple IPs for a single hostname are possible.
(config) # [no] ip icmp rate-limit milliseconds
Limits the rate at which ICMP errors are generated to at most one every
millisecond. You can enter a range from 0 to 60000.
(config) # [no] ip name-server ip_address
Adds a DNS server to the list of DNS servers used to resolve names. The DNS
server specified is put at the bottom of the list. If it was already in the list, this
command has no effect. You can add both IPv4 and IPv6 DNS servers.
(config) # [no] ip route network_prefix netmask gateway_address
Adds an entry to the static routing table. For example, to add a static route for
IP addresses 192.0.0.0 through 192.0.0.254 to the static routing table of an
appliance whose IP address is 192.10.29.1, enter the following command:
(config) # ip route 192.0.0.0 /24 192.10.29.1
135
(config) # [no] ip tcp {path-mtu-discovery | selective-ack | syncookies | sync-rexmits value | timestamp | unsync-rexmits value
| window-size size}
Sets various TCP protocol parameters. Prefacing this command with the
optional no command sets the parameter back to its default.
The parameters are as follows:
path-mtu-discovery Enables TCP path-Maximum Transmission Unit
(MTU) discovery. For more information about path MTU discovery, see
RFC 1191.
selective-ack Enable the use of the selective-acknowledgement
(SACK) TCP option. This might increase WAN throughput when the peer
also uses this option. to be enabled. This option is enabled by default.
For more information, see RFC 2018.
syn-cookies Enable the SYN-cookie mechanism as a defense against
Example
director (config) # ip icmp rate-limit 5000
136
Syntax
(config) # job job_id
Note: The job ID can be a maximum of 250 characters in length and cannot include
the following characters: {, }, <, >, (, ), #, or $.
Subcommands
no on page 139
cancel
(config job job_id) # cancel
Sets the job type as configuration, content, or other and determines how the
job displays in the Jobs tab page of the Management Console. For example, if
you use the following command:
(config job MyJob) # commands-type content
137
When you log in to the Management Console and click the Jobs tab, the job
displays if you click either Content Jobs or All from the Show list in the Job
Library section.
comment
(config job job_id) comment comment
Specifies sender and recipient e-mail addresses for notifications for the job.
You can specify multiple recipients by entering the e-mail addresses as
comma-separated values. Because using this command overwrites any
previous entries, it might be more efficient to maintain the addresses in the
Director Management Console. Alternatively, you could keep a commaseparated list of addresses in a text file and copy and paste it into the CLI
when you need to add or remove recipients.
Note: Blue Coat recommends that you double-check the e-mail addresses before
entering them. The CLI does not validate your entries.
execute
(config job job_id) execute
Enter the commands to execute in the job. When you are finished, press
Control+D to save the job or Control+C to cancel without saving any
commands.
138
name
(config job job_id) name friendly_name
Sets the friendly name associated with this job. Although the friendly name
cannot be used in place of a Job ID when a Job ID is required in a command,
the friendly name identifies the job in the Management Console.
no
(config job job_id) no [subcommands]
Deletes either all reports for this job or deletes the job report with the
specified execution ID.
(config job job_id) no name
Resets the number of saved job reports to unlimited. In other words, this
command will never cause old job reports to be deleted.
(config job job_id) no time-of-day {absolute {start | stop} |
day {all | fri | mon | sat | sun | thu | tue | wed |
weekdays} | time {all | time_hh:mm[:ss]}
Sets the number of job reports to save for this job. To save an unlimited
number of reports, enter 0.
If Director produces a new report for this job and the total saved reports are
greater than this value, the oldest job report is deleted. Reports are deleted in
order of oldest to newest.
You cannot set the value to be less than the existing number of reports unless
you use the force option. If you use the force option and the value is set to
be less than the current number of saved reports, reports are deleted until
they total the new value.
time-of-day
(config job job_id) time-of-day {absolute {start | stop} date_yyyy/
mm/dd time_hh:mm[:ss] | day {all | fri | mon | sat | sun | thu |
tue | wed | weekdays} | time time_hh:mm[:ss]}
139
date-time-pairs means the job runs at the dates and times you specify.
Recurrence options are not available; in other words, the job runs only at
the dates and times you specify.
For more information about configuring date-time pairs, see (config job
job_id) date-time-pairs date_yyyy/mm/dd time_hh:mm[:ss] on page
138.
time-of-day means the job runs at the times and days of the week you
Example
director (config) # job j1
Director (config job j1) # type date-time-pairs
140
(config) # lcd
Synopsis
Sets the LCD panel PIN.
Syntax
(config) # lcd pin 4_digit_pin_number
Example
director (config) # lcd pin 2331
141
(config) # license
Synopsis
Allows you to import a license file in to the Blue Coat Director. A valid license is
required to manage the devices in your network.
Syntax
(config) # license {input | passphrase}
Subcommands
(config) # license input
The input parameter enables you to copy and paste the contents of your
license file. You will be prompted to enter the passphrase you entered when
generating the license file on the Blue Coat Licensing Portal. This passphrase
is required to decrypt the license file and complete the license installation.
Enter Control+D when finished.
(config) # license passphrase passphrase
Enter the passphrase you entered when generating the license file on the Blue
Coat Licensing Portal. If the passphrase includes spaces, enclose the
passphrase within quotation marks.
(config) # show license
Example
(config) # license input
Enter pass phrase here:XXXXXXXXXXXXXXXXXXXXXXXXXXXX
Enter your license file contents now.
Press Ctrl-D when finished, or Ctrl-C to abort.
uynffeu645837ty8utngnm 4yr943rnftv8anv9inv......
142
(config) # login-banner
Synopsis
Allows you to configure a login banner that displays when users access the
Director Management Console. Input login banner text in the English language
only; support for any other language has not been tested.
For configuring a banner for SSH or serial console access, see (config) #banner
on page 104
Syntax
(config) # [no] login-banner {acceptance-required | enable | fetchlogo | input | logo-url}
Subcommands
(config) # login-banner acceptance-required
Mandates that users must accept the login-banner prior to accessing the
Director Management Console. Users who decline the banner are not
permitted access to the Management Console.
(config) # login-banner enable
Enables the login banner. The text that you entered is displayd on login.
(config) # login-banner fetch-logo url
Allows you to enter an FTP server or an HTTP server URL from which the
Director can fetch a logo for the login banner. The image formats supported
are jpg, jpeg, gif, png, and bmp.
(config) # login-banner logo-url url
The input parameter enables you to enter banner text. Enter the banner text,
and press Control+D when finished.
(config) # show login-banner
Example
director (config) # login-banner fetch-logo ftp://10.125.38.21/
Common/companylogo.jpg
director (config) # login-banner logo-url ftp://10.125.38.21/
Common/companylogo.jpg
143
(config) # line-vty
Synopsis
Configures the number of lines visible on a terminal session. The default is 24.
This command is also available in Enable mode. See #line-vty on page 55 for
information.
144
(config) # logging
Synopsis
Configures audit and console logging.
Provided you specify an external server that uses the Secure Copy Protocol (SCP),
audit logs are transferred from Directors /var/logs/messages directory to the
/local/logs/scplogs directory using a cron job. Another cron job transfers logs
from /local/logs/scplogs to the external server, after which the /local/logs/
scplogs directory is cleared. You also have the option of transferring logs and
clearing the directory manually.
Details about audit logging follow:
Event logs, stored in the /var/log/messages file, are transferred every hour
to the /local/logs/scplogs/messages directory using a cron job.
A cron job runs every five minutes to transfer audit logs from subdirectories
of /local/logs/scplogs to an external server using the Secure Copy
Protocol (SCP), if a server is configured.
After the files are transferred, the logs are deleted; however, if no external
server is specified, no transfer takes place.
After the contents of the audit log directory reach 1GB in size, the overflow
policy is enacted. The overflow policy can be set to delete the oldest log files
first (the default), to disable commands that trigger audit logging, or to stop
creating new audit log files.
Syntax
(config) # logging subcommands
Subcommands
(config) # logging hostname_or_ip_address
Sends logging data to the specified external server. The server must support
the SCP protocol.
(config) # logging console {emerg | alert | crit | err | warning |
notice | notice_minor}
Sets the level at which messages are sent to console sessions. emerg results in
the fewest log message being sent to the console; notice_minor (the default)
results in the most log messages.
(config) # logging dump-contents {clear | overflow-policy {delete |
stop-logging | stop-processing} | url scp_server_url}
145
logging.
(config) # logging local {warning | notice | notice_minor}
Sets the level at which messages are sent to syslog servers. emerg results in
the fewest log message being sent to syslog servers; notice_minor results in
the most log messages. Trap messages for Director events are limited to
startup, shutdown, and standby events. Standby events are discussed in the
Blue Coat Director Configuration and Management Guide.
Example
director (config) # logging console warning
146
(config) # mail-config
Synopsis
Specify an outgoing Simple Mail Transport Protocol (SMTP) server to e-mail the
following types of information:
Health reports
Enables you to monitor CPU and memory usage of devices.
For more information about these reports, see the Blue Coat Director Configuration
and Management Guide.
Description
smtp_server_host-or-ip
port
147
Parameter
Description
auth
Note: Changes you make to the SMTP server configuration with this command do
not automatically display in the Management Console. To view the new parameters,
close and restart the Management Console as discussed in the Blue Coat Director
Configuration and Management Guide.
Related Command
To set up the report e-mails and specify the user name and password (if any) for
SMTP server authentication, see generate-report health on page 56 or
generate-report performance on page 57.
148
(config) # monitoring
Synopsis
Health monitoring commands that maintain the health status of all the devices
managed by Director. It also keeps a track of all the alerts sent by a device and
allows these alerts to managed by a Director administrator.
Additional parameters are available in enable mode as discussed in
#monitoring on page 56.
To view alert metrics you set up with these commands, see Chapter 10,
Monitoring Devices, in the Blue Coat Director Configuration and Management Guide.
Subcommands
director (config) # monitoring {{alerts {acknowledge {alert
alert_id | all | device device_id | group group_id | input
alert_ids}} | {add-comment alert alert_id comment comment} |
{delete {alert alert_id | all | device device_id | group
group_id | input alert_ids}} | {unacknowledge {alert alert_id |
all | device device_id | group group_id} | input alert_ids}} |
{diagnose {device-state subcommands | standby-state
subcommands}}
alerts
The alerts subcommand enables you to acknowledge alerts, add comments to
alerts, delete alerts, and unacknowledge alerts.
director (config) # monitoring alerts {acknowledge {alert alert_id
| all | device device_id | group group_id | input input}} | addcomment alert alert_id comment comment} | {delete {alert
alert_id | all | device device_id | group group_id} | input
input}} | {unacknowledge {alert alert_id | all | device
device_id | group group_id | input alert_ids}}}
director (config) # monitoring alerts acknowledge {alert
alert_id | all | device device_id | group group_id | input
alert_ids}
Sets the status of alerts to acknowledge for a single alert_id, all alerts, for a
particular device_id or for all devices in a group_id.
To acknowledge, unacknowledge, or delete several alerts at one time, use
the input command to specify the alert IDs. An example follows:
director (config) # monitoring alerts delete input
Enter your alert id now.Press Ctrl-D when finished, or CtrlC to abort.
director (config) # monitoring alerts add-comment alert alert_id
comment comment
149
Deletes a single alert_id, all alerts in the system, all alerts for a particular
device_id, or all alerts for all devices in a group_id.
Using the optional input parameter enables you to enter a list of IDs to
delete. When you are finished, press Control+D to delete the alerts or
Control+C to cancel without deleting any alerts.
director (config) # monitoring alerts unacknowledge {alert
alert_id | all | device device_id | group group_id}
Sets the status of alerts to unacknowledge for a single alert_id, all alerts,
for a particular device_id or for all devices in a group_id.
db reset
director (config) # monitoring db reset
Diagnostic command that sends a trap to SNMP trapsinks (that is, the host
names or IP addresses to which SNMP traps are sent). When this trap is sent,
the varbinds (that is, variable bindings) in the body of the trap have the
following fixed values that cannot be changed:
sgHostname = "0.0.0.0"
sgSerialNumber = "0000000000"
sgDeviceId = "test-SG-id"
sgDeviceName = "test-SG-name"
These commands apply to the state of Director jobs. For example, when a
job finishes, the job-state-finished trap sends a notification message.
150
director (config) # monitoring diagnose standby-state {forcedactive | forced-primary | forced-secondary | forcedstandalone | partner-invalid | partner-lost | partnerregained | partner-valid | primary-inactive | secondaryreserve | sync-failed | sync-regained}
151
(config) # no
Synopsis
Negates certain configuration options.
Syntax
(config) # no [subcommands]
Subcommands
This section discusses the following subcommands:
ip on page 156
152
access-list
For a complete discussion of access-list commands, including no commands,
see (config) #access-list access_list_name on page 97.
arp
(config) # no arp {ip_address | timeout}
Removes a permanent entry from the ARP cache or resets the ARP-cache
timeout.
cli
(config) # no cli subcommands
(config) # no cli capture
Specifies not to print error codes along with each error message.
(config) # no cli prompt-override
Disables Raw Input mode (help, completion, and command line editing
would be reenabled).
(config) # no cli timeout
Resets the command line timeout to the default. For more information
about the command line timeout, see (config) #cli on page 107.
clock
(config) # no clock timezone
Deletes the specified regular expression list. The optional comment and
name subcommands delete only the optional comment from the regular
expression list or the lists friendly name.
(config) # no url-list list_id [comment | name]
153
Deletes the specified URL list. The optional comment and name
subcommands delete only the optional comment from the URL list or the
lists friendly name.
device
(config) # no device device_id [address | auth {rsa {key sshv2 |
knownhost key sshv2 | username} | simple {username | password} |
authtype | comment | enable-password | name | protocol sshv2
port | serial-console-password | serial-number | substitutionvariable name1 name2 ... namen | web-config port]
Removes the IP address or host name from the specified device record.
(config) # no device device_id auth {rsa {key sshv2 | knownhost
key sshv2 | username} | simple {username | password}}
deletes public keys from the device record. This command can be used
only with devices that use the SSH-RSA protocol to authenticate with
Director.
(config) # no device device_id auth simple username deletes the
user name for the record of a device that uses simple authentication with
Director.
(config) # no device device_id authtype
Sets the port used for SSH v2 communication with the device to its
default, port 22.
(config) # no device device_id serial-console-password
154
Removes the serial console password from the device record. To set the
serial console password to a different value, use the following command
discussed in (config) #device device_id on page 115:
(config device device_id) # serial-console-password password
(config) # no device device_id serial-number
Removes the hardware serial console password from the device record.
Because a hardware serial number is required to register and manage a
device, you must supply a new serial number as discussed in (config)
#device device_id on page 115.
(config) # no device device_id substitution-variable name1 name2
... namen
Removes from the device record the port used to access the devices
Management Console. Because a port is required to register and manage
a device, you must enter a new port as using the following command as
discussed in (config) #device device_id on page 115:
(config device device_id) # web-config port port_number
enable
(config) # no enable password
155
Negates certain parameters for the date-time-pairs job type for the
specified job.
(config) # no job job_id [disable]
156
Either deletes all reports for the specified job or deletes a job report with
the specified execution ID for the specified job.
(config) # no job job_id [name]
The absolute command removes start and end dates/times for the job
specified, the day command removes a day on which the specified job
executes, and the time command removes a time on which the specified
job executes.
lcd pin
(config) # no lcd pin
Resets the PIN for accessing the LCD panel to its default.
logging
(config) # no logging
(config) # no logging hostname_or_ip_address
Removes a syslog daemon server from the list of servers to which log
messages are sent.
(config) # no logging console
Removes the NTP peer specified, specifies not to prefer the NTP peer
specified over others (the prefer option), or resets the expected NTP
version for the NTP peer specified to the default (the version option).
(config) # no ntp server hostname_or_ip_address [prefer |
version]
157
Removes the NTP server specified, specifies not to prefer the NTP server
specified over others (the prefer option), or resets the expected NTP
version for the NTP server specified to the default (the version option).
radius-server
(config) # no radius-server
(config) # no radius-server host hostname_or_ip_address [acctport | auth-port | key | request-stype | response-stype |
retransmit | timeout]
You can delete the specified backup, remove the backups comment (the
comment option), remove the backups friendly name (the name option),
or enable the backup to be automatically rotated out (the pin option).
(config) # no remote-config help device
Deletes the BlueTouch Online user name and password, if any, entered
when you upgraded a device license. (BlueTouch Online was previously
referred to as WebPower.)
(config) # no remote-config overlay overlay_id [command
sequence_number | comment | name]
You can remove the specified overlay, remove the specified command
from the specified overlay (the command option), remove the comment
string from the specified overlay (the comment option), or remove the
friendly name from the specified overlay (the name option).
158
You can remove the specified profile, remove the specified command
from the specified profile (the command option), remove the comment
string from the specified profile (the comment option), or remove the
friendly name from the specified profile (the name option).
require-config-lock enable
(config) # no require-config-lock enable
Disables the SNMP server, or, if you enter one of the command options,
either disables receiving of SNMP authorization traps or disables sending
of SNMP informs or traps on this node. SNMP traps are limited to
Director startup and shutdown events.
(config) # no snmp-server host hostname
Resets the default community name used to send SNMP informs to hosts
without a community string override to its default (public).
(config) # no snmp-server location
Reset the default community name to use for sending traps to its default.
159
Reset the default version to use for sending traps to its default.
ssh
(config) # no ssh
(config) # no ssh client user username authorized-key rsakey
{all | sshv1 key_length exponent key | sshv2 key}
Removes either all known host public keys for the specified user account
or removes an SSHv1 or 2 authorized key for this user account.
(config) # no ssh client user username known-host
hostname_or_ip_address
RSA.
allowrsa Disallows users from authenticating using RSA.
permitemptypassword
Disables either the SSHv1 server or the SSHv2 server on this machine.
(config) # no ssh server hostkey rsakey {sshv1 | sshv2}
Either removes this host from the list of TACACS servers or, if you specify
an option, does one of the following for the specified host: the key
command removes the key override, the port command resets the port to
the default, the single-connection command disables Single
Connection mode, and the timeout command removes the timeout
override.
160
Specifies not to require a password for the specified user to log in.
(config) # no username username [privilege]
Resets the specified users privilege level to the default (15), which is the
maximum value.
Example
director (config) # no ssh server auth allowpassword
161
(config) # ntp
Synopsis
Enables and disables the ntpd (NTP daemon) and Network Time Protocol (NTP)
settings.
Syntax
(config) # [no] ntp enable
Either adds an NTP peer or changes the settings for the specified NTP peer.
(config) # ntp server [prefer | version version_number]
Either adds an NTP server or changes the settings for the specified NTP
server.
Example
director (config) # ntp enable
162
(config) # ntpdate
Synopsis
Sets the system clock from a remote NTP server.
Syntax
(config) # ntpdate ip_address_or_hostname
ntpdate synchronizes the clock with an NTP server one time whereas
ntp starts and stops the ntpd service, and the ntpd keeps Directors clock
in synchronization constantly.
ntp has an algorithm that calculates and fixes the drift in your server's
clock, whereas ntpdate does not keep any state to perform this service
If Directors clock is inaccurate by several hours, and you are using ntp,
you should restart Director. On restart, ntp uses ntpdate to reset the
system clock.
Important: Do not use ntpdate if the ntpd is running. Doing so can result in
unpredictable performance. Instead, use the reload command to restart Director as
discussed in (config) #reload on page 174.
For more information, see one of the following articles. Note that the Director
ntp and ntpdate commands do not support optional command-line switches
discussed in these articles. Directors commands support only the parameters
discussed in this book.
Because the system time is not stored in the configuration file, this command
does not wait for a write memory command to be committed to persistent
storage.
Example
director (config) # ntpdate 10.25.36.47
163
(config) # ping
Synopsis
Sends ICMP echo request packets. This command is also available in Standard
and Configuration modes. See >ping on page 22 for more information.
164
(config) # push-policy
Synopsis
See #push-policy on page 61.
165
(config) # ldap-server
Synopsis
Configures your LDAP server settings.
Director enables you to use the following authentication schemes for user access
to Director:
Syntax
(config) # ldap-server {{admin-mail email_address} | anonymous
{enable |disable} | bind-password bind_password | bind-username
bind_username | ca-certificate input certificate_details |
default-admin-privilege {enable | disable} | distinguished-name
Base_DN | primary-server hostname port port_number | alternateserver hostname port port_number | referrals {enable | disable}
| ssl {enable | disable} | test-ldap | timeout nnh nnm nns |
username username userprincipalname userprincipalname | version
{2 | 3}}
(config) # no ldap-server {admin-mail | bind-password | bindusername | ca-certificate | distinguished-name | primary-server
{port} | alternate-server {port} | timeout nnh nnm nns |
username username userprincipalname userprincipalname}
Subcommands
See one of the following sections for more information:
166
admin-mail
(config) # ldap-server admin-mail email-address
Sets the email address for contacting the administrator when a new LDAP
user logs in to the appliance.
anonymous
(config) # ldap-server anonymous {enable |disable}
Sets the password that allows you to bind to the LDAP server for
authenticating users.
bind-username
(config) # ldap-server bind-username bind_username
Sets the username that allows you to bind to the LDAP server for
authenticating users. Specify the domain for the bind user account. For
example: Domain\Administrator
This user should have permissions to start querying for users starting
at the Base DN and then through each node in the subsequent
hierarchy that you have set up on your directory server.
ca-certificate
(config) # ldap-server ca-certificate input certificate_details
Ctrl D when done
Allows you to import the SSL certificate required to set up secure LDAP. To
enable trust between the LDAP server and the Director, you must import the
trusted root certificate signed by the issuing Certificate Authority in to the
Director.
default admin-privilege
director (config) # ldap-server default-admin-privilege {enable |
disable}
167
Sets the default access privilege for all new LDAP users to privilege 15 access
on the Director.
distinguished-name
director (config) # ldap-server distinguished-name Base DN
Sets the Distinguished Name (DN) that uniquely identifies each entry on a
global level. The Base DN is a concatenation of the directory tree structure; it
defines the tree in the LDAP directory that contains the users you wish to
authenticate, and it serves as the starting point for the search.
primary-server
director (config) # ldap-server primary-server ip_address or
hostname port port number
Sets the IP address and port, or hostname for the primary LDAP server. For
simple LDAP the default port is 389; For secure LDAP the default port is 636.
Note: For secure LDAP, you must specify the hostname. Use the common
name (CN) defined in your CA certificate as the hostname for your AD
server. If you do not enter the same hostname, authentication will fail
because the Director will be unable to connect with the server.
alternate-server
director (config) # ldap-server alternate-server ip_address or
hostname port port number
Sets the IP address and port, or hostname for the alternate LDAP server.
referrals
director (config) # ldap-server referrals {enable | disable}
168
Allows you to add the specified username to the Blue Coat Director. The
userprincipalname is a user attribute that is specified in the Active Directory
server; this attribute uniquely identifies a user across multiple domains and
in AD it is typically the name of a user in an e-mail address format.
By default, when attempts to log in to the Director, an account with the
username is created. You must enable the account to allow access to the user.
To enable a user acccount:
director (config) # ldap-server username username
userprincipalname userprincipalname enable
version
director (config) # ldap-server version {2 | 3}
Defines the LDAP version to use for communicating with the LDAP server.
test-ldap
director (config) # test-ldap-configuration username username
password password
Verifies that the Blue Coat Director can connect to the configured primary
and alternate AD server's IP address and port. This test includes these
things, if configured.
Verifies that the Blue Coat Director is able to authenticate the user against
the AD server. This check validates that the Blue Coat Director can
complete either of the following:
Use the bind credentials defined in your settings to query the Base
DN.
169
Alternate Server: Ok
Authentication:
User authentication: Failed
Reason: the AD server could not authenticate the user because the
password is incorrect.
170
(config) # radius-server
Synopsis
Configures RADIUS server settings.
Director enables you to use the following authentication schemes for user access
to Director:
Syntax
(config) # radius-server {{host hostname_or_ip_address} | key
shared_key}} [[auth-port port_number | acct-port port_number |
request-stype type | response-stype type | retransmit
number_of_tries | timeout time_duration]]
Subcommands
See one of the following sections for more information:
host
(config) # radius-server host hostname_or_ip_address key shared_key
Adds the specified host to the list of RADIUS hosts using required
subcommands only. When you specify a RADIUS server, you must also
specify a shared keyeither explicitly with the key subcommand or by
specifying a default key as shown in the following subcommand.
171
key
(config) # radius-server key shared_key
Specifies a default shared key to be used if you add a RADIUS server without
the key subcommand.
acct-port
(config) # radius-server host hostname_or_ip_address key shared_key
[acct-port port_number]
Sets the port number to use for accounting requests to the specified RADIUS
host
auth-port
(config) # radius-server host hostname_or_ip_address key shared_key
[auth-port port_number]
Sets the port number to use for authorization requests to the specified
RADIUS host.
request-stype
(config) # radius-server host hostname_or_ip_address key shared_key
[request-stype request_stype_1-11]
Sets the number of times the node will retry this RADIUS host before giving
up. To disable retransmission for this host, set it to 0 (zero).
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the retransmit
subcommand.
timeout
(config) # radius-server host hostname_or_ip_address key shared_key
[timeout #h #m #s]
172
Sets the timeout on communication with all RADIUS hosts in the form nh nm
ns, where n is a number and h, m, and s set the hour, minute and second. You
can enter one, two, or all three time parameters. Can be overridden on a perhost basis.
If you specify this subcommand without specifying a RADIUS server, it is
used as a default value if you add a RADIUS server without the timeout
subcommand.
173
(config) # reload
Synopsis
Reboots or shuts down this machine. This command is also available in enable
mode. See #reload on page 62 for more information.
174
(config) # remote-config
Synopsis
This command allows you to configure and manage remote devices.
Syntax
(config) # remote-config subcommands
Subcommands
This section discusses the following subcommands:
associate-overlay
(config) # remote-config associate-overlay <overlay_id> <type
device | group> <device_id | group_id>
175
Takes a snapshot of the configuration for all devices. If necessary, removes the
oldest backup to make room for this newest one.
(config remote-config backup) # [no] device device_id [backup_id
{comment backup_comment | name backup_name | pin}]
Takes a snapshot of the configuration for tall devices with the specified
appliance model. To display a list of valid models, enter model ?. If necessary,
the command removes the oldest backup to make room for this newest one.
(config remote-config backup) # no un-pinned
176
Takes a snapshot of the configuration for tall devices with the specified SGOS
version. To display a list of valid versions, enter os-version ?. If necessary,
the command removes the oldest backup to make room for this newest one.
clear-byte-cache
(config) # remote-config clear-byte-cache {all | device device_id |
group | group_id | model model | os-version sgos_version}
context format uses an identification line for each file, containing the
filename and modification date.
unified (default) uses plus and minus signs to indicate differences: each line
that occurs only in the left file is preceded by a minus sign, each line that
occurs only in the right file is preceded by a plus sign, and common lines are
preceded by a space.
177
execute
This command is discussed in #remote-config on page 63.
help device
(config) # remote-config help device device_id
Sets the specified device to be the designated device for command completion
help. When the user needs help while constructing an SGOS command, the
Director will communicate with this device to retrieve command help and to
complete help commands.
If this value is not set, a message displays if you attempt to access device help.
license-key
This command is discussed in #remote-config on page 63.
overlay
(config) # remote-config overlay overlay_id [comment | copy
new_overlay_id | create | execute subcommands | input | name
name | policy_type {enable | disable} | reference {device
device_id | url url} | policy_type {enable | disable} | refresh
[device device_id | url url]]
Executes the overlay on the device with the specified address. The
errors-only option specifies to display only errors. These errors could
be Director errors or errors the device generates executing the commands.
Device-generated errors display the % (percent) character on the
beginning of a line of device output.
(config remote-config overlay overlay_id) # execute all [errorsonly]
Executes the overlay on all groups and devices. The errors-only option
specifies to display only errors. These errors could be Director errors or
errors the device generates executing the commands. Device-generated
errors display the % (percent) character on the beginning of a line of
device output.
(config remote-config overlay overlay_id) # execute device
device_id
178
This command loads an overlay into the Director. Enter the entire contents of
the overlay, ending with Control+D. The commands you enter replace the
entire overlay.
Be careful when using the input command that you do not include any
device-specific commands that could destabilize the Director's connection to
the device, such as setting the device's IP address.
(config remote-config overlay overlay_id) # name name
Sets the friendly name associated with an overlay. If the overlay already had a
name, the old one is overwritten.
(config remote-config overlay overlay_id) # no {comment | name |
reference}
Removes from the overlay its comment, friendly name, or reference device.
(config remote-config overlay overlay_id) # policy_type {enable |
disable}
179
This command determines the reference device or URL for the overlay. The
reference is used to get refreshables and, if you specify a reference device, to
start the Management Console viewer to add configurable settings for the
overlay.
(config remote-config overlay overlay_id) # reference device
device_id
Sets the reference device to device_id. Refreshables are fetched from this
device ID and the devices Management Console viewer can be used to
get configurable settings.
(config remote-config overlay overlay_id) # reference url url_id
Sets the reference to a URL. Refreshables for the overlay are stored in a
text file at this URL.
(config remote-config overlay overlay_id) # refresh [device
device_id | url url]
(config remote-config overlay overlay_id) # refresh
180
The errors-only option specifies to display only errors. These errors could
be Director errors or errors the device generates executing the commands.
Device-generated errors display the % (percent) character on the beginning of
a line of device output.
(config remote-config profile profile_id) # exit
This command loads a profile into Director. Enter the entire contents of the
profile, ending with Control+D. The commands you enter replace the entire
profile.
Be careful when using the input command that you do not include any
device-specific commands that could destabilize Director's connection to the
device, such as setting the device's IP address.
(config remote-config profile profile_id) # name name
Removes from the profile its comment, friendly name, or reference device.
(config remote-config profile profile_id) # reference
(config remote-config profile profile_id) # reference device
device_id
This command determines the reference device or URL for the profile. The
reference is used to get profile data. If you specify a URL, profile data is stored
in a text file at this URL.
(config remote-config profile profile_id) # refresh
Fetches the profile data from a URL, where url is in one of the formats
discussed in URL Syntax on page 12.
reboot
(config) # remote-config reboot [addr-device ip_or_hostname | all |
device device_id | group group_id | model model | os-version
sgos_version]
181
Reboots all devices of the specified model or that run the specified
version of SGOS.
reconnect
(config) # remote-config reconnect {addr-device ip_or_hostname |
all | device device_id | group group_id | model model | osversion sgos_version}
Reconnects to all devices of the specified model or that run the specified
version of SGOS.
validate-system version
(config) # remote-config validate-system version version {addrdevice ip_address_or_hostname | all | device device_id | group
group_id model model | os-version sgos_version}
Example
director (config) # remote-config backup restore device 10.25.36.47
bu2director
182
183
184
Syntax
director (config) # restore-db userdb backup_name
185
(config) # role
Synopsis
Creates a user group for use with content filtering policy. This command is
available to the sadmin user only. Users associated with this group can apply
content filtering policy to devices or custom groups also associated with the user
groups.
For more information about content filtering policy commands, see Content
Filtering Policy and Role-Based Access on page 7.
Syntax
director (config) # role delegated-admin user-group user_group_name
Creates the specified user group. The user group name can be a maximum of 45
alphanumeric characters in length.
Related Commands
User Groups
Overlays
186
The all option can be used to apply the settings for all the users in the user
group.
Categories
To associate a set of categories to the delegated user from the master category
list,
director (config) # role delegated-admin user-group
user_group_name {all | user user_name } categories input
The all option can be used to apply the settings for all the users in the user
group.
187
(config) # role-substitution-variable
Synopsis
Enables you to define substitution variables and values for use with content
filtering policy for selected devices. This command is used with content filtering
policy.
If the target is a device or group, only a delegated user can run the command. If
non-delegated users try to execute these commands error occur.
If the target is a user-group, this command is available available for the delegated
and non-delegated users. When executed, substitution variables are created with
the prefix of user-group.
These substitution variables are common to all users that belong to a particular
user group. Any user belonging to the same user group can create, edit, view, and
delete those substitution variables.
Creates a substitution variable named variable_name for the specified device ID.
Use the input subcommand to specify a value for the substitution variable.
Prefacing the command with the optional no parameter removes the specified
substitution variable.
If a delegated user runs the command, variable_name is prefixed with the name of
the users user group.
If admin, sadmin, or another privilege 15 user runs the command and the target
type is user-group, the group is not added to the start of the substitution variable
name because these users do not belong to delegated user groups. The
substitution variable is created with the user-group-name as a prefix.
If admin, sadmin, or another privilege 15 user runs the command and the target
type is device or group, the command will not execute. See (config) #device
device_id on page 115 or (config) #group group_id on page 129 instead.
For example,
director (config) # role-substitution-variable
HR_policy_url_blocklist device QA142 input
For non-delegated admin normal substitution variable will be
created.
Enter your value now.
Press Ctrl-D when finished, or Ctrl-C to abort.
www.example.com^D
Related Commands
188
189
(config) # show
Synopsis
Displays running system information. This command is also available in enable
mode. See #show on page 69 for information.
All subcommands of the show command are discussed in #show on page 69
except show ssl, which is discussed in the following section.
Subcommands
director (config) # show categories-list
For admin and super-admin users this displays all the categories from the
master category list. For the delegated users it displays the categories
associated with them. If the categories are not associated to particular
delegated user, and the categories are associated to all the users in the
usergroup, those categories are displayed.
add -- certificate-signing-request
director (config) # show devices <device_id> associated-overlays
Display the timeout period set for Director Mangement Console sessions.
usergroup, those categories are displayed.
director (config) # show groups <group_id> associated-overlays
Displays the list settings for the logged in user. If the list settings are not set
for the user, the list settings are inherited from the user-group the delegated
user belongs to.
director (config) # show role delegated-admin user-groups policyfile-association
Displays the categories assigned to the users. The all option displays the
categories of the user group level. If categories are not set for the user, the
categories are inherited from the user-group the delegated user belongs to.
190
Displays the request for the Directors appliance certificate or creates one
if it did not already exist.
add -- ssl-certificate
191
(config) # slogin
Synopsis
Opens an SSH connection to a remote host. When you are finished, type the
command exit to return to the Director command line. This command is also
available in standard and enable modes. See >slogin on page 26 for
information.
Important: When the slogin command is run from configuration mode, it
will release the configuration lock so that you do not lock out other users during
the slogin session.
192
(config) # snmp-server
Synopsis
Configures Simple Network Management Protocol (SNMP) server options. For
general information about SNMP, see RFC 2578, RFC 3411, RFC 1901, and RFC
1157.
Syntax
(config) # snmp-server {community community_name} | contact
contact_string | enable [authtraps | inform | traps] | host
hostname {inform community_string | version version
community_string} | location location_string | traps {defaultcommunity | default-version | device-state | job-state |
standby-state }
Subcommands
(config) # snmp-server community community_name
Sets the SNMP server community name on this node. By default, Director has
no SNMP community name. The community name must be an alphanumeric
string of up to 16 characters in length; special characters like underscore (_),
asterisk (*), pound (#), and so on are not supported.
(config) # snmp-server contact contact_string
Enables sending of SNMP traps on this node. SNMP traps are limited to
Director startup and shutdown events.
(config) # snmp-server host hostname inform community_string
Adds a host from the list of hosts to which to send SNMP informs.
(config) # snmp-server host hostname traps {community_string |
version version_1_or_2c community_string}
Adds a host from the list of hosts to which to send SNMP traps. If a version
number is specified, the version number overrides the default settings of the
traps version (which is 2c).
(config) # snmp-server inform default-community community_name
Changes the community used to send SNMP informs to hosts that do not
have a community string override.
193
Example
director (config) # snmp-server enable inform
194
(config) # ssh
Synopsis
Manipulates Secure Shell (SSH) settings that you use to log in to a remote host
from Director (ssh client) or that you use to log in to Director remotely using an
SSH application (ssh server).
Syntax
(config) # ssh {client subcommands | server subcommands}
Subcommands
The ssh command has the following subcommands:
ssh client
Sets options to be used when you log in to a remote host from Director using the
slogin command as discussed in >slogin on page 26.
(config) # ssh client user username {authorized-key rsakey {sshv1
key_length exponent key [comment] | sshv2 key} | knownhost
hostname_or_ip_address rsakey key_length exponent key}
(config) # ssh client user username authorized-key rsakey {sshv1
key_length exponent key [comment] | sshv2 key
Adds to the list of RSA public keys that can be used to log in to the
specified user's account.
Note: You cannot assign an RSA key to a disabled user account.
(config) # ssh client user username knownhost
hostname_or_ip_address rsakey key_length exponent key
Specifies a known host with its public key for the specified user account.
ssh server
Sets options to be used when you log in to Director using an SSH application.
(config) # ssh server auth {allowpassword | allowrsa |
permitemptypassword}
allowpassword enables users to log in to a remote host using a password.
allowrsa enables users to log in to a remote host using RSA encryption.
permitemptypassword (default setting) allows Director to send empty
allows you to change the default behavior and disallow an empty password.
For a local user account, when you disallow an empty password, users will be
required to create a password for authenticating access to the Director.
195
For RADIUS you cannot configure Director to send empty passwords. The
default option is no ssh server auth permitemptypassword; It cannot be
modified.
Note: These commands are persistent across Director reboots.
(config) # ssh server enable {sshv1 | sshv2}
Regenerates either the SSHv1 or SSHv2 RSA host key. If the key size of the
SSHv1 host key is not specified, the default of 1024 bits is used.
(config) # ssh server knownhost hostname_or_ip_address rsakey
key_length exponent key
Example
director (config) # ssh server hostkey rsakey generate sshv2
196
(config) # ssl
Synopsis
Manipulates Secure Sockets Layer (SSL) settings.
Syntax
(config) # ssl {disable | enable | legacy-renegotiation-enable |
legacy-renegotiation-disable | registration-password password}
Subcommands
(config) # ssl disable
Enables SSL renegotiation with SSL clients. Use this command, if you would
like to allow backward compatibility for older Web browsers.
Use caution when enabling SSL renegotiation with legacy clients, because the
Director permits a less secure option that may expose your network to
security vulnerabilities.
(config) # ssl legacy-renegotiation-disable
This is the default setting. This option forces the Director to renegotiate the
session credentials only with an SSL client, such as a Web browser, that
adheres to the security requirements of the SSL handshake. It disallows SSL
renegotiation with legacy SSL clients that do not comply with the security
requirements of the SSL handshake.
(config) # ssl load-private-key
(Introduced in SGME 6.1.12.1) Load the private key. You must have generated
the key using the (config) # ssl genscr command.
197
Sets the registration password for ProxySG authentication for models that do
not support appliance certificates. To determine if your appliance supports
appliance certificates, use one of the following commands. Each command
returns the device certificate if it exists:
Command that returns an error if the device does not have an appliance
certificate:
You must press Control+D after the command to send it to the device. For
more information, see execute on page 178.
(config) # ssl delete {all-certificates | public-certificate}
(Introduced in SGME 6.1.12.1) Delete the installed private key, the public
certificate, and CSR certificates; or delete only the public certificate.
Example
director (config) # ssl registration-password ?
******
director (config) # ssl registration-password test
director (config) #
198
(config) # standby
Synopsis
Configures the Directors standby configuration. The Director standby feature is
designed to minimize Director service disruptions caused by network outage,
disaster, or Director failure. When standby is deployed, the Director configuration
is mirrored to a second Director whose only function is to take over for the first
Director if a failure occurs. For information, see >standby on page 27.
199
(config) # tacacs-server
Synopsis
Configures Terminal Access Controller Access-Control System (TACACS) servers.
Director enables you to use the following authentication schemes for user access
to Director:
For more information about using multiple authentication schemes, see (config)
#aaa authentication login default on page 94.
Syntax
(config) # tacacs-server {{host hostname {key keyname | port port
single-connection | timeout time_length} | key password |
timeout numh numm nums}
Subcommands
(config) # tacacs-server host hostname
Sets the authentication and encryption key used for communications with
this TACACS server.
(config) # tacacs-server host hostname port port_number
Sets the default port number to use for TACACS+ requests to the
specified host.
(config) # tacacs-server host hostname single-connection
Sets the timeout for communication with this TACACS server. Format the
time as the number of hours, followed by the number of minutes,
followed by the number of seconds.
For example, the following command sets the timeout at four hours and
one minute:
200
Sets the authentication and encryption key used for communications with
this TACACS server.
(config) # tacacs-server timeout numh numm nums
Sets the timeout on communication with this TACACS server. Format the
time as the number of hours, followed by the number of minutes, followed by
the number of seconds.
For example, the following command sets the timeout at four hours and one
minute:
(config) # tacacs-server timeout 4h 1m 0s
Example
director (config) # tacacs-server timeout 2h 30m
201
(config) # tcpdump
Synopsis
This command is also available in standard and enable modes. For information,
see >tcpdump on page 29.
202
(config) # telnet-management
Synopsis
Configures a Telnet server to be used to communicate with Director.
Note: Because Telnet is not secure, Director recommends you not enable the Telnet
server. Instead, always connect to Director securely using SSH-RSA as discussed in the
Blue Coat Director Configuration and Management Guide.
Syntax
(config) # telnet-management args args
Example
director (config) # telnet-management enable
203
(config) # traceroute
Synopsis
Determines the route packets take to a destination. This command is also
available in standard and enable modes. For information, see >traceroute on
page 30.
204
(config) # upgrade-package
Synopsis
Enables you to upgrade to or to roll back from a Director upgrade image.
Syntax
director (config) # upgrade-package {delete filename | fetch
remote_url | install filename | rollback | verify filename}
Note: To display the filename list, use the show upgrade-package command.
Director 510 enables you to install, delete, verify, or roll back to one filename at
a time. For example, if you initially installed SGME 4.2.2.1, upgrade to SGME
5.2.2.1 and later upgrade to SGME 5.3.1.2, you can roll back to or delete the
SGME 5.2.2.1 image only.
Each upgrade-package subcommand is discussed as follows:
director (config) #
Validates and fetches the upgrade image from an external server using a
remote_url formatted as follows:
Installs the upgrade package you previously fetched using upgradepackage fetch. When the upgrade package is installed, the previous
SGME image is repackaged and made available for rollback.
director (config) #
205
206
(config) # username
Synopsis
Manages local user and delegated user accounts.
Every command beginning with username creates a user account with that name
if one did not already exist. In addition, the actions specific to the command
entered are performed. Note that all of these commands pertain only to local user
accounts.
Director enables you to use the following authentication schemes for user access
to Director:
Syntax
(config) # username subcommands
sadmin: The administrator for content filtering policy. sadmin has certain
privileges that admin and other privilege 15 users do not have. For details, see
admin: The default administrator account with privilege level 15. The admin
account cannot be disabled.
monitor: The default user monitor account with privilege level 15.
Subcommands
(config) # [no] username username
Creates a user with the specified user name. Until a password is set for this
account, it is disabled.
Preceding the command with the optional no parameter removes the user
from Director. If the user is authenticated using RADIUS, the command does
not prevent the RADIUS user from logging in to Director.
See one of the following sections for more information:
207
auth-type radius
(config) # [no] username username auth-type radius
Disables the account so the user cannot log in using local authentication.
You cannot disable admin or sadmin.
password | nopassword
(config) # username username nopassword
Specifies that no password is required for this user to log in (and the user
can log in without being prompted for a password).
(config) # username username password {cleartext_password | 0
cleartext_password | 7 encrypted_password}
208
privilege
(config) # username username privilege {1 | 7 | 15}
Sets the users maximum privilege level. All users log in at level 1. If the
maximum privilege level is 1, the enable command is not allowed and
results in an error.
If the maximum privilege level is 7, the enable command will succeed,
but the configure command is not allowed, and results in an error.
If a user's privilege level is changed while they are logged in, it takes
effect immediately. If it is lowered, the system will force the user out of
modes they are no longer allowed to be in; if it is raised, the user can
immediately access the newly available modes.
Be aware that any user with privilege 15 can make any change to the
system, including changing other users' accounts.
role
(config) # [no] username username {role {role_name | delegatedadmin} user-group user_group_name}
209
210
211
no
ping
push-policy
reload
require-config-lock
role-substitution-variable
show
ssl
tcpdump
traceroute
write
212
Blue Coat Systems, Inc. utilizes third party software from various sources. Portions of this software are copyrighted by their
respective owners as indicated in the copyright notices below.
The following lists the copyright notices for:
Jpam 0.5
-------------Apache Software License 2.0
General information:
Copyright 2007 The Apache Software Foundation
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
Definitions.
"'License' shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through
9 of this document.
"'Licensor' shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"'Legal Entity' shall mean the union of the acting entity and all other entities that control, are controlled by, or are under
common control with that entity. For the purposes of this definition, 'control' means (i) the power, direct or indirect, to
cause the direction or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent
(50%) or more of the outstanding shares, or (iii) beneficial ownership of such entity.
"'You' (or 'Your') shall mean an individual or Legal Entity exercising permissions granted by this License.
"'Source' form shall mean the preferred form for making modifications, including but not limited to software source
code, documentation source, and configuration files.
"'Object' form shall mean any form resulting from mechanical transformation or translation of a Source form, including
but not limited to compiled object code, generated documentation, and conversions to other media types.
"'Work' shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by a copyright notice that is included in or attached to the work (an example is provided in the Appendix below).
"'Derivative Works' shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work
and for which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original
work of authorship. For the purposes of this License, Derivative Works shall not include works that remain separable
from, or merely link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"'Contribution' shall mean any work of authorship, including the original version of the Work and any modifications or
additions to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work
by the copyright owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For
the purposes of this definition, 'submitted' means any form of electronic, verbal, or written communication sent to the
Licensor or its representatives, including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems that are managed by, or on behalf of, the Licensor for the purpose of discussing
and improving the Work, but excluding communication that is conspicuously marked or otherwise designated in writing by the copyright owner as 'Not a Contribution.'
"'Contributor' shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by Licensor and subsequently incorporated within the Work.
Grant of Copyright License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object form.
Grant of Patent License.
Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual, worldwide, nonexclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have made, use,
offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any
entity (including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work constitutes direct or contributory patent infringement, then any patent licenses granted to You under this
License for that Work shall terminate as of the date such litigation is filed.
Redistribution.
You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or without
modifications, and in Source or Object form, provided that You meet the following conditions:
1.You must give any other recipients of the Work or Derivative Works a copy of this License; and
2.You must cause any modified files to carry prominent notices stating that You changed the files; and
3.You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of the Derivative Works; and
4.If the Work includes a 'NOTICE' text file as part of its distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do
not pertain to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or documentation, if provided along with the Derivative
Works; or, within a display generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do not modify the License. You may add
Your own attribution notices within Derivative Works that You distribute, alongside or as an addendum to the NOTICE
213
text from the Work, provided that such additional attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms
and conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole,
provided Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
Submission of Contributions.
Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or conditions. Notwithstanding
the above, nothing herein shall supersede or modify the terms of any separate license agreement you may have executed
with Licensor regarding such Contributions.
Trademarks.
This License does not grant permission to use the trade names, trademarks, service marks, or product names of the Licensor,
except as required for reasonable and customary use in describing the origin of the Work and reproducing the content of
the NOTICE file.
Disclaimer of Warranty.
Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each Contributor provides its
Contributions) on an 'AS IS' BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT, MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the appropriateness of using
or redistributing the Work and assume any risks associated with Your exercise of permissions under this License.
Limitation of Liability.
In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise, unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be liable to You for
damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as a result of
this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill, work
stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
Accepting Warranty or Additional Liability.
While redistributing the Work or Derivative Works thereof, You may choose to offer, and charge a fee for, acceptance of
support, warranty, indemnity, or other liability obligations and/or rights consistent with this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any liability incurred by, or
claims asserted against, such Contributor by reason of your accepting any such warranty or additional liability.
NTP 3.5
*******************************************************************************************************************************************
********************************
Copyright (c) University of Delaware 1992-2011
Permission to use, copy, modify, and distribute this software and its documentation for any purpose with or without fee is
herebygranted, provided that the above copyright notice appears in all copies and that both the copyright notice and this
permission notice appear in supporting documentation, and that the name University of Delaware not be used in advertising or publicity pertaining to distribution of the software without specific, written prior permission. The University of Delaware makes no representations about the suitability this software for any purpose. It is provided "as is" without express or
implied warranty.
*******************************************************************************************************************************************
********************************
Tomcat
TERMS AND CONDITIONS FOR USE, REPRODUCTION, AND DISTRIBUTION
1. Definitions.
"License" shall mean the terms and conditions for use, reproduction, and distribution as defined by Sections 1 through 9 of this
document.
"Licensor" shall mean the copyright owner or entity authorized by the copyright owner that is granting the License.
"Legal Entity" shall mean the union of the acting entity and all other entities that control, are controlled by, or are under common
control with that entity. For the purposes of this definition, "control" means (i) the power, direct or indirect, to cause the direction
or management of such entity, whether by contract or otherwise, or (ii) ownership of fifty percent (50%) or more of the
outstanding shares, or (iii) beneficial ownership of such entity.
"You" (or "Your") shall mean an individual or Legal Entity exercising permissions granted by this License.
"Source" form shall mean the preferred form for making modifications, including but not limited to software source code,
documentation source, and configuration files.
"Object" form shall mean any form resulting from mechanical transformation or translation of a Source form, including but not
limited to compiled object code, generated documentation, and conversions to other media types.
"Work" shall mean the work of authorship, whether in Source or Object form, made available under the License, as indicated by
a copyright notice that is included in or attached to the work.
"Derivative Works" shall mean any work, whether in Source or Object form, that is based on (or derived from) the Work and for
which the editorial revisions, annotations, elaborations, or other modifications represent, as a whole, an original work of
authorship. For the purposes of this License, Derivative Works shall not include works that remain separable from, or merely
link (or bind by name) to the interfaces of, the Work and Derivative Works thereof.
"Contribution" shall mean any work of authorship, including the original version of the Work and any modifications or additions
to that Work or Derivative Works thereof, that is intentionally submitted to Licensor for inclusion in the Work by the copyright
owner or by an individual or Legal Entity authorized to submit on behalf of the copyright owner. For the purposes of this
definition, "submitted" means any form of electronic, verbal, or written communication sent to the Licensor or its representatives,
214
including but not limited to communication on electronic mailing lists, source code control systems, and issue tracking systems
that are managed by, or on behalf of, the Licensor for the purpose of discussing and improving the Work, but excluding
communication that is conspicuously marked or otherwise designated in writing by the copyright owner as "Not a
Contribution."
"Contributor" shall mean Licensor and any individual or Legal Entity on behalf of whom a Contribution has been received by
Licensor and subsequently incorporated within the Work.
2. Grant of Copyright License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a
perpetual, worldwide, non-exclusive, no-charge, royalty-free, irrevocable copyright license to reproduce, prepare Derivative
Works of, publicly display, publicly perform, sublicense, and distribute the Work and such Derivative Works in Source or Object
form.
3. Grant of Patent License. Subject to the terms and conditions of this License, each Contributor hereby grants to You a perpetual,
worldwide, non-exclusive, no-charge, royalty-free, irrevocable (except as stated in this section) patent license to make, have
made, use, offer to sell, sell, import, and otherwise transfer the Work, where such license applies only to those patent claims
licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or
without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and (b) You must cause any
modified files to carry prominent notices stating that You changed the files; and (c) You must retain, in the Source form of any
Derivative Works that You distribute, all copyright, patent, trademark, and attribution notices from the Source form of the Work,
excluding those notices that do not pertain to any part of the Derivative Works; and (d) If the Work includes a "NOTICE" text file
as part of its distribution, then any Derivative Works that You distribute must include a readable copy of the attribution notices
contained within such NOTICE file, excluding those notices that do not pertain to any part of the Derivative Works, in at least
one of the following places: within a NOTICE text file distributed as part of the Derivative Works; within the Source form or
documentation, if provided along with the Derivative Works; or, within a display generated by the Derivative Works, if and
wherever such third-party notices normally appear. The contents of the NOTICE file are for informational purposes only and do
not modify the License. You may add Your own attribution notices within Derivative Works that You distribute, alongside or as
an addendum to the NOTICE text from the Work, provided that such additional attribution notices cannot be construed as
modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and
conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided
Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in
the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement
you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of
the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the
content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under
this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as
a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not
on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional
liability.
Java JRE
SUN MICROSYSTEMS, INC. ("SUN") IS WILLING TO LICENSE THIS SPECIFICATION TO YOU ONLY UPON THE
CONDITION THAT YOU ACCEPT ALL OF THE TERMS CONTAINED IN THIS AGREEMENT. PLEASE READ THE TERMS
AND CONDITIONS OF THIS AGREEMENT CAREFULLY. BY DOWNLOADING THIS SPECIFICATION, YOU ACCEPT THE
TERMS AND CONDITIONS OF THE AGREEMENT.
Specification: JAVA PLATFORM, STANDARD EDITION ("Specification")
Version: 6
Status: Final Release
Release: December 7, 2006
Copyright 2006 SUN MICROSYSTEMS, INC.
4150 Network Circle, Santa Clara, California 95054, U.S.A
All rights reserved.
LIMITED LICENSE GRANTS
1. License for Evaluation Purposes.
215
Sun hereby grants you a fully-paid, non-exclusive, non-transferable, worldwide, limited license (without the right to sublicense),
under Sun's applicable intellectual property rights to view, download, use and reproduce the Specification only for the purpose
of internal evaluation. This includes (i) developing applications intended to run on an implementation of the Specification,
provided that such applications do not themselves implement any portion(s) of the Specification, and (ii) discussing the
Specification with any third party; and (iii) excerpting brief portions of the Specification in oral or written communications which
discuss the Specification provided that such excerpts do not in the aggregate constitute a significant portion of the Specification.
2. License for the Distribution of Compliant Implementations.
Sun also grants you a perpetual, non-exclusive, non-transferable, worldwide, fully paid-up, royalty free, limited license (without
the right to sublicense) under any applicable copyrights or, subject to the provisions of subsection 4 below, patent rights it may
have covering the Specification to create and/or distribute an Independent Implementation of the Specification that: (a) fully
implements the Specification including all its required interfaces and functionality; (b) does not modify, subset, superset or
otherwise extend the Licensor Name Space, or include any public or protected packages, classes, Java interfaces, fields or
methods within the Licensor Name Space other than those required/authorized by the Specification or Specifications being
implemented; and (c) passes the Technology Compatibility Kit (including satisfying the requirements of the applicable TCK
Users Guide) for such Specification ("Compliant Implementation"). In addition, the foregoing license is expressly conditioned on
your not acting outside its scope. No license is granted hereunder for any other purpose (including, for example, modifying the
Specification, other than to the extent of your fair use rights, or distributing the Specification to third parties). Also, no right, title,
or interest in or to any trademarks, service marks, or trade names of Sun or Sun's licensors is granted hereunder. Java, and Javarelated logos, marks and names are trademarks or registered trademarks of Sun Microsystems, Inc. in the U.S. and other
countries.
3. Pass-through Conditions.
You need not include limitations (a)-(c) from the previous paragraph or any other particular "pass through" requirements in any
license You grant concerning the use of your Independent Implementation or products derived from it. However, except with
respect to Independent Implementations (and products derived from them) that satisfy limitations (a)-(c) from the previous
paragraph, You may neither: (a) grant or otherwise pass through to your licensees any licenses under Sun's applicable
intellectual property rights; nor (b) authorize your licensees to make any claims concerning their implementation's compliance
with the Specification in question.
4. Reciprocity Concerning Patent Licenses.
a. With respect to any patent claims covered by the license granted under subparagraph 2 above that would be infringed by all
technically feasible implementations of the Specification, such license is conditioned upon your offering on fair, reasonable and
non-discriminatory terms, to any party seeking it from You, a perpetual, non-exclusive, non-transferable, worldwide license
under Your patent rights which are or would be infringed by all technically feasible implementations of the Specification to
develop, distribute and use a Compliant Implementation.
b. With respect to any patent claims owned by Sun and covered by the license granted under subparagraph 2, whether or not
their infringement can be avoided in a technically feasible manner when implementing the Specification, such license shall
terminate with respect to such claims if You initiate a claim against Sun that it has, in the course of performing its responsibilities
as the Specification Lead, induced any other entity to infringe Your patent rights.
c. Also with respect to any patent claims owned by Sun and covered by the license granted under subparagraph 2 above, where
the infringement of such claims can be avoided in a technically feasible manner when implementing the Specification such
license, with respect to such claims, shall terminate if You initiate a claim against Sun that its making, having made, using,
offering to sell, selling or importing a Compliant Implementation infringes Your patent rights.
5. Definitions.
For the purposes of this Agreement: "Independent Implementation" shall mean an implementation of the Specification that
neither derives from any of Sun's source code or binary code materials nor, except with an appropriate and separate license from
Sun, includes any of Sun's source code or binary code materials; "Licensor Name Space" shall mean the public class or interface
declarations whose names begin with "java", "javax", "com.sun" or their equivalents in any subsequent naming convention
adopted by Sun through the Java Community Process, or any recognized successors or replacements thereof; and "Technology
Compatibility Kit" or "TCK" shall mean the test suite and accompanying TCK User's Guide provided by Sun which corresponds
to the Specification and that was available either (i) from Sun's 120 days before the first release of Your Independent
Implementation that allows its use for commercial purposes, or (ii) more recently than 120 days from such release but against
which You elect to test Your implementation of the Specification.
This Agreement will terminate immediately without notice from Sun if you breach the Agreement or act outside the scope of the
licenses granted above.
DISCLAIMER OF WARRANTIES
THE SPECIFICATION IS PROVIDED "AS IS". SUN MAKES NO REPRESENTATIONS OR WARRANTIES, EITHER EXPRESS
OR IMPLIED, INCLUDING BUT NOT LIMITED TO, WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE, NON-INFRINGEMENT (INCLUDING AS A CONSEQUENCE OF ANY PRACTICE OR IMPLEMENTATION OF
THE SPECIFICATION), OR THAT THE CONTENTS OF THE SPECIFICATION ARE SUITABLE FOR ANY PURPOSE. This
document does not represent any commitment to release or implement any portion of the Specification in any product. In
addition, the Specification could include technical inaccuracies or typographical errors.
LIMITATION OF LIABILITY
TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY
DAMAGES, INCLUDING WITHOUT LIMITATION, LOST REVENUE, PROFITS OR DATA, OR FOR SPECIAL, INDIRECT,
CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES, HOWEVER CAUSED AND REGARDLESS OF THE THEORY
OF LIABILITY, ARISING OUT OF OR RELATED IN ANY WAY TO YOUR HAVING, IMPELEMENTING OR OTHERWISE
USING USING THE SPECIFICATION, EVEN IF SUN AND/OR ITS LICENSORS HAVE BEEN ADVISED OF THE POSSIBILITY
OF SUCH DAMAGES. You will indemnify, hold harmless, and defend Sun and its licensors from any claims arising or resulting
from: (i) your use of the Specification; (ii) the use or distribution of your Java application, applet and/or implementation; and/or
(iii) any claims that later versions or releases of any Specification furnished to you are incompatible with the Specification
provided to you under this license.
RESTRICTED RIGHTS LEGEND
U.S. Government: If this Specification is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime
contractor or subcontractor (at any tier), then the Government's rights in the Software and accompanying documentation shall be
216
only as set forth in this license; this is in accordance with 48 C.F.R. 227.7201 through 227.7202-4 (for Department of Defense (DoD)
acquisitions) and with 48 C.F.R. 2.101 and 12.212 (for non-DoD acquisitions).
REPORT
If you provide Sun with any comments or suggestions concerning the Specification ("Feedback"), you hereby: (i) agree that such
Feedback is provided on a non-proprietary and non-confidential basis, and (ii) grant Sun a perpetual, non-exclusive, worldwide,
fully paid-up, irrevocable license, with the right to sublicense through multiple levels of sublicensees, to incorporate, disclose,
and use without limitation the Feedback for any purpose.
GENERAL TERMS
Any action related to this Agreement will be governed by California law and controlling U.S. federal law. The U.N. Convention
for the International Sale of Goods and the choice of law rules of any jurisdiction will not apply.
The Specification is subject to U.S. export control laws and may be subject to export or import regulations in other countries.
Licensee agrees to comply strictly with all such laws and regulations and acknowledges that it has the responsibility to obtain
such licenses to export, re-export or import as may be required after delivery to Licensee.
This Agreement is the parties' entire agreement relating to its subject matter. It supersedes all prior or contemporaneous oral or
written communications, proposals, conditions, representations and warranties and prevails over any conflicting or additional
terms of any quote, order, acknowledgment, or other communication between the parties relating to its subject matter during the
term of this Agreement. No modification to this Agreement will be binding, unless in writing and signed by an authorized
representative of each party.
Rev. April, 2006
PostgreSQL is released under the BSD license.
PostgreSQL Database Management System (formerly known as Postgres, then as Postgres95)
Portions Copyright (c) 1996-2008, The PostgreSQL Global Development Group
Portions Copyright (c) 1994, The Regents of the University of California
Permission to use, copy, modify, and distribute this software and its documentation for any purpose, without fee, and without a
written agreement is hereby granted, provided that the above copyright notice and this paragraph and the following two
paragraphs appear in all copies.
IN NO EVENT SHALL THE UNIVERSITY OF CALIFORNIA BE LIABLE TO ANY PARTY FOR DIRECT, INDIRECT, SPECIAL,
INCIDENTAL, OR CONSEQUENTIAL DAMAGES, INCLUDING LOST PROFITS, ARISING OUT OF THE USE OF THIS
SOFTWARE AND ITS DOCUMENTATION, EVEN IF THE UNIVERSITY OF CALIFORNIA HAS BEEN ADVISED OF THE
POSSIBILITY OF SUCH DAMAGE.
THE UNIVERSITY OF CALIFORNIA SPECIFICALLY DISCLAIMS ANY WARRANTIES, INCLUDING, BUT NOT LIMITED TO,
THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. THE SOFTWARE
PROVIDED HEREUNDER IS ON AN "AS IS" BASIS, AND THE UNIVERSITY OF CALIFORNIA HAS NO OBLIGATIONS TO
PROVIDE MAINTENANCE, SUPPORT, UPDATES, ENHANCEMENTS, OR MODIFICATIONS.
JDOM.jar Copyright (C) 2000-2004 Jason Hunter & Brett McLaughlin. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions, and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions, and the disclaimer that
follows these conditions in the documentation and/or other materials provided with the distribution.
3. The name "JDOM" must not be used to endorse or promote products derived from this software without prior written
permission. For written permission, please contact request@jdom.org.
4. Products derived from this software may not be called "JDOM", nor may "JDOM" appear in their name, without prior written
permission from the JDOM Project Management request@jdom.org.
In addition, we request (but do not require) that you include in the end-user documentation provided with the redistribution
and/or in the software itself an acknowledgement equivalent to the following:
"This product includes software developed by the JDOM Project (http://www.jdom.org/)."
Alternatively, the acknowledgment may be graphical using the logos available at http://www.jdom.org/images/logos.
THIS SOFTWARE IS PROVIDED ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE
DISCLAIMED. IN NO EVENT SHALL THE JDOM AUTHORS OR THE PROJECT CONTRIBUTORS BE LIABLE FOR ANY
DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This software consists of voluntary contributions made by many individuals on behalf of the JDOM Project and was originally
created by Jason Hunter jhunter@jdom.org and Brett McLaughlin brett@jdom.org>. For more information on the JDOM Project,
please see http://www.jdom.org.
JFreeChart
JFreeChart is a free (LGPL) chart library for the Java(tm) platform.
BPF
Copyright (c) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996
The Regents of the University of California. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that: (1) source code
distributions retain the above copyright notice and this paragraph in its entirety, (2) distributions including binary code include
the above copyright notice and this paragraph in its entirety in the documentation or other materials provided with the
distribution, and (3) all advertising materials mentioning features or use of this software display the following
acknowledgement:
217
This product includes software developed by the University of California, Lawrence Berkeley Laboratory and its contributors.
Neither the name of the University nor the names of its contributors may be used to endorse or promote products derived from
this software without specific prior written permission. THIS SOFTWARE IS PROVIDED ``AS IS'' AND WITHOUT ANY
EXPRESS OR IMPLIED WARRANTIES, INCLUDING, WITHOUT LIMITATION, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
DES
Software DES functions written 12 Dec 1986 by Phil Karn, KA9Q; large sections adapted from the 1977 public-domain program
by Jim Gillogly.
EXPAT
Copyright (c) 1998, 1999, 2000 Thai Open Source Software Center Ltd.
Permission is hereby granted, free of charge, to any person obtaining a copy of this software and associated documentation files
(the "Software"), to deal in the Software without restriction, including without limitation the rights to use, copy, modify, merge,
publish, distribute, sublicense, and/or sell copies of the Software, and to permit persons to whom the Software is furnished to do
so, subject to the following conditions:
The above copyright notice and this permission notice shall be included in all copies or substantial portions of the Software.
THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED, INCLUDING BUT
NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
Finjan Software
Copyright (c) 2003 Finjan Software, Inc. All rights reserved.
Flowerfire
Copyright (c) 1996-2002 Greg Ferrar
ISODE
ISODE 8.0 NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions of a license agreement.
Consult the Preface in the User's Manual for the full terms of this agreement.
4BSD/ISODE SMP NOTICE
Acquisition, use, and distribution of this module and related materials are subject to the restrictions given in the file SMP-README.
UNIX is a registered trademark in the US and other countries, licensed exclusively through X/Open Company Ltd.
MD5
RSA Data Security, Inc. MD5 Message-Digest Algorithm
Copyright (c) 1991-2, RSA Data Security, Inc. Created 1991. All rights reserved.
License to copy and use this software is granted provided that it is identified as the "RSA Data Security, Inc. MD5 Message-Digest
Algorithm" in all material mentioning or referencing this software or this function.
License is also granted to make and use derivative works provided that such works are identified as "derived from the RSA Data
Security, Inc. MD5 Message-Digest Algorithm" in all material mentioning or referencing the derived work.
RSA Data Security, Inc. makes no representations concerning either the merchantability of this software or the suitability of this
software for any particular purpose. It is provided "as is" without express or implied warranty of any kind.
THE BEER-WARE LICENSE" (Revision 42):
<phk@FreeBSD.org <mailto:phk@FreeBSD.org>> wrote this file. As long as you retain this notice you can do whatever you
want with this stuff. If we meet some day, and you think this stuff is worth it, you can buy me a beer in return. Poul-Henning
Kamp
Microsoft Windows Media Streaming
Copyright (c) 2003 Microsoft Corporation. All rights reserved.
OpenLDAP
Copyright (c) 1999-2001 The OpenLDAP Foundation, Redwood City, California, USA. All Rights Reserved. Permission to copy
and distribute verbatim copies of this document is granted.
http://www.openldap.org/software/release/license.html
The OpenLDAP Public License Version 2.7, 7 September 2001
Redistribution and use of this software and associated documentation ("Software"), with or without modification, are permitted
provided that the following conditions are met:
1. Redistributions of source code must retain copyright statements and notices,
2. Redistributions in binary form must reproduce applicable copyright statements and notices, this list of conditions, and the
following disclaimer in the documentation and/or other materials provided with the distribution, and
3. Redistributions must contain a verbatim copy of this document.
The OpenLDAP Foundation may revise this license from time to time. Each revision is distinguished by a version number. You
may use this Software under terms of this license revision or under the terms of any subsequent revision of the license.
THIS SOFTWARE IS PROVIDED BY THE OPENLDAP FOUNDATION AND ITS CONTRIBUTORS ``AS IS'' AND ANY
EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF
MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
OPENLDAP FOUNDATION, ITS CONTRIBUTORS, OR THE AUTHOR(S) OR OWNER(S) OF THE SOFTWARE BE LIABLE
FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
218
BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF
THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The names of the authors and copyright holders must not be used in advertising or otherwise to promote the sale, use or other
dealing in this Software without specific, written prior permission. Title to copyright in this Software shall at all times remain
with copyright holders.
OpenLDAP is a registered trademark of the OpenLDAP Foundation.
OpenSSH
Copyright (c) 1995 Tatu Ylonen <ylo@cs.hut.fi>, Espoo, Finland. All rights reserved
This file is part of the OpenSSH software.
The licences which components of this software fall under are as follows. First, we will summarize and say that all components
are under a BSD licence, or a licence more free than that.
OpenSSH contains no GPL code.
1) As far as I am concerned, the code I have written for this software can be used freely for any purpose. Any derived versions of
this software must be clearly marked as such, and if the derived work is incompatible with the protocol description in the RFC
file, it must be called by a name other than "ssh" or "Secure Shell".
[Tatu continues]
However, I am not implying to give any licenses to any patents or copyrights held by third parties, and the software includes
parts that are not under my direct control. As far as I know, all included source code is used in accordance with the relevant
license agreements and can be used freely for any purpose (the GNU license being the most restrictive); see below for details.
[However, none of that term is relevant at this point in time. All of these restrictively licenced software components which he
talks about have been removed from OpenSSH, i.e.,
- RSA is no longer included, found in the OpenSSL library
- IDEA is no longer included, its use is deprecated
- DES is now external, in the OpenSSL library
- GMP is no longer used, and instead we call BN code from OpenSSL
- Zlib is now external, in a library
- The make-ssh-known-hosts script is no longer included
- TSS has been removed
- MD5 is now external, in the OpenSSL library
- RC4 support has been replaced with ARC4 support from OpenSSL
- Blowfish is now external, in the OpenSSL library
[The licence continues]
Note that any information and cryptographic algorithms used in this software are publicly available on the Internet and at any
major bookstore, scientific library, and patent office worldwide. More information can be found e.g. at "http://www.cs.hut.fi/
crypto".
The legal status of this program is some combination of all these permissions and restrictions. Use only at your own
responsibility. You will be responsible for any legal consequences yourself; I am not making any claims whether possessing or
using this is legal or not in your country, and I am not taking any responsibility on your behalf.
NO
WARRANTY
BECAUSE THE PROGRAM IS LICENSED FREE OF CHARGE, THERE IS NO WARRANTY FOR THE PROGRAM, TO THE
EXTENT PERMITTED BY APPLICABLE LAW. EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT
HOLDERS AND/OR OTHER PARTIES PROVIDE THE PROGRAM "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER
EXPRESSED OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE
PROGRAM IS WITH YOU. SHOULD THE PROGRAM PROVE DEFECTIVE, YOU ASSUME THE COST OF ALL NECESSARY
SERVICING, REPAIR OR CORRECTION. IN NO EVENT UNLESS REQUIRED BY APPLICABLE LAW OR AGREED TO IN
WRITING WILL ANY COPYRIGHT HOLDER, OR ANY OTHER PARTY WHO MAY MODIFY AND/OR REDISTRIBUTE THE
PROGRAM AS PERMITTED ABOVE, BE LIABLE TO YOU FOR DAMAGES, INCLUDING ANY GENERAL, SPECIAL,
INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE PROGRAM
(INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED
BY YOU OR THIRD PARTIES OR A FAILURE OF THE PROGRAM TO OPERATE WITH ANY OTHER PROGRAMS), EVEN IF
SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
2) The 32-bit CRC compensation attack detector in deattack.c was contributed by CORE SDI S.A. under a BSD-style license.
Cryptographic attack detector for ssh - source code
Copyright (c) 1998 CORE SDI S.A., Buenos Aires, Argentina. All rights reserved. Redistribution and use in source and binary
forms, with or without modification, are permitted provided that this copyright notice is retained. THIS SOFTWARE IS
PROVIDED ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES ARE DISCLAIMED. IN NO EVENT SHALL CORE SDI
S.A. BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY OR CONSEQUENTIAL DAMAGES
RESULTING FROM THE USE OR MISUSE OF THIS SOFTWARE.
Ariel Futoransky <futo@core-sdi.com> <http://www.core-sdi.com>
3) ssh-keygen was contributed by David Mazieres under a BSD-style license.
Copyright 1995, 1996 by David Mazieres <dm@lcs.mit.edu>. Modification and redistribution in source and binary forms is
permitted provided that due credit is given to the author and the OpenBSD project by leaving this copyright notice intact.
4) The Rijndael implementation by Vincent Rijmen, Antoon Bosselaers and Paulo Barreto is in the public domain and distributed
with the following license:
@version 3.0 (December 2000)
219
220
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
OpenSSL
Copyright (c) 1995-1998 Eric Young (eay@cryptsoft.com). All rights reserved.
http://www.openssl.org/about/
http://www.openssl.org/about/
OpenSSL is based on the excellent SSLeay library developed by Eric A. Young <mailto:eay@cryptsoft.com> and Tim J. Hudson
<mailto:tjh@cryptsoft.com>.
The OpenSSL toolkit is licensed under a Apache-style license which basically means that you are free to get and use it for
commercial and non-commercial purposes.
This package is an SSL implementation written by Eric Young (eay@cryptsoft.com). The implementation was written so as to
conform with Netscapes SSL.
This library is free for commercial and non-commercial use as long as the following conditions are adhered to. The following
conditions apply to all code found in this distribution, be it the RC4, RSA, lhash, DES, etc., code; not just the SSL code. The SSL
documentation included with this distribution is covered by the same copyright terms except that the holder is Tim Hudson
(tjh@cryptsoft.com).
Copyright remains Eric Young's, and as such any Copyright notices in the code are not to be removed. If this package is used in
a product, Eric Young should be given attribution as the author of the parts of the library used. This can be in the form of a
textual message at program startup or in documentation (online or textual) provided with the package.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgement: "This
product includes cryptographic software written by Eric Young (eay@cryptsoft.com)" The word 'cryptographic' can be left out if
the routines from the library being used are not cryptographic related :-).
4. If you include any Windows specific code (or a derivative thereof) from the apps directory (application code) you must include
an acknowledgement: "This product includes software written by Tim Hudson (tjh@cryptsoft.com)"
THIS SOFTWARE IS PROVIDED BY ERIC YOUNG ``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING,
BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT,
INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED
TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS
SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
The license and distribution terms for any publicly available version or derivative of this code cannot be changed. i.e. this code
cannot simply be copied and put under another distribution license [including the GNU Public License.]
Copyright (c) 1998-2002 The OpenSSL Project. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, are permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. All advertising materials mentioning features or use of this software must display the following acknowledgment:
"This product includes software developed by the OpenSSL Project for use in the OpenSSL Toolkit. (http://www.openssl.org/)"
4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to endorse or promote products derived from this
software without prior written permission. For written permission, please contact openssl-core@openssl.org.
5. Products derived from this software may not be called "OpenSSL" nor may "OpenSSL" appear in their names without prior
written permission of the OpenSSL Project.
6. Redistributions of any form whatsoever must retain the following acknowledgment: "This product includes software
developed by the OpenSSL Project for use in the OpenSSL Toolkit (http://www.openssl.org/)"
THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY EXPRESSED OR IMPLIED WARRANTIES,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE OpenSSL PROJECT OR ITS CONTRIBUTORS BE
LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES
(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR
PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF
THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
This product includes cryptographic software written by Eric Young (eay@cryptsoft.com). This product includes software
written by Tim Hudson (tjh@cryptsoft.com).
PCRE
Copyright (c) 1997-2001 University of Cambridge
University of Cambridge Computing Service, Cambridge, England. Phone: +44 1223 334714.
Written by: Philip Hazel <ph10@cam.ac.uk>
Permission is granted to anyone to use this software for any purpose on any computer system, and to redistribute it freely,
subject to the following restrictions:
221
1. This software is distributed in the hope that it will be useful, but WITHOUT ANY WARRANTY; without even the implied
warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.
2. Regular expression support is provided by the PCRE library package, which is open source software, written by Philip Hazel,
and copyright by the University of Cambridge, England.
ftp://ftp.csx.cam.ac.uk/pub/software/programming/pcre/
PHAOS SSLava and SSLavaThin
Copyright (c) 1996-2003 Phaos Technology Corporation. All Rights Reserved.
The software contains commercially valuable proprietary products of Phaos which have been secretly developed by Phaos, the
design and development of which have involved expenditure of substantial amounts of money and the use of skilled
development experts over substantial periods of time. The software and any portions or copies thereof shall at all times remain
the property of Phaos.
PHAOS MAKES NO WARRANTIES, EXPRESS OR IMPLIED, INCLUDING WITHOUT LIMITATION THE IMPLIED
WARRANTY OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE, REGARDING THE SOFTWARE, OR ITS
USE AND OPERATION ALONE OR IN COMBINATION WITH ANY OTHER SOFTWARE.
PHAOS SHALL NOT BE LIABLE TO THE OTHER OR ANY OTHER PERSON CLAIMING DAMAGES AS A RESULT OF THE
USE OF ANY PRODUCT OR SOFTWARE FOR ANY DAMAGES WHATSOEVER. IN NO EVENT WILL PHAOS BE LIABLE
FOR SPECIAL, INCIDENTAL OR CONSEQUENTIAL DAMAGES, EVEN IF ADVISED OF THE POSSIBLITY OF SUCH
DAMAGES.
RealSystem
The RealNetworks RealProxy Server is included under license from RealNetworks, Inc. Copyright 1996-1999, RealNetworks,
Inc. All rights reserved.
SNMP
Copyright (C) 1992-2001 by SNMP Research, Incorporated.
This software is furnished under a license and may be used and copied only in accordance with the terms of such license and
with the inclusion of the above copyright notice. This software or any other copies thereof may not be provided or otherwise
made available to any other person. No title to and ownership of the software is hereby transferred. The information in this
software is subject to change without notice and should not be construed as a commitment by SNMP Research, Incorporated.
Restricted Rights Legend:
Use, duplication, or disclosure by the Government is subject to restrictions as set forth in subparagraph (c)(1)(ii) of the Rights in
Technical Data and Computer Software clause at DFARS 252.227-7013; subparagraphs (c)(4) and (d) of the Commercial
Computer Software-Restricted Rights Clause, FAR 52.227-19; and in similar clauses in the NASA FAR Supplement and other
corresponding governmental regulations.
PROPRIETARY NOTICE
This software is an unpublished work subject to a confidentiality agreement and is protected by copyright and trade secret law.
Unauthorized copying, redistribution or other use of this work is prohibited. The above notice of copyright on this source code
product does not indicate any actual or intended publication of such source code.
STLport
Copyright (c) 1999, 2000 Boris Fomitchev
This material is provided "as is", with absolutely no warranty expressed or implied. Any use is at your own risk.
Permission to use or copy this software for any purpose is hereby granted without fee, provided the above notices are retained
on all copies. Permission to modify the code and to distribute modified code is granted, provided the above notices are retained,
and a notice that the code was modified is included with the above copyright notice.
The code has been modified.
Copyright (c) 1994 Hewlett-Packard Company
Copyright (c) 1996-1999 Silicon Graphics Computer Systems, Inc.
Copyright (c) 1997 Moscow Center for SPARC Technology
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Hewlett-Packard Company makes no representations about the suitability of this
software for any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Silicon Graphics makes no representations about the suitability of this software for
any purpose. It is provided "as is" without express or implied warranty.
Permission to use, copy, modify, distribute and sell this software and its documentation for any purpose is hereby granted
without fee, provided that the above copyright notice appear in all copies and that both that copyright notice and this permission
notice appear in supporting documentation. Moscow Center for SPARC Technology makes no representations about the
suitability of this software for any purpose. It is provided "as is" without express or implied warranty.
SmartFilter
Copyright (c) 2003 Secure Computing Corporation. All rights reserved.
SurfControl
Copyright (c) 2003 SurfControl, Inc. All rights reserved.
Symantec AntiVirus Scan Engine
Copyright (c) 2003 Symantec Corporation. All rights reserved.
TCPIP
Some of the files in this project were derived from the 4.X BSD (Berkeley Software Distribution) source.
Their copyright header follows:
222
223
licensable by such Contributor that are necessarily infringed by their Contribution(s) alone or by combination of their
Contribution(s) with the Work to which such Contribution(s) was submitted. If You institute patent litigation against any entity
(including a cross-claim or counterclaim in a lawsuit) alleging that the Work or a Contribution incorporated within the Work
constitutes direct or contributory patent infringement, then any patent licenses granted to You under this License for that Work
shall terminate as of the date such litigation is filed.
4. Redistribution. You may reproduce and distribute copies of the Work or Derivative Works thereof in any medium, with or
without modifications, and in Source or Object form, provided that You meet the following conditions:
(a) You must give any other recipients of the Work or Derivative Works a copy of this License; and
(b) You must cause any modified files to carry prominent notices stating that You changed the files; and
(c) You must retain, in the Source form of any Derivative Works that You distribute, all copyright, patent, trademark, and
attribution notices from the Source form of the Work, excluding those notices that do not pertain to any part of he Derivative
Works; and
(d) If the Work includes a "NOTICE" text file as part of its distribution, then any Derivative Works that You distribute must
include a readable copy of the attribution notices contained within such NOTICE file, excluding those notices that do not pertain
to any part of the Derivative Works, in at least one of the following places: within a NOTICE text file distribute as part of the
Derivative Works; within the Source form or documentation, if provided along with the Derivative Works; or, within a display
generated by the Derivative Works, if and wherever such third-party notices normally appear. The contents of the NOTICE file
are for informational purposes only and do not modify the License. You may add Your own attribution notices within Derivative
Works that You distribute, alongside or as an addendum to the NOTICE text from the Work, provided that such additional
attribution notices cannot be construed as modifying the License.
You may add Your own copyright statement to Your modifications and may provide additional or different license terms and
conditions for use, reproduction, or distribution of Your modifications, or for any such Derivative Works as a whole, provided
Your use, reproduction, and distribution of the Work otherwise complies with the conditions stated in this License.
5. Submission of Contributions. Unless You explicitly state otherwise, any Contribution intentionally submitted for inclusion in
the Work by You to the Licensor shall be under the terms and conditions of this License, without any additional terms or
conditions. Notwithstanding the above, nothing herein shall supersede or modify the terms of any separate license agreement
you may have executed with Licensor regarding such Contributions.
6. Trademarks. This License does not grant permission to use the trade names, trademarks, service marks, or product names of
the Licensor, except as required for reasonable and customary use in describing the origin of the Work and reproducing the
content of the NOTICE file.
7. Disclaimer of Warranty. Unless required by applicable law or agreed to in writing, Licensor provides the Work (and each
Contributor provides its Contributions) on an "AS IS" BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND,
either express or implied, including, without limitation, any warranties or conditions of TITLE, NON-INFRINGEMENT,
MERCHANTABILITY, or FITNESS FOR A PARTICULAR PURPOSE. You are solely responsible for determining the
appropriateness of using or redistributing the Work and assume any risks associated with Your exercise of permissions under
this License.
8. Limitation of Liability. In no event and under no legal theory, whether in tort (including negligence), contract, or otherwise,
unless required by applicable law (such as deliberate and grossly negligent acts) or agreed to in writing, shall any Contributor be
liable to You for damages, including any direct, indirect, special, incidental, or consequential damages of any character arising as
a result of this License or out of the use or inability to use the Work (including but not limited to damages for loss of goodwill,
work stoppage, computer failure or malfunction, or any and all other commercial damages or losses), even if such Contributor
has been advised of the possibility of such damages.
9. Accepting Warranty or Additional Liability. While redistributing the Work or Derivative Works thereof, You may choose to
offer, and charge a fee for, acceptance of support, warranty, indemnity, or other liability obligations and/or rights consistent with
this License. However, in accepting such obligations, You may act only on Your own behalf and on Your sole responsibility, not
on behalf of any other Contributor, and only if You agree to indemnify, defend, and hold each Contributor harmless for any
liability incurred by, or claims asserted against, such Contributor by reason of your accepting any such warranty or additional
liability.
END OF TERMS AND CONDITIONS
APPENDIX: How to apply the Apache License to your work.
To apply the Apache License to your work, attach the following boilerplate notice, with the fields enclosed by brackets "[]"
replaced with your own identifying information. (Don't include the brackets!) The text should be enclosed in the appropriate
comment syntax for the file format. We also recommend that a file or class name and description of purpose be included on the
same "printed page" as the copyright notice for easier identification within third-party archives.
Copyright [yyyy] [name of copyright owner]
Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License.
You may obtain a copy of the License at
http://www.apache.org/licenses/LICENSE-2.0
Unless required by applicable law or agreed to in writing, software distributed under the License is distributed on an "AS IS"
BASIS, WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the License for the specific
language governing permissions and limitations under the License.
224
zlib
Copyright (c) 2003 by the Open Source Initiative
This software is provided 'as-is', without any express or implied warranty. In no event will the authors be held liable for any
damages arising from the use of this software.
ICU License - ICU 1.8.1 and later COPYRIGHT AND PERMISSION NOTICE Copyright (c) 1995-2003 International Business
Machines Corporation and others All rights reserved. Permission is hereby granted, free of charge, to any person obtaining a
copy of this software and associated documentation files (the "Software"), to deal in the Software without restriction, including
without limitation the rights to use, copy, modify, merge, publish, distribute, and/or sell copies of the Software, and to permit
persons to whom the Software is furnished to do so, provided that the above copyright notice(s) and this permission notice
appear in all copies of the Software and that both the above copyright notice(s) and this permission notice appear in supporting
documentation. THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR IMPLIED,
INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE
AND NONINFRINGEMENT OF THIRD PARTY RIGHTS. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR HOLDERS
INCLUDED IN THIS NOTICE BE LIABLE FOR ANY CLAIM, OR ANY SPECIAL INDIRECT OR CONSEQUENTIAL
DAMAGES, OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH
THE USE OR PERFORMANCE OF THIS SOFTWARE. Except as contained in this notice, the name of a copyright holder shall
not be used in advertising or otherwise to promote the sale, use or other dealings in this Software without prior written
authorization of the copyright holder
The PHP License, version 3.01 Copyright (c) 1999 - 2006 The PHP Group. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. The name "PHP" must not be used to endorse or promote products derived from this software without prior written
permission. For written permission, please contact group@php.net.
4. Products derived from this software may not be called "PHP", nor may "PHP" appear in their name, without prior written
permission from group@php.net. You may indicate that your software works in conjunction with PHP by saying "Foo for PHP"
instead of calling it "PHP Foo" or "phpfoo"
5. The PHP Group may publish revised and/or new versions of the license from time to time. Each version will be given a
distinguishing version number.
Once covered code has been published under a particular version of the license, you may always continue to use it under the
terms of that version. You may also choose to use such covered code under the terms of any subsequent version of the license
published by the PHP Group. No one other than the PHP Group has the right to modify the terms applicable to covered code
created under this License.
6. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes PHP software, freely available from
<http://www.php.net/software/>".
THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND ANY EXPRESSED OR IMPLIED
WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP DEVELOPMENT TEAM OR ITS
CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY
WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-------------------------------------------------------------------This software consists of voluntary contributions made by many individuals on behalf of the PHP Group.
The PHP Group can be contacted via Email at group@php.net.
For more information on the PHP Group and the PHP project, please see <http://www.php.net>.
The Zend Engine License, version 2.00 Copyright (c) 1999-2002 Zend Technologies Ltd. All rights reserved.
Redistribution and use in source and binary forms, with or without modification, is permitted provided that the following
conditions are met:
1. Redistributions of source code must retain the above copyright notice, this list of conditions and the following disclaimer.
2. Redistributions in binary form must reproduce the above copyright notice, this list of conditions and the following disclaimer
in the documentation and/or other materials provided with the distribution.
3. The names "Zend" and "Zend Engine" must not be used to endorse or promote products derived from this software without
prior permission from Zend Technologies Ltd. For written permission, please contact license@zend.com.
4. Zend Technologies Ltd. may publish revised and/or new versions of the license from time to time. Each version will be given
a distinguishing version number. Once covered code has been published under a particular version of the license, you may
always continue to use it under the terms of that version. You may also choose to use such covered code under the terms of any
subsequent version of the license published by Zend Technologies Ltd. No one other than Zend Technologies Ltd. has the right to
modify the terms applicable to covered code created under this License.
5. Redistributions of any form whatsoever must retain the following acknowledgment:
"This product includes the Zend Engine, freely available at
http://www.zend.com"
6. All advertising materials mentioning features or use of this software must display the following acknowledgment:
225
226
(b) your Programs add significant and primary functionality to the Redistributable,
(c) you distribute Redistributable for the sole purpose of running your Programs,
(d) you do not distribute additional software intended to replace any component(s) of the Redistributable,
(e) you do not remove or alter any proprietary legends or notices contained in or on the Redistributable.
(f) you only distribute the Redistributable subject to a license agreement that protects Sun's interests consistent with the terms
contained in this Agreement, and
(g) you agree to defend and indemnify Sun and its licensors from and against any damages, costs, liabilities, settlement amounts
and/or expenses (including attorneys' fees) incurred in connection with any claim, lawsuit or action by any third party that
arises or results from the use or distribution of any and all Programs and/or Redistributable.
3. Java Technology Restrictions. You may not create, modify, or change the behavior of, or authorize your licensees to create,
modify, or change the behavior of, classes, interfaces, or subpackages that are in any way identified as "java", "javax", "sun" or
similar convention as specified by Sun in any naming convention designation.
B. Sun Microsystems, Inc. ("Sun")
SOFTWARE LICENSE AGREEMENT
READ THE TERMS OF THIS AGREEMENT ("AGREEMENT") CAREFULLY BEFORE OPENING SOFTWARE MEDIA
PACKAGE. BY OPENING SOFTWARE MEDIA PACKAGE, YOU AGREE TO THE TERMS OF THIS AGREEMENT. IF YOU
ARE ACCESSING SOFTWARE ELECTRONICALLY, INDICATE YOUR ACCEPTANCE OF THESE TERMS BY SELECTING
THE "ACCEPT" BUTTON AT THE END OF THIS AGREEMENT. IF YOU DO NOT AGREE TO ALL OF THE TERMS,
PROMPTLY RETURN THE UNUSED SOFTWARE TO YOUR PLACE OF PURCHASE FOR A REFUND OR, IF SOFTWARE IS
ACCESSED ELECTRONICALLY, SELECT THE "DECLINE" (OR "EXIT") BUTTON AT THE END OF THIS AGREEMENT. IF
YOU HAVE SEPARATELY AGREED TO LICENSE TERMS ("MASTER TERMS") FOR YOUR LICENSE TO THIS SOFTWARE,
THEN SECTIONS 1-5 OF THIS AGREEMENT "SUPPLEMENTAL LICENSE TERMS") SHALL SUPPLEMENT AND
SUPERSEDE THE MASTER TERMS IN RELATION TO THIS SOFTWARE.
1. Definitions.
(a) "Entitlement" means the collective set of applicable documents authorized by Sun evidencing your obligation to pay
associated fees (if any) for the license, associated Services, and the authorized scope of use of Software under this Agreement.
(b) "Licensed Unit" means the unit of measure by which your use of Software and/or Service is licensed, as described in your
Entitlement.
(c) "Permitted Use" means the licensed Software use(s) authorized in this Agreement as specified in your Entitlement. The
Permitted Use for any bundled Sun software not specified in your Entitlement will be evaluation use as provided in Section 3.
(d) "Service" means the service(s) that Sun or its delegate will provide, if any, as selected in your Entitlement and as further
described in the applicable service listings at www.sun.com/service/servicelist.
(e) "Software" means the Sun software described in your Entitlement. Also, certain software may be included for evaluation use
under Section 3.
(f) "You" and "Your" means the individual or legal entity specified in the Entitlement, or for evaluation purposes, the entity
performing the evaluation.
2. License Grant and Entitlement.
Subject to the terms of your Entitlement, Sun grants you a nonexclusive, nontransferable limited license to use Software for its
Permitted Use for the license term. Your Entitlement will specify (a) Software licensed, (b) the Permitted Use, (c) the license term,
and (d) the Licensed Units.
Additionally, if your Entitlement includes Services,then it will also specify the (e) Service and (f) service term.
If your rights to Software or Services are limited in duration and the date such rights begin is other than the purchase date, your
Entitlement will provide that beginning date(s).
The Entitlement may be delivered to you in various ways depending on the manner in which you obtain Software and Services,
for example, the Entitlement may be provided in your receipt, invoice or your contract with Sun or authorized Sun reseller. It
may also be in electronic format if you download Software.
3. Permitted Use.
As selected in your Entitlement, one or more of the following Permitted Uses will apply to your use of Software. Unless you have
an Entitlement that expressly permits it, you may not use Software for any of the other Permitted Uses. If you don't have an
Entitlement, or if your Entitlement doesn't cover additional software delivered to you, then such software is for your Evaluation
Use.
(a) Evaluation Use. You may evaluate Software internally for a period of 90 days from your first use.
(b) Research and Instructional Use. You may use Software internally to design, develop and test, and also to provide instruction
on such uses.
(c) Individual Use. You may use Software internally for personal, individual use.
(d) Commercial Use. You may use Software internally for your own commercial purposes.
(e) Service Provider Use. You may make Software functionality accessible (but not by providing Software itself or through
outsourcing services) to
your end users in an extranet deployment, but not to your affiliated companies or to government agencies.
4. Licensed Units.
Your Permitted Use is limited to the number of Licensed Units stated in your Entitlement. If you require additional Licensed
Units, you will need additional Entitlement(s).
5. Restrictions.
(a) The copies of Software provided to you under this Agreement are licensed, not sold, to you by Sun. Sun reserves all rights not
expressly granted. (b) You may make a single archival copy of Software, but otherwise may not copy, modify, or distribute
Software. However if the Sun documentation accompanying Software lists specific portions of Software, such as header files,
class libraries, reference source code, and/or redistributable files, that may be handled differently, you may do so only as
provided in the Sun documentation. (c) You may not rent, lease, lend or encumber Software. (d) Unless enforcement is prohibited
227
by applicable law, you may not decompile, or reverse engineer Software. (e) The terms and conditions of this Agreement will
apply to any Software updates, provided to you at Sun's discretion, that replace and/or supplement the original Software, unless
such update contains a separate license. (f) You may not publish or provide the results of any benchmark or comparison tests run
on Software to any third party without the prior written consent of Sun. (g) Software is confidential and copyrighted. (h) Unless
otherwise specified, if Software is delivered with embedded or bundled software that enables functionality of Software, you may
not use such software on a stand-alone basis or use any portion of such software to interoperate with any program(s) other than
Software. (i) Software may contain programs that perform automated collection of system data and/or automated software
updating services. System data collected through such programs may be used by Sun, its subcontractors, and its service delivery
partners for the purpose of providing you with remote system services and/or improving Sun's software and systems. (j)
Software is not designed, licensed or intended for use in the design, construction, operation or maintenance of any nuclear
facility and Sun and its licensors disclaim any express or implied warranty of fitness for such uses. (k) No right, title or interest in
or to any trademark, service mark, logo or trade name of Sun or its licensors is granted under this Agreement.
6. Term and Termination.
The license and service term are set forth in your Entitlement(s). Your rights under this Agreement will terminate immediately
without notice from Sun if you materially breach it or take any action in derogation of Sun's and/or its licensors' rights to
Software. Sun may terminate this Agreement should any Software become, or in Sun's reasonable opinion likely to become, the
subject of a claim of intellectual property infringement or trade secret misappropriation. Upon termination, you will cease use of,
and destroy, Software and confirm compliance in writing to Sun. Sections 1, 5, 6, 7, and 9-15 will survive termination of the
Agreement.
7. Java Compatibility and Open Source.
Software may contain Java technology. You may not create additional classes to, or modifications of, the Java technology, except
under compatibility requirements available under a separate agreement available at www.java.net.
Sun supports and benefits from the global community of open source developers, and thanks the community for its important
contributions and open standards-based technology, which Sun has adopted into many of its products.
Please note that portions of Software may be provided with notices and open source licenses from such communities and third
parties that govern the use of those portions, and any licenses granted hereunder do not alter any rights and obligations you may
have under such open source licenses, however, the disclaimer of warranty and limitation of liability provisions in this
Agreement will apply to all Software in this distribution.
8. Limited Warranty.
Sun warrants to you that for a period of 90 days from the date of purchase, as evidenced by a copy of the receipt, the media on
which Software is furnished (if any) will be free of defects in materials and workmanship under normal use. Except for the
foregoing, Software is provided "AS IS". Your exclusive remedy and Sun's entire liability under this limited warranty will be at
Sun's option to replace Software media or refund the fee paid for Software. Some states do not allow limitations on certain
implied warranties, so the above may not apply to you. This limited warranty gives you specific legal rights. You may have
others, which vary from state to state.
9. Disclaimer of Warranty.
UNLESS SPECIFIED IN THIS AGREEMENT, ALL EXPRESS OR IMPLIED CONDITIONS, REPRESENTATIONS AND
WARRANTIES, INCLUDING ANY IMPLIED WARRANTY OF MERCHANTABILITY, FITNESS FOR A PARTICULAR
PURPOSE OR NON-INFRINGEMENT ARE DISCLAIMED, EXCEPT TO THE EXTENT THAT THESE DISCLAIMERS ARE
HELD TO BE LEGALLY INVALID.
10. Limitation of Liability.
TO THE EXTENT NOT PROHIBITED BY LAW, IN NO EVENT WILL SUN OR ITS LICENSORS BE LIABLE FOR ANY LOST
REVENUE, PROFIT OR DATA, OR FOR SPECIAL, INDIRECT, CONSEQUENTIAL, INCIDENTAL OR PUNITIVE DAMAGES,
HOWEVER CAUSED REGARDLESS OF THE THEORY OF LIABILITY, ARISING OUT OF OR RELATED TO THE USE OF OR
INABILITY TO USE SOFTWARE, EVEN IF SUN HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES. In no
event will Sun's liability to you, whether in contract, tort (including negligence), or otherwise, exceed the amount paid by you for
Software under this Agreement. The foregoing limitations will apply even if the above stated warranty fails of its essential
purpose. Some states do not allow the exclusion of incidental or consequential damages, so some of the terms above may not be
applicable to you.
11. Export Regulations.
All Software, documents, technical data, and any other materials delivered under this Agreement are subject to U.S. export
control laws and may be subject to export or import regulations in other countries. You agree to comply strictly with these laws
and regulations and acknowledge that you have the responsibility to obtain any licenses to export, re-export, or import as may be
required after delivery to you.
12. U.S. Government Restricted Rights.
If Software is being acquired by or on behalf of the U.S. Government or by a U.S. Government prime contractor or subcontractor
(at any tier), then the Government's rights in Software and accompanying documentation will be only as set forth in this
Agreement; this is in accordance with 48 CFR 227.7201 through 227.7202-4 (for Department of Defense (DOD) acquisitions) and
with 48 CFR 2.101 and 12.212 (for non-DOD acquisitions).
13. Governing Law.
Any action related to this Agreement will be governed by California law and controlling U.S. federal law. No choice of law rules
of any jurisdiction will apply.
14. Severability.
If any provision of this Agreement is held to be unenforceable, this Agreement will remain in effect with the provision omitted,
unless omission would frustrate the intent of the parties, in which case this Agreement will immediately terminate.
15. Integration.
This Agreement, including any terms contained in your Entitlement, is the entire agreement between you and Sun relating to its
subject matter. It supersedes all prior or contemporaneous oral or written communications, proposals, representations and
warranties and prevails over any conflicting or additional terms of any quote, order, acknowledgment, or other communication
between the parties relating to its subject matter during the term of this Agreement. No modification of this Agreement will be
binding, unless in writing and signed by an authorized representative of each party.
iText
228
229
Representations.
Contributor represents that, except as disclosed pursuant to Section 3.4(a) above, Contributor believes that Contributor's
Modifications are Contributor's original creation(s) and/or Contributor has sufficient rights to grant the rights conveyed by this
License.
3.5. Required Notices.
You must duplicate the notice in Exhibit A in each file of the Source Code. If it is not possible to put such notice in a particular
Source Code file due to its structure, then You must include such notice in a location (such as a relevant directory) where a user
would be likely to look for such a notice. If You created one or more Modification(s) You may add your name as a Contributor to
the notice described in Exhibit A. You must also duplicate this License in any documentation for the Source Code where You
describe recipients' rights or ownership rights relating to Covered Code. You may choose to offer, and to charge a fee for,
warranty, support, indemnity or liability obligations to one or more recipients of Covered Code. However, You may do so only
on Your own behalf, and not on behalf of the Initial Developer or any Contributor. You must make it absolutely clear than any
such warranty, support, indemnity or liability obligation is offered by You alone, and You hereby agree to indemnify the Initial
Developer and every Contributor for any liability incurred by the Initial Developer or such Contributor as a result of warranty,
support, indemnity or liability terms You offer.
3.6. Distribution of Executable Versions.
You may distribute Covered Code in Executable form only if the requirements of Section 3.1-3.5 have been met for that Covered
Code, and if You include a notice stating that the Source Code version of the Covered Code is available under the terms of this
License, including a description of how and where You have fulfilled the obligations of Section 3.2. The notice must be
conspicuously included in any notice in an Executable version, related documentation or collateral in which You describe
recipients' rights relating to the Covered Code. You may distribute the Executable version of Covered Code or ownership rights
under a license of Your choice, which may contain terms different from this License, provided that You are in compliance with
the terms of this License and that the license for the Executable version does not attempt to limit or alter the recipient's rights in
the Source Code version from the rights set forth in this License. If You distribute the Executable version under a different license
You must make it absolutely clear that any terms which differ from this License are offered by You alone, not by the Initial
Developer or any Contributor. You hereby agree to indemnify the Initial Developer and every Contributor for any liability
incurred by the Initial Developer or such Contributor as a result of any such terms You offer.
3.7. Larger Works.
You may create a Larger Work by combining Covered Code with other code not governed by the terms of this License and
distribute the Larger Work as a single product. In such a case, You must make sure the requirements of this License are fulfilled
for the Covered Code.
4. Inability to Comply Due to Statute or Regulation.
If it is impossible for You to comply with any of the terms of this License with respect to some or all of the Covered Code due to
statute, judicial order, or regulation then You must: (a) comply with the terms of this License to the maximum extent possible;
and (b) describe the limitations and the code they affect. Such description must be included in the LEGAL file described in
Section 3.4 and must be included with all distributions of the Source Code. Except to the extent prohibited by statute or
regulation, such description must be sufficiently detailed for a recipient of ordinary skill to be able to understand it.
5. Application of this License.
This License applies to code to which the Initial Developer has attached the notice in Exhibit A and to related Covered Code.
6. Versions of the License.
230
231
responsible for costs, including without limitation, court costs and reasonable attorneys' fees and expenses. The application of
the United Nations Convention on Contracts for the International Sale of Goods is expressly excluded. Any law or regulation
which provides that the language of a contract shall be construed against the drafter shall not apply to this License.
12. RESPONSIBILITY FOR CLAIMS.
As between Initial Developer and the Contributors, each party is responsible for claims and damages arising, directly or
indirectly, out of its utilization of rights under this License and You agree to work with Initial Developer and Contributors to
distribute such responsibility on an equitable basis. Nothing herein is intended or shall be deemed to constitute any admission of
liability.
13. MULTIPLE-LICENSED CODE.
Initial Developer may designate portions of the Covered Code as "Multiple-Licensed". "Multiple-Licensed" means that the Initial
Developer permits you to utilize portions of the Covered Code under Your choice of the NPL or the alternative licenses, if any,
specified by the Initial Developer in the file described in Exhibit A.
232