netxplorer install_admin guide r5
TRANSCRIPT
NetXplorer Centralized NetEnforcer and Service Gateway
Management Software
Installation and Administration Guide
P/N D354005 R5
NetXplorer Installation and Administration Guide ii
Important Notice Allot Communications Ltd. ("Allot") is not a party to the purchase agreement under which NetEnforcer was purchased, and will not be liable for any damages of any kind whatsoever caused to the end users using this manual, regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise.
SPECIFICATIONS AND INFORMATION CONTAINED IN THIS MANUAL ARE FURNISHED FOR INFORMATIONAL USE ONLY, AND ARE SUBJECT TO CHANGE AT ANY TIME WITHOUT NOTICE, AND
SHOULD NOT BE CONSTRUED AS A COMMITMENT BY ALLOT OR ANY OF ITS SUBSIDIARIES. ALLOT
ASSUMES NO RESPONSIBILITY OR LIABILITY FOR ANY ERRORS OR INACCURACIES THAT MAY APPEAR IN THIS MANUAL, INCLUDING THE PRODUCTS AND SOFTWARE DESCRIBED IN IT.
Please read the End User License Agreement and Warranty Certificate provided with this product before using the product.
Please note that using the products indicates that you accept the terms of the End User License Agreement and Warranty
Certificate.
WITHOUT DEROGATING IN ANY WAY FROM THE AFORESAID, ALLOT WILL NOT BE LIABLE FOR ANY SPECIAL, EXEMPLARY, INDIRECT, INCIDENTAL OR CONSEQUENTIAL DAMAGES OF ANY KIND,
REGARDLESS OF THE FORM OF ACTION WHETHER IN CONTRACT, TORT (INCLUDING NEGLIGENCE), STRICT LIABILITY OR OTHERWISE, INCLUDING, BUT NOT LIMITED TO, LOSS OF REVENUE OR
ANTICIPATED PROFITS, OR LOST BUSINESS, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Copyright Copyright © 1997-2009 Allot Communications. All rights reserved. No part of this document may
be reproduced, photocopied, stored on a retrieval system, transmitted, or translated into any other
language without a written permission and specific authorization from Allot Communications Ltd.
Trademarks Products and corporate names appearing in this manual may or may not be registered trademarks or
copyrights of their respective companies, and are used only for identification or explanation and to
the owners' benefit, without intent to infringe.
Allot and the Allot Communications logo are registered trademarks of Allot Communications Ltd.
NetXplorer Installation and Administration Guide iii
Version History
Doc Revision
Internal Build
Product Version
Published
4b v4b4 NX9.2.0 (Beta) 07.04.09
4 v4b6 NX9.2.1 25.06.09 (GA)
5 v5b1 NX10.1.0 26.09.09
5 v5b2 NX10.1.0 29.09.09
5 v5b3 NX10.1.0 30.09.09
5 v5b4 NX10.1.0 05.10.09
5 v5b5 NX10.1.0 18.10.09
5 v5b6 NX10.1.1 20.10.09 (GA)
5 v5b8 NX10.1.1 19.11.09 (Post GA)
5 V5b9 NX10.1.1 27.12.09 (Post GA)
5 V5b10 NX10.1.1 13.01.10 (Post GA)
NetXplorer Installation and Administration Guide iv
Important Notice ........................................................................................................................... ii Version History ............................................................................................................................. iii
CHAPTER 1: GETTING STARTED .......................................................................... 1-1 Overview...................................................................................................................................... 1-1 Terms and Concepts ................................................................................................................... 1-1 NetXplorer Architecture ............................................................................................................ 1-4 Administration Role ................................................................................................................... 1-6
CHAPTER 2: INSTALLATION .................................................................................. 2-1 NetXplorer Server Installation .................................................................................................. 2-1
Windows Installation ................................................................................................................ 2-1 Linux Installation ...................................................................................................................... 2-7
NetXplorer Client Installation................................................................................................. 2-10 Java, WebStart and the NetXplorer Client .............................................................................. 2-10 Accessing NetXplorer ............................................................................................................. 2-13 Enabling NetXplorer Servers .................................................................................................. 2-14
NX Accounting Installation ..................................................................................................... 2-16 Windows Server ...................................................................................................................... 2-16 Linux Server ........................................................................................................................... 2-20
NPP Installation ........................................................................................................................ 2-23 Windows Server ...................................................................................................................... 2-23 Linux Server ........................................................................................................................... 2-26
NX High Availability Platform Installation ........................................................................... 2-30 Connecting the HAP ............................................................................................................... 2-30 Network Configuration ........................................................................................................... 2-31
CHAPTER 3: CONFIGURATION .............................................................................. 3-1 Overview...................................................................................................................................... 3-1 Working with Devices ................................................................................................................ 3-1 Configuring NetXplorer Users .................................................................................................. 3-8
CHAPTER 4: MONITORING COLLECTORS ........................................................ 4-1 Overview...................................................................................................................................... 4-1
Data Collection Process ............................................................................................................ 4-2 Collector Redundancy ............................................................................................................... 4-2 NetXplorer Support................................................................................................................... 4-4
Installing Monitoring Collectors ............................................................................................... 4-5 Collector Groups ....................................................................................................................... 4-8
Configuring Monitoring Collectors .......................................................................................... 4-9 Troubleshooting the Collector ................................................................................................. 4-12
Command Line Interface ........................................................................................................ 4-12
NetXplorer Installation and Administration Guide v
Processes ................................................................................................................................. 4-12 Logs and Snapshots ................................................................................................................ 4-12 Recreating Databases .............................................................................................................. 4-13 Changing IP Addresses ........................................................................................................... 4-13
CHAPTER 5: DATABASE MANAGEMENT ............................................................ 5-1 Backup Terms ........................................................................................................................... 5-1 Using Backups to Achieve NX Redundancy ............................................................................ 5-1
Database Management on Windows ......................................................................................... 5-2 Cold Backup ............................................................................................................................. 5-2 Hot Backup ............................................................................................................................... 5-4
Database Management on Linux ............................................................................................ 5-16 Cold Backup ........................................................................................................................... 5-16 Hot Backup ............................................................................................................................. 5-17
CHAPTER 6: COMMAND LINE INTERFACE (CLI) ............................................ 6-1 Provisioning CLI ........................................................................................................................ 6-1
Topology CLI ........................................................................................................................... 6-2 Catalogs CLI ............................................................................................................................. 6-3 Policy CLI ............................................................................................................................... 6-10 Web Updates CLI ................................................................................................................... 6-15
Monitoring CLI ........................................................................................................................ 6-16 Export to CLI .......................................................................................................................... 6-17
CHAPTER 7: TROUBLESHOOTING ....................................................................... 7-1 Troubleshooting Basics .............................................................................................................. 7-1
First Steps ................................................................................................................................. 7-1 Processes ................................................................................................................................... 7-1 Log Files ................................................................................................................................... 7-2 Snapshots .................................................................................................................................. 7-5 How to restore CFG (allot_cfg) database from the Snapshot-File ............................................ 7-6
Login Errors ............................................................................................................................... 7-6 Incorrect Java Version .............................................................................................................. 7-6 Lack of Connectivity ................................................................................................................ 7-7 Antivirus Conflict ..................................................................................................................... 7-7
Policy Saving Errors .................................................................................................................. 7-8 Data Display Errors ................................................................................................................... 7-9
Data Transmission .................................................................................................................. 7-10 Data Reception ........................................................................................................................ 7-11 Data Loss ................................................................................................................................ 7-11 Stress ....................................................................................................................................... 7-12
Add Device Errors .................................................................................................................... 7-13 NX-HAP Troubleshooting ....................................................................................................... 7-15
Monitoring the Cluster Status ................................................................................................. 7-15 Viewing Available Resources ................................................................................................. 7-16
NetXplorer Installation and Administration Guide vi
Stopping Heartbeat Service .................................................................................................... 7-17
CHAPTER 8: APPENDICES ....................................................................................... 8-1 Upgrading NetXplorer Server ................................................................................................... 8-1
Standard Upgrade Procedure .................................................................................................... 8-1 Manual Upgrade Procedure ...................................................................................................... 8-3
Upgrading NX-HAP ................................................................................................................... 8-6 Upgrading Distributed Monitoring Collector .......................................................................... 8-8 Events .......................................................................................................................................... 8-9
NetXplorer Installation and Administration Guide vii
FIGURES
Figure 1-1: System Architecture .................................................................................................. 1-5
Figure 2-1: Security Warning ....................................................................................................... 2-3
Figure 2-2: NetXplorer InstallShield Wizard Welcome Window ................................................ 2-4
Figure 2-3: Choose Setup Type .................................................................................................... 2-4
Figure 2-4: Choose Destination Location - Custom ..................................................................... 2-5
Figure 2-5: Choose NTP configuration option - Custom ............................................................. 2-5
Figure 2-6: Choose Destination Location - Typical ..................................................................... 2-6
Figure 2-7: Ready to Install the Program ..................................................................................... 2-6
Figure 2-8: Setup Initializing........................................................................................................ 2-6
Figure 2-9: NetXplorer InstallShield Wizard Complete ............................................................... 2-7
Figure 2-10: NetXplorer Java Installation Screen ...................................................................... 2-12
Figure 2-11: NetXplorer Log On Window ................................................................................. 2-13
Figure 2-12 – NetXplorer Log On Dialog Box .......................................................................... 2-14
Figure 2-13: NetXplorer Application Server Registration Dialog ............................................. 2-15
Figure 2-14: Security Warning ................................................................................................... 2-17
Figure 2-15: Accounting Manager InstallShield Welcome Window ......................................... 2-18
Figure 2-16: Choose Destination Location ................................................................................. 2-18
Figure 2-17: Ready to Install Window ....................................................................................... 2-19
Figure 2-18: NetXplorer InstallShield Wizard Complete ........................................................... 2-19
Figure 2-19: Security Warning ................................................................................................... 2-24
Figure 2-20: NetPolicy Provisioner InstallShield Welcome Window ........................................ 2-25
Figure 2-21: Choose Destination Location ................................................................................. 2-25
Figure 2-22: NetXplorer IP Address Window ............................................................................ 2-25
Figure 2-23: Ready to Install Window ....................................................................................... 2-26
Figure 2-24: NPP InstallShield Wizard Complete ..................................................................... 2-26
Figure 2-25: Cable Connections for NX High Availability Platform......................................... 2-30
Figure 2-26: RedHat Network Configuration Dialog ................................................................. 2-32
NetXplorer Installation and Administration Guide viii
Figure 2-27: Updating /etc/hosts file .......................................................................................... 2-33
Figure 2-28: Updating /etc/ha.d/ha.cf file – Default Gateway ................................................... 2-33
Figure 2-29: Updating /etc/ha.d/ha.cf file – Enable SNMP Traps ............................................. 2-33
Figure 2-30: Updating crm-mon ................................................................................................. 2-34
Figure 2-31: Updating cib.xml ................................................................................................... 2-35
Figure 2-32: Specifying NX-HAP IP for Receipt of SNMP Traps ............................................ 2-38
Figure 3-1: NetEnforcer Properties – New Dialog ....................................................................... 3-2
Figure 3-2: NetEnforcer Properties – Import Dialog .................................................................... 3-2
Figure 3-3: Monitoring Collector Properties – New Dialog ......................................................... 3-3
Figure 3-4: Monitoring Collector Properties – New Dialog ......................................................... 3-4
Figure 3-5: Collector Group Properties – New Dialog ................................................................. 3-4
Figure 3-6: SMP Properties – New Dialog ................................................................................... 3-5
Figure 3-7: Device Properties Update dialog ............................................................................... 3-6
Figure 3-8: System Message ........................................................................................................ 3-6
Figure 3-9: NetEnforcer Configuration ........................................................................................ 3-7
Figure 3-10: Users Configuration Editor ...................................................................................... 3-9
Figure 3-11: User Editor ............................................................................................................... 3-9
Figure 4-1: Collector – Front View ............................................................................................. 4-1
Figure 4-2: Collector– Rear View ............................................................................................... 4-1
Figure 4-3 N+1 Collector Redundancy ....................................................................................... 4-3
Figure 4-4 1+1 Collector Redundancy ......................................................................................... 4-3
Figure 4-5: Connecting the Collector – Rear View ..................................................................... 4-5
Figure 4-6: Monitoring Collectors Properties dialog – General tab ............................................. 4-6
Figure 4-7: NetEnforcer Properties dialog ................................................................................... 4-7
Figure 4-8: Monitoring Collector Properties - Update ................................................................. 4-8
Figure 4-9: Collector Group Properties – New Dialog ................................................................. 4-8
Figure 4-10: Collector Configuration Window - General Tab ..................................................... 4-9
Figure 4-11: SNMP Tab ............................................................................................................... 4-9
Figure 4-12: Date/Time Tab ....................................................................................................... 4-10
NetXplorer Installation and Administration Guide ix
Figure 4-13: IP Properties Tab ................................................................................................... 4-10
Figure 4-14: Securities Tab ........................................................................................................ 4-11
Figure 4-15: Monitoring Collector Properties – Update Dialog ................................................. 4-11
Figure 6-1: Database Logs............................................................................................................ 7-2
Figure 6-2: Key Database Logs .................................................................................................... 7-3
Figure 6-3: Application Server Logs ............................................................................................ 7-3
Figure 6-4: NMS.log Example ..................................................................................................... 7-4
Figure 6-5: Install Log .................................................................................................................. 7-4
Figure 6-6: Snapshot File ............................................................................................................. 7-5
Figure 6-7: Restore Policy and Catalogs Dialog .......................................................................... 7-9
Figure 6-8: Events Log ............................................................................................................... 7-10
Figure 6-9: Bucket Manifest ....................................................................................................... 7-11
Figure 6-10: Data Logs ............................................................................................................... 7-12
NetXplorer Installation and Administration Guide 1-1
Chapter 1: Getting Started
Overview
NetXplorer is a highly scalable Network Business Intelligence system that enables
strategic decision-making based on comprehensive network application and subscriber
traffic analysis.
NetXplorer configures NetEnforcer or Service Gateway devices and a central catalog,
which enables global policy provisioning. Many network topologies can benefit from
more than one NetEnforcer or Service Gateway. In addition, NetXplorer provides a
centralized management system for all NetEnforcers or Service Gateways on the
network. It provides easy access to devices and configuration parameters via the device
tree.
By enabling real time monitoring of network troubleshooting and problem analysis,
NetXplorer provides long term reporting for capacity planning, tracking usage and trend
analysis; it allows for the proactive management of traffic and system-wide alarms; and
it allows for the collection and export of auditing data for billing and quota purposes.
Terms and Concepts This section introduces some of the basic terms and concepts used in NetXplorer.
NetXplorer
NetXplorer is a highly scalable Network Business Intelligence system that centrally
manages the NetEnforcer and Service Gateway product line. It enables strategic
decision-making based on comprehensive network application and subscriber traffic
analysis.
The NetXplorer server can be installed on any server running Windows Server 2003 or
Windows XP SP2.
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-2
NetEnforcer
NetEnforcers are the traffic management devices that inspect and monitor network
traffic.
Monitoring Collector
The Monitoring Collector is an Allot appliance that can be added between the
NetXplorer Servers and the NetEnforcers or Service Gateways in order to support large
numbers of NetEnforcers or Service Gateways or those installed in remote geographic
locations.
QoS
QoS (Quality of Service) is the ability to define a level of performance in a data
communications system. In NetXplorer, QoS is an action applied to a connection when
the conditions of a filter are satisfied.
The QoS specified can include the following:
Prioritized Bandwidth: Delivers levels of service based on class levels.
During peak traffic periods, the NetXplorer will slow down lower
priority applications, resulting in increased bandwidth delivery to higher
priority applications.
Guaranteed Bandwidth: Enables the assignment of fixed minimum
and maximum amounts of bandwidth to specific Pipes, Virtual Channels
and connections. By borrowing excess bandwidth when it is available,
connections are able to burst above guaranteed minimum limits, up to
the maximum guaranteed rate. Guaranteed rates also assure predictable
service quality by enabling time-critical applications to receive constant
levels of service during peak and non-peak traffic periods.
Reserved Bandwidth on Demand: Enables the reservation of the
minimum bandwidth from the first packet of a connection until the
connection ends. This is useful when the bottleneck is not at the link
governed by the NetEnforcer or Service Gateway. By limiting other
connections (non-guaranteed), the NetEnforcer or Service Gateway
reserves enough bandwidth for the required Pipe or Virtual Channel.
TOS Marking: Enables the user to set the ToS bytes in the transmitted
frame according to the DiffServ standard or free format.
Access Control: Determines whether a connection is accepted, dropped
or rejected. For example, you can specify the following policy: accept
1000 ICMP connections to Server1 and drop the rest. A NetEnforcer or
Service Gateway policy can also be to drop all P2P connections or
accept new connections with a lower priority
Admission Control: Determines the bandwidth granted to a flow based
on your demand (for example, allocated minimum of 10kbps) and the
available bandwidth on the line.
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-3
Catalog Editors
Catalog Editors enable you to define values to define your policy. The possible values
for each condition of a filter and for actions are defined in the Catalog entries in the
Catalog Editors. A Catalog Editor enables you to give a logical name to a
comprehensive set of parameters (a Catalog entry). This logical name then becomes a
possible value for a condition or action
Lines
A Line represents a physical or logical media in the system. A line provides a way of
classifying traffic that enables you to divide the total bandwidth and then manage every
Line as if it was an independent link. A Line consists of one or more sets of conditions
and a set of actions that apply when all of the conditions are met. A line is an address-
based or VLAN-based entity, and is not service-based.
A Line can aggregate several Pipes, acting like a container of Pipes from a QoS point of
view. The filter of the Fallback Line cannot be modified or deleted. A connection
coming into the NetEnforcer or Service Gateway is matched to a Line according to
whether the characteristics of the connection match all of the Conditions of the Line.
The connection is then further matched to the Conditions of a Pipe under the Line. The
actions defined for the Line influence all the Pipes under the Line. The actions defined
for a Pipe are enforced together with the actions of the Line.
Pipes
A Pipe provides a way of classifying traffic that enables you to divide the total
bandwidth and then manage every Pipe as if it was an independent link. Pipes cannot
stand alone and are always contained within a Line. A Pipe consists of one or more sets
of conditions and a set of actions that apply when all of the conditions are met. A Pipe
can aggregate several Virtual Channels, acting like a container of Virtual Channels from
a QoS point of view.
When you add a new Pipe, it always includes at least one Virtual Channel, the Fallback
Virtual Channel. The Fallback Virtual Channel filter cannot be modified or deleted. A
connection coming into a line is matched to a Pipe according to whether the
characteristics of the connection match all of the Conditions of the Pipe. The connection
is then further matched to the Conditions of a Virtual Channel under the Pipe. The
actions defined for the Pipe influence all the Virtual Channels under the Pipe. The
actions defined for a Virtual Channel are enforced together with the actions of the Pipe.
Virtual Channels
A Virtual Channel provides a way of classifying traffic and consists of one or more sets
of Conditions and a set of actions that apply when all of the Conditions are met. A
Virtual Channel is defined within a Pipe and cannot stand alone. A connection matched
to a Pipe is further matched to a Virtual Channel according to whether the
characteristics of the connection match all of the Conditions of the Virtual Channel.
Conditions
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-4
A Condition is defined at the Line level, Pipe level or Virtual Channel level. NetXplorer
matches connections to conditions, first at the Line level then at Pipe level and then
again at the Virtual Channel level within a Pipe.
Templates
Templates enable you to create a "master" Pipe or Virtual Channel that upon saving will
create multiple Pipes or Virtual Channels similar to one another. Templates work with
host group entries defined in the Host Catalog. For example, if a host group entry in the
Host Catalog called Gold Customers consists of Company X, Company Y and
Company Z, you could define a Pipe template to be expanded for Gold Customers. This
would result in Pipes being created for Company X, Company Y and Company Z when
the Policy Editor is saved.
A Pipe or Virtual Channel template enables the fast creation of Pipes and Virtual
Channels on source/destination differentiation. This means that you do not need to
define similar Pipes and Virtual Channels when the only difference between them is the
IP address in the source or destination.
NetXplorer Architecture
This section introduces the NetXplorer concept and explains its components and
architecture.
NetXplorer uses a highly scalable architecture that enables the monitoring of all
NetEnforcer or Service Gateway devices from a single user interface. In addition,
NetXplorer can utilize distributed monitoring collectors, which increase the scalability
of your deployment. The collectors gather short-term network usage statistics from the
NetEnforcers or Service Gateways.
NetXplorer's server-based, distributed architecture consists of four tiers: multiple
NetEnforcer or Service Gateways and associated distributed collectors, a NetXplorer
server and GUI clients.
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-5
Figure 1-1: System Architecture
NetXplorer architecture consists of four layers:
1. NetEnforcer layer: NetEnforcers or Service Gateways are the traffic
management devices that inspect and monitor network traffic. There can be one
or more NetEnforcers or Service Gateways on a network. They manage network
policies and collect network usage data.
2. Monitoring Collectors: Monitoring collectors increase scalability by supporting
large numbers of NetEnforcers or Service Gateways or those installed in remote
geographic locations. Monitoring collectors are fully managed via the NetXplorer
GUI.
3. Server Layer: The NetXplorer server is the actual application, which includes
the databases and an integrated data collector. The NetXplorer server manages
and communicates with the different clients that access the system, and facilitates
NetEnforcer or Service Gateway configuration, policy provisioning, alarms,
monitoring and reporting. The integrated data collector included in the
NetXplorer streamlines the required collection of data from the managed
NetEnforcer or Service Gateway devices. The Server layer includes additional
servers such as SMP Servers, NPP Servers and stand along Accounting Servers.
Chapter 1: Getting Started
NetXplorer Installation and Administration Guide 1-6
4. User Interface Layer: The different clients connected to the NetXplorer Server
are the NetXplorer GUI application users. Any network computer capable of
connecting to the NetXplorer server can support the GUI interface.
The system offers simple integration with external systems using a wide range of
interfaces, including SNMP, CSV Files (for report data export), XML and CLI.
Administration Role NetXplorer uses a role-based security model. The role defined for each authorized user
indicates the scope of operations that can be performed by that user. The Administrator
role gives Admin users complete read/write privileges in the NetXplorer application
including read/write configuration privileges.
The main functions of the Administrator role include:
1. User Registration
2. Device and Network Management
3. Monitoring Collectors Management
4. Database Maintenance
This document defines the main concepts and describes the various activities related to
the installation and configuration of NetEnforcer or Service Gateways and the
NetXplorer, Monitoring Collectors, as well as the main tasks associated with Database
Maintenance, such as backup and restore, changing location and installing the
NetXplorer on a remote data base.
NetXplorer Installation and Administration Guide 2-1
Chapter 2: Installation
NetXplorer Server Installation
Windows Installation
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Windows Server.
Server Hardware Requirements
Minimum Specifications for Managing 1-2 NetEnforcer AC-400/800/1000/2500
Devices
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
2 GB RAM DDR Dual channel
1 x 80 GB HDD, 8 MB Cache (SATA interface recommended)
Windows XP Professional Service Pack 2
Minimum Specifications for Managing an Allot Service gateway, AC-10000, AC-
5000 or more than 2 NetEnforcer AC-400/800/1000/2500 Devices
Dual Xeon 3.0 GHz and up
4 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache
(BBWC)
5x36 GB HDD SCSI U320 15k RPM or larger (capacity depends on
overall storage needs, allowing for 100 GB per Service Gateway or AC-
10000/AC-5000, 20 GB per AC-2500/AC-1000 and 10 GB per AC-
800/AC-400)
Windows Server 2003 Enterprise Edition Service Pack 1or Windows
Server 2003 Standard Edition Service Pack 1
Software Requirements
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the NetXplorer
server or the Allot folder needs to be excluded from
protection/defragmentation.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-2
Java SDK 1.6 should be installed on the Server machine. For details on
how to install the Java SDK see Installing Java 1.6 SDK on page 2-2
No other database applications (for example, SQL database) should be
installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the
installation.
Pre-Installation Checklist
Before you begin the installation process, it is important that you perform the following
steps.
1. Verify that the minimum required space is available on the hard
disk.
2. Verify that there is at least 4 GB of available Virtual Memory.
NOTE: Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.
3. Verify that the Java SDK 1.6 is installed, including runtime
environment. If it is not installed, install it now, as described in
Installing Java 1.6 SDK below.
Installing Java 1.6 SDK
The Java 1.6 SDK, including the run time environment, must be installed before you
can install NetXplorer.
To install the Java SDK:
1. Browse to <target folder> and run the jdk-1_6_0_10-windows-
i586-p.exe file on the installation CD. The Security Warning is
displayed.
2. Click Run. The License Agreement is displayed.
3. Read the license agreement and select I accept the terms … to
indicate your agreement, and then click Next. The Custom Setup
dialog is displayed.
4. Click Next to accept the default installation location,
OR
Click Change to browse and select an alternate installation location, and then
click Next.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-3
NOTE The necessary program features are selected by default. You do not need to change these default settings.
The Browser Registration dialog is displayed.
5. Verify that Microsoft Internet Explorer is selected and click
Install. The Installing Java SDK dialog is displayed. The progress
bar indicates the status of the installation process.
6. When the installation process is done, the Complete window is
displayed.
7. Click Finish.
Installation Instructions
After you have performed the pre-installation checks and have verified that the Java
SDK is installed, you are ready to install NetXplorer.
To install NetXplorer:
1. Run the setup.exe file on the installation CD or from a net-
mounted disk.
NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.
2. The following dialog is displayed.
Figure 2-1: Security Warning
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-4
3. Click Run. The following window is displayed.
Figure 2-2: NetXplorer InstallShield Wizard Welcome Window
Click Next to continue.
4. The NetXplorer License Agreement is displayed.
Click Next to continue
5. Read the license agreement and select I accept the term … to
indicate your agreement, and then click Next. The Choose Setup
Type dialog is displayed.
Figure 2-3: Choose Setup Type
6. To install all program components in a single location, select
Typical and click Next. Then skip ahead to step 10.
OR
To install each component in a different location, select Custom and click
Next.
NOTE Allot strongly recommends using the Custom installation option.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-5
7. If you selected Custom in step 5, the following dialogs are
displayed.
Figure 2-4: Choose Destination Location - Custom
8. Accept the default destination locations or browse and select an
alternate location for one or more of the components, and then
click Next. The Choose NTP configuration option dialog is
displayed.
NOTE If alternate locations are chosen for one or more components, they must be in a subdirectory on one of the root directories (like C:\Allot or D:\Allot) and not on the root directory itself (C:\ or D:\).
NOTE It is recommended that the system files and the different monitoring files be installed on different physical drives in order to improve overall performance.
Figure 2-5: Choose NTP configuration option - Custom
9. Select either the Use local clock or the Use External NTP server
radio button. If you select an external NTP server, enter the
server‟s IP address in the field provided. Click Next.
NOTE Allot strongly recommends using an external NTP server.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-6
10. If you selected Typical in step 5 the following dialog is displayed.
Figure 2-6: Choose Destination Location - Typical
11. Accept the default destination location or browse and select an
alternate location, and then click Next.
Figure 2-7: Ready to Install the Program
12. Click Install to begin the installation. The Setup Status dialog is
displayed.
After a few moments the following popup is displayed.
Figure 2-8: Setup Initializing
NOTE The installation may take up to 30 minutes to complete.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-7
13. When the installation is complete the following dialog is
displayed.
Figure 2-9: NetXplorer InstallShield Wizard Complete
14. Select Yes, I want to restart my computer now and click
Finish. The installation process is complete.
Linux Installation
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Linux Server.
Server Hardware Requirements
Minimum Specifications for Managing 1-2 NetEnforcer AC-400/800/1000/2500
Devices
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
1 GB RAM DDR Dual channel
1 x 100 GB HDD, 8 MB Cache (SATA interface recommended)
Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit installed
Minimum Specifications for Managing an Allot Service Gateway, AC-10000, AC-
5000 or more than 2 NetEnforcer AC-400/800/1000/2500 Devices
DUAL Xeon 2.8 GHz and up
4 GB RAM DDR Dual channel
RAID (0 or 10) Controller with 256MB Battery Backed Write Cache
(BBWC)
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-8
5x36 GB HDD SCSI U320 15k RPM or larger (capacity depends on
overall storage needs, allowing for 100 GB per Service Gateway or AC-
10000/AC-5000, 20 GB per AC-2500/AC-1000 and 10 GB per AC-
800/AC-400)
Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit installed
Software Requirements
NetXplorer Server should be installed on a machine running
Red Hat Enterprise Linux Server 5 32 or 64 bit.
NetXplorer Client software should be installed on a machine
running Windows XP Professional and Microsoft Internet
Explorer.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the
NetXplorer server or the Allot folder needs to be excluded
from protection/defragmentation.
No other database applications (for example, SQL database)
should be installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the
installation.
FQDN of the server should be defined (to check run
„hostname -f‟).
Check that NTP service is installed. The Config ntp service should be
configured to start when the unit is rebooted by entering the following
command:
chkconfig --levels 35 ntpd on
NTP service should be configured to update the time from an
external NTP server and deliver the time service to Allot
devices.
If the OS is not installed yet, configure the server so that the
CD is the first boot device, insert the RedHat5 Installation CD
#1 and reboot the host. Follow the on-screen instructions
using the default installation options on all steps except for the
steps listed below
Hostname: give fully qualified host name (e.g.,
NXlinx.allot.local)
Firewall: disabled (during configuration after reboot)
SELinux: disabled (during configuration after reboot)
Time: configure correct time according to time zone chosen
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-9
NTP server: may be configured during configuration after the
IP address is configured (select the checkbox about
synchronize before starting)
Installation Instructions
To install the software:
1. Confirm all the hardware and software requirements.
2. Confirm that there is at least 20GB of free space on the /opt
directory.
3. Run rpm -ivh <filename>.rpm
Example: rpm -ivh NetXplorer-8.1-1.i386.rpm
NOTE You may discover the filename by using the following command: cd / find|grep -i netxplorer-
Package dependencies are checked, and error message issued if
additional are packages needed. The JDK 6 (Java development
kit) package is included in the installation set.
4. To install the packages, run rpm –ivh <JDK filename>.rpm
(version numbers may differ).
5. Configure the NTP service to start on system start by entering the
following command: chkconfig --levels 35 ntpd on
6. Manually edit the /etc/host files as follows: 127.0.0.1 localhost.localdomain localhost
10.50.18.1 NX1-lin.allot.local NX1-lin
7. Reboot the machine. Confirm that NTP and NetXplorer services
are running.
8. To start/stop/check the status of the services use commands such
as:
service ntpd start
service netxplorer stop
service netxplorer status
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-10
Uninstallation Instructions
1. Check what version of software is installed on the server by
running the following command: rpm -qa |grep netxplorer
2. To uninstall NetXplorer run the following command rpm -e <netxplorer version>
Example: [root@REDHATNX NX811b10]# rpm -e netxplorer-8.1.1-10
NetXplorer Client Installation
Java, WebStart and the NetXplorer Client
NetXplorer works with a technology known as WebStart from Sun Microsystems.
WebStart enables you to run the NetXplorer Client software by simply double-clicking
an icon on your computer‟s desktop. This mode of operation is more convenient than
having to access the NetXplorer Client through an Internet browser.
Hardware Requirements
It is recommended that the NetXplorer Client be installed on a machine with the
following minimum specifications:
Pentium 4
512MB RAM
Windows XP/Microsoft Internet Explorer
Software Requirements
NetXplorer Client software should be installed on a machine running
Windows XP Professional and Microsoft Internet Explorer.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the NetXplorer
client or the Allot folder needs to be excluded from
protection/defragmentation.
Java JRE 1.6 should be installed on the client machine. For
details on how to install the Java JRE see Installing Java 1.6
JRE on page 2-17.
No application should be listening to port 80 at the time of the
installation.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-11
Firewall Settings
In some networks, workstations running the NetXplorer GUI and NetEnforcers or
Service Gateway can be separated from the NetXplorer server by a firewall for security
reasons. In order to allow the client to communicate with the NetXplorer server the
following ports should be opened in the Firewall:
TCP/80 HTTP
TCP/1098 The RMI service bind address
TCP/1099 JNP server bind address
TCP/4444 RMI Object ports
To enable the communication between the NetXplorer and the NetEnforcer or Service
Gateways the following ports in the Firewall should be opened:
TCP/80 HTTP
UDP/161 SNMP
UDP/162 SNMP Trap
UDP/123 NTP
TCP/123 NTP
Installing Java 1.6 JRE
The Java 1.6 JRE must be installed on your computer as a prerequisite to working with
the NetXplorer User Interface.
To install Java 1.6 JRE:
1. Open your Internet browser, and access http://<<NetX-addr>>
The following window is displayed.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-12
Figure 2-10: NetXplorer Java Installation Screen
2. Click the Install Java JRE First link if you do not have Java 1.6
JRE installed on your computer.
3. Click on the appropriate link and follow the on-screen instructions
to install the Java 1.6 JRE on your computer.
Initializing WebStart
1. With the Java 1.6 JRE installed, access http://<<NetXplorer-IP-
address> once again. The Application Starting window is
displayed.
When the loading process is complete for the first time, the Security Warning
is displayed, prompting you to confirm that you want to allow NetXplorer User
Interface software access to your computer.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-13
2. The NetXplorer Log On window is displayed.
Figure 2-11: NetXplorer Log On Window
A shortcut icon to the NetXplorer installation is placed on your desktop and in your
system‟s Start menu.
Accessing NetXplorer
Once you have completed the initial setup, as described in the previous chapter, you can
access to NetEnforcer or Service Gateway via your Web browser. The first time that
you connect to NetEnforcer or Service Gateway, you may be prompted to install Java
plug-in 1.6. Refer to Installing Java 1.6 JRE, page 2-16, for further information.
To connect to NetXplorer:
1. In Internet Explorer, browse to http:<<NetXplorer IP>> and
select Launch NetXplorer in the NetXplorer Control Panel.
OR
Double click the shortcut icon on the desktop or in the system‟s Start menu.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-14
2. The Java Application Starting window is displayed.
3. The NetXplorer Log On dialog is displayed.
Figure 2-12 – NetXplorer Log On Dialog Box
4. In the User Name field, enter admin and in the Password field,
enter allot or the password that was established at set up. This is
the default user name and password. They may be different if you
changed them during the initial configuration.
5. Click Log On. The NetXplorer GUI is displayed.
NOTE It may take a few moments for the NetXplorer GUI to load.
Enabling NetXplorer Servers
In order to manage more than one NetEnforcer or Service Gateway as well as certain
features using NetXplorer, NetXplorer Server must be enabled by entering the
appropriate key. This key may be entered at installation or at any time following. For
more information concerning the NetXplorer Server contact Allot Customer Support at
To enable NetXplorer Server:
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-15
1. Select Tools > NetXplorer Application Server Registration
from the NetXplorer Menu bar.
The NetXplorer Application Server Registration dialog box
appears.
Figure 2-13: NetXplorer Application Server Registration Dialog
2. Enter the Server Registration Key and Serial Number provided by
Allot to enable the NetXplorer Server functionality.
3. An Expiration Date will be generated automatically after clicking
Save.
4. If Subscriber Management is enabled by the key that has been
entered, it will be indicated (along with the type and the maximum
number of subscribers) after SMP Enabled. For more
information, see the SMP User Guide.
5. If Policy Provisioning is enabled by the key that has been entered,
it will be indicated (along with the maximum number of accounts)
after NPP Enabled. For more information, see the NPP User
Guide.
6. If Classification of Hosts by Country is enabled by the key that
has been entered, it will be indicated after Host Catalog Country
Classification Enabled.
7. If Accounting information is enabled by the key that has been
entered, it will be indicated after Accounting Enabled.
8. If Service Catalog updates via the web are enabled by the key that
has been entered, it will be indicated after Protocol Updates
Enabled.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-16
9. The Maximum number of devices covered by the entered key is
indicated.
10. Click Save to enter the key and close the dialog box.
NX Accounting Installation
Windows Server
Installation Prerequisites
Hardware Requirements
Minimum Specifications
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
2 GB RAM DDR Dual channel
1 x 80 GB HDD, 8 MB Cache (SATA interface
recommended)
Windows XP Professional Service Pack 2
Software Requirements NetXplorer Accounting software should be installed on a
machine running Windows 2003 Server or Windows XP
Professional.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the
NetXplorer server or the Allot folder needs to be excluded
from protection/defragmentation.
Java SDK 1.6 should be installed on the Accounting Server.
For details on how to install the Java SDK see Installing Java
1.6 SDK on page 2-2.
No other database applications (for example, SQL database)
should be installed on the NetXplorer Accounting machine.
No application should be listening to port 80 at the time of the
installation.
Pre-Installation Checklist
Before you begin the installation process, it is important that you perform the following steps.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-17
1. Verify that a minimum of 20 GB is available on the disk.
2. Verify that there is at least 4 GB of available Virtual Memory.
NOTE Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.
3. Verify that the Java SDK 1.6 is installed, including runtime
environment. If it is not installed, install it now, as described in
Installing Java 1.6 SDK on page 2-2.
Installation Instructions
NX Accounting may be installed on the same machine as NetXplorer Server, or on a
separate machine. In either case you need to identify the IP address of the NetXplorer
during the installation process.
NOTE Be sure that all the Ports are operable as detailed in the Firewall section in this Installation and User Guide, and that Java SDK is installed.
On the NetXplorer CD (or in a folder supplied to the End-User) the installation files are
in a directory called ACCT.
To install the accounting manager:
1. Browse to the ACCT directory and run the setup.exe file on the
installation CD or from a net-mounted disk.
NOTE Do not attempt to run the setup file from a long address
2. The following dialog is displayed.
Figure 2-14: Security Warning
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-18
3. Click Run. The following window is displayed.
Figure 2-15: Accounting Manager InstallShield Welcome Window
4. Click Next.
The NetXplorer License Agreement is displayed.
5. Read the license agreement and select I accept the term … to
indicate your agreement, and then click Next. The Choose
Destination Location window is displayed.
Figure 2-16: Choose Destination Location
6. Accept the default destination locations or browse and select an
alternate location, and then click Next.
The Enter NetXplorer Server IP Address window is displayed.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-19
7. Type in the IP address of the NetXplorer Server, and click Next.
Figure 2-17: Ready to Install Window
8. Click Install to begin the installation. The Setup Status window is
displayed.
When the installation is complete the following dialog is displayed.
Figure 2-18: NetXplorer InstallShield Wizard Complete
9. Select Yes, I want to restart my computer now and click Finish.
The installation process is complete.
10. The NX Accounting functionality must be enabled by entering the
appropriate key in the NetXplorer GUI. This key may be entered
at installation or at any time following. For information, see the
NetXplorer Operations Guide.
NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-20
Linux Server
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Linux Server.
Server Hardware Requirements
Minimum Specifications
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
1 GB RAM DDR Dual channel
1 x 100 GB HDD, 8 MB Cache (SATA interface
recommended)
Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit
installed
Software Requirements
NetXplorer Server should be installed on a machine running
Red Hat Enterprise Linux Server 5 32 or 64 bit.
NetXplorer Client software should be installed on a machine
running Windows XP Professional and Microsoft Internet
Explorer.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the
NetXplorer server or the Allot folder needs to be excluded
from protection/defragmentation.
No other database applications (for example, SQL database)
should be installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the
installation.
FQDN of the server should be defined (to check run
„hostname -f‟).
Check that NTP service is installed. The Config ntp service
should be configured to start when the unit is rebooted by
entering the following command:
chkconfig --levels 35 ntpd on
NTP service should be configured to update the time from an
external NTP server and deliver the time service to Allot
devices.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-21
If the OS is not installed yet, configure the server so that the
CD is the first boot device, insert the RedHat5 Installation CD
#1 and reboot the host. Follow the on-screen instructions
using the default installation options on all steps except for the
steps listed below
Hostname: give fully qualified host name (e.g.,
NXlinx.allot.local);
Firewall: disabled (during configuration after reboot),
SELinux: disabled (during configuration after reboot),
Time: configure correct time according to time zone chosen
NTP server: may be configured during configuration after the
IP address is configured (select the checkbox about
synchronize before starting)
Installation Instructions
To install the accounting manager server in Linux:
1. Confirm all the software and disc pre-installation requirements are
available.
2. Run the rpm -ivh <Accounting filename>.rpm Package.
Dependencies are checked and error message issued if additional
packages are needed. JDK 6 (Java development kit) is included in
the installation set.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-22
3. To install the packages, run rpm -ivh <JDK filename>.rpm
(version numbers may differ). After the installation is finished,
you see the following:
rpm -ivh Accounting-Manager-8.1.0-5.i386.rpm
Preparing...
########################################### [100%]
1: Accounting-Manager ########################################### [100%]
Installation finished.
Please set NetXplorer IP Address by running
accounting/bin/set_acct_nx_ip.sh.
Than, please reboot your device.
4. Manually edit the /etc/host files as follows:
127.0.0.1 localhost.localdomain localhost
10.50.18.1 NX1-lin.allot.local NX1-lin
5. To set the NetXplorer IP address, run the following:
/opt/allot/accounting/bin/set_acct_nx_ip.sh
6. Reboot the machine.
7. Check that NTP and NetXplorer services are running.
8. To start/stop/check the status of the services use commands such
as:
service ntpd start
service accounting_manager stop
service accounting_manager status
9. The NX Accounting functionality must be enabled by entering the
appropriate key in the NetXplorer GUI. This key may be entered
at installation or at any time following. For information, see the
NetXplorer Operations Guide.
NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-23
NPP Installation
Windows Server
By default, the NetPolicy Provisioner is installed on the same machine as NetXplorer
Server during the standard NetXplorer installation. NPP functionality is then enabled by
entering the appropriate License Key.
The following procedure is for installing NPP on another Windows Server, without
NetXplorer.
Installation Prerequisites
Hardware Requirements
Minimum Specifications
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
2 GB RAM DDR Dual channel
1 x 80 GB HDD, 8 MB Cache (SATA interface
recommended)
Windows XP Professional Service Pack 2
Software Requirements NetPolicy Provisioner software should be installed on a
machine running Windows 2003 Server or Windows XP
Professional.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the
NetXplorer server or the Allot folder needs to be excluded
from protection/defragmentation.
Java SDK 1.6 should be installed on the NPP Server. For
details on how to install the Java SDK see Installing Java 1.6
SDK on page 2-2.
No other database applications (for example, SQL database)
should be installed on the NPP machine.
No application should be listening to port 80 at the time of the
installation.
Pre-Installation Checklist
Before you begin the installation process, it is important that you perform the following steps.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-24
1. Verify that a minimum of 20 GB is available on the disk.
2. Verify that there is at least 4 GB of available Virtual Memory.
NOTE: Set the Virtual Memory on your computer by selecting Start/Settings/Control Panel/System. Open the Advanced tab and click the Performance Settings button. Open the Advanced tab and click the Change button under Virtual Memory to select a new value.
3. Verify that the Java SDK 1.6 is installed, including runtime
environment. If it is not installed, install it now, as described in
Installing Java 1.6 SDK on page 2-2.
Installation Instructions
NPP may be installed on the same machine as NetXplorer Server, or on a separate
machine. In either case you need to identify the IP address of the NetXplorer during the
installation process.
NOTE Be sure that all the Ports are operable as detailed in the Firewall section in this Installation and User Guide, and that Java SDK is installed.
On the NetXplorer CD (or in a folder supplied to the End-User) the installation files are
in a directory called NPP.
To install NPP:
1. Browse to the NPP directory and run the setup.exe file on the
installation CD or from a net-mounted disk.
NOTE Do not attempt to run the setup file from a long address
2. The following dialog is displayed.
Figure 2-19: Security Warning
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-25
3. Click Run. The following window is displayed.
Figure 2-20: NetPolicy Provisioner InstallShield Welcome Window
4. Click Next.
The NetXplorer License Agreement is displayed.
5. Read the license agreement and select I accept the term … to
indicate your agreement, and then click Next. The Choose
Destination Location window is displayed.
Figure 2-21: Choose Destination Location
6. Accept the default destination locations or browse and select an
alternate location for one or more of the components, and then
click Next. The Enter NetXplorer Server IP Address window is
displayed.
Figure 2-22: NetXplorer IP Address Window
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-26
7. Type in the IP address of the NetXplorer Server, and click Next.
Figure 2-23: Ready to Install Window
8. Click Install to begin the installation. The Setup Status window is
displayed.
When the installation is complete the following dialog is displayed.
Figure 2-24: NPP InstallShield Wizard Complete
9. Select Yes, I want to restart my computer now and click Finish.
The installation process is complete.
10. NPP functionality must be enabled by entering the appropriate key
in the NetXplorer GUI. This key may be entered at installation or
at any time following. For information, see the NetXplorer
Operations Guide.
Linux Server
By default, the NetPolicy Provisioner is installed on the same machine as NetXplorer
Server during the standard NetXplorer installation. NPP functionality is then enabled by
entering the appropriate License Key.
The following procedure is for installing NPP on another Linux Server, without
NetXplorer.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-27
Installation Prerequisites
This section describes the minimum hardware and software requirements for installing
NetXplorer on a Linux Server.
Server Hardware Requirements
Minimum Specifications
Intel Pentium 4 2.8 GHz and up
Intel Chipset based (925 or 955)
1 GB RAM DDR Dual channel
1 x 100 GB HDD, 8 MB Cache (SATA interface
recommended)
Red Hat Enterprise Linux Server 5.2 or 5.3, 32 or 64 bit
installed
Software Requirements
NetXplorer Server should be installed on a machine running
Red Hat Enterprise Linux Server 5 32 or 64 bit.
NetXplorer Client software should be installed on a machine
running Windows XP Professional and Microsoft Internet
Explorer.
Any Real-Time Virus Protection programs or automatic
Defragmentation/Backup software must be disabled on the
NetXplorer server or the Allot folder needs to be excluded
from protection/defragmentation.
No other database applications (for example, SQL database)
should be installed on the NetXplorer server machine.
No application should be listening to port 80 at the time of the
installation.
FQDN of the server should be defined (to check run
„hostname -f‟).
Check that NTP service is installed. The Config ntp service
should be configured to start when the unit is rebooted by
entering the following command:
chkconfig --levels 35 ntpd on
NTP service should be configured to update the time from an
external NTP server and deliver the time service to Allot
devices.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-28
If the OS is not installed yet, configure the server so that the
CD is the first boot device, insert the RedHat5 Installation CD
#1 and reboot the host. Follow the on-screen instructions
using the default installation options on all steps except for the
steps listed below
Hostname: give fully qualified host name (e.g.,
NXlinx.allot.local);
Firewall: disabled (during configuration after reboot),
SELinux: disabled (during configuration after reboot),
Time: configure correct time according to time zone chosen
NTP server: may be configured during configuration after the
IP address is configured (select the checkbox about
synchronize before starting)
Installation Instructions
To install the NPP on Linux:
1. Confirm all the software and disc pre-installation requirements are
available.
2. Run the rpm –ivh <NPP filename>.rpm Package. Dependencies
are checked, and error message issued if additional packages are
needed. JDK 6 (Java development kit) is included in the
installation set.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-29
3. To install the packages, run rpm -ivh >JDK filename>.rpm
(version numbers may differ). After the installation is finished,
you see the following:
rpm -ivh NetPolicy-Provisioner-8.1.0-5.i386.rpm
Preparing...
########################################### [100%]
1:NetPolicy-Provisioner
########################################### [100%]
Installation finished.
Please set NetXplorer IP Address by running
/opt/allot/npp/bin/set_npp_nx_ip.sh.
Then, please reboot your device.
4. Manually edit the /etc/host files as follows:
127.0.0.1 localhost.localdomain localhost
10.50.18.1 NX1-lin.allot.local NX1-lin
5. To set the NetXplorer IP address, run the following:
/opt/allot/accounting/bin/set_acct_nx_ip.sh
6. Reboot the machine.
7. Check that NTP and NetXplorer services are running.
8. To start/stop/check the status of the services use commands such
as:
service ntpd start
service npp stop
service npp status
9. NPP functionality must be enabled by entering the appropriate key
in the NetXplorer GUI. This key may be entered at installation or
at any time following. For information, see the NetXplorer
Operations Guide.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-30
NX High Availability Platform Installation
When a NetXplorer High Availability Platform is supplied, the customer will receive
the following hardware components with the necessary software pre-installed:
2 x NetXplorer Servers
1 x NetXplorer Shared Storage Device
The administrator responsible for installation needs to connect the devices and then
perform a basic network configuration as outlined below.
Connecting the HAP
In a High Availability Cluster configuration, the NX servers are connected by two
physical links. In addition, each NX server is connected to each of the controllers on the
RAID Storage device with dedicated SAS cables).
The diagram below shows the rear-views of the RAID storage server and the 2 x
NetXplorer servers that make up the NX-HAP solution. The physical connections are
shown below:
Figure 2-25: Cable Connections for NX High Availability Platform
The connections are as follows:
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-31
1. A straight copper cable is used to connect between eth2 on one
NX server and eth2 on the second NX server. (illustrated in green
above)
2. A null modem serial cable (RS 232) is used to connect between
the Serial COM port on one NX server and the Serial COM port
on the second NX server. (illustrated in red above)
3. Two Serial SCSI (SAS) cables connect between the first controller
on the RAID storage device and the SAS HBA connection in the
first PCIe low profile slot of each NX server (illustrated in orange
above)
4. Two further Serial SCSI (SAS) cables connect between the second
controller on the RAID storage device and the SAS HBA
connection in the second PCIe low profile slot of each NX server
(illustrated in orange above)
5. Each NX server is connected to the management network via eth0
(illustrated in blue above) with an additional link via eth1, as
required.
6. Each controller on the storage device is connected to the
management network by a copper Ethernet link (illustrated in blue
above)
Network Configuration
Follow the step-by-step instructions below to give an IP address to each NX in the
cluster and a virtual IP address to the High Availability Cluster itself.
NOTE Allot strongly recommends that this procedure be carried out by or under the supervision of an Allot engineer.
To update NX IPs in the Network Configuration Dialog:
1. On NX-1, from the RedHat OS Start menu, choose Administration
/ Network
2. Choose the Devices tab on the Network Configuration dialog
3. Double click on the bond0 interface. Unlike the screen capture
below, eth0 will be inactive and bond0 will be active.
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-32
Figure 2-26: RedHat Network Configuration Dialog
4. Enter the following details:
IP address
Subnet
Default Gateway
5. From the DNS tab, enter the Primary DNS address.
6. Save the configuration change by choosing SAVE from the file
menu.
7. Repeat steps 1-6 above for NX-2
To update NX IPs in the /etc/hosts file:
1. On NX-1 edit the /etc/hosts file by entering vi/etc/hosts
2. Change the IP address of each NetXplorer from the default
addresses:
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-33
Figure 2-27: Updating /etc/hosts file
3. Restart the “network” service on RedHat operating system
a) From the System menu choose Administrator/Server
Settings/Services
b) Ensure that the “network” service is checked, and choose
Restart
4. Repeat steps 1-3 above for NX-2
To update the Default Gateway IP in ha.cf file:
1. On NX-1 edit the /etc/ha.d/ha.cf file
2. Insert the default gateway address in the “ping 11.0.0.1” field,
instead of 11.0.0.1
Figure 2-28: Updating /etc/ha.d/ha.cf file – Default Gateway
3. Ensure that the unmarked lines (in bold below) are indeed
unmarked to enable SNMP traps to be sent from the NX Cluster:
Figure 2-29: Updating /etc/ha.d/ha.cf file – Enable SNMP Traps
4. Restart the heartbeat service by entering service heartbeat
restart
5. Repeat steps 1-4 on NX-2
#respawn hacluster /usr/lib/heartbeat/ipfail
respawn root /usr/lib64/heartbeat/pingd -m 100 -d 5s
respawn root /usr/lib64/heartbeat/hbagent
#
# Access control for client api
#
ping 11.0.0.1
#
# Do not remove the following line, or various programs
# that require network functionality will fail.
127.0.0.1 localhost.localdomain localhost
11.0.0.1 nx1.allot.com nx1
11.0.0.2 nx1.allot.com nx2
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-34
<nodes>
<node id="a4fb160c-30be-4744-8822-a9f1f790f675" uname="nx2.allot.com" type="normal"/>
<node id="37f206c8-a973-48db-bfbe-a7db915fefed" uname="nx1.allot.com" type="normal"/>
<expression attribute="#uname" id="a4fb160c-30be-4744-8822-a9f1f790f675"
operation="eq" value="nx2.allot.com"/>
<expression attribute="#uname" id="37f206c8-a973-48db-bfbe-a7db915fefed"
operation="eq" value="nx1.allot.com"/>
To update NX IPs in the cib.xml file:
1. On either NetXplorer, enter crm_mon
2. In the crm_mon output, note and record the HEX value listed for:
Node: NX-1
Node: NX-2
3. Stop the heartbeat service on NX-1 by entering service heartbeat
stop
4. Stop the heartbeat service on NX-2 by entering service heartbeat
stop
5. On NX-1 go to the directory called /home/install/new and edit the
cib.xml file
6. The HEX values for both NX-1 and NX-2 appear in two places in
the file – firstly under “node id” and secondly under “expression
attribute”. In both places, replace the HEX values with the new
values for NX-1 and NX-2 noted from the crm_mon output in step
2 above
Figure 2-30: Updating crm-mon
7. Repeat steps 5-6 above on NX-2
To update the Virtual IP in the cib.xml file:
1. On On NX-1 go to the directory called /home/install/new and edit
the cib.xml file
2. Look for the line beginning: nvpair ID. Edit the virtual IP value
here.
3. Repeat steps 1-2 on NX-2
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-35
Figure 2-31: Updating cib.xml
4. Delete all files from the directory /var/lib/heartbeat/crm
5. Copy the newly edited cib.xml file to /var/lib/heartbeat/crm
6. Change the owner of the file by entering:
chown hacluster:haclient /var/lib/heartbeat/crm/*
7. Change the rights to the cib.xml file by entering: chmod 600
cib.xml (in /var/lib/heartbeat/crm)
To verify a successful completion:
1. Start the heartbeat service on node NX-1 by entering service
heartbeat start
2. Now that just heartbeat is running on NX-1 alone, verify that the
GUI can be accessed from the virtual IP
3. Stop the service on node NX-1 by entering service heartbeat stop
4. Start the heartbeat service on node NX-2 by entering service
heartbeat start
5. Now that just heartbeat is running on NX-2 alone, verify that the
GUI can be accessed from the virtual IP
6. Restart the heartbeat service on node NX-1 by entering service
heartbeat start
NOTE The heartbeat process typically takes approx. 5 minutes to start
To verify that NX-HAP is prepared to perform backups:
1. Check that the directory /opt/Sybase/data has sybase.allot as its
owner. If sybase.allot is not the owner, change this by entering
the command: chown sybase.allot /opt/sybase/data
2. If the /opt/Sybase/data/backup directory exists, check that this
directory and its subdirectories all have sybase.allot as its owner.
If sybase.allot is not the owner, change this by entering the
command: chown –R sybase.allot /opt/sybase/data/backup
<nvpair id="39163b78-bf63-47dc-bb7a-7e1557d29a5b" name="ip" value="10.4.60.112"/>
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-36
Configuring Redundancy of the NX Management Interfaces
1. On NX-1, locate the following two files from
/etc/sysconfig/network-scripts/
ifcfg-eth0
ifcfg-eth1
2. Change ifcfg-eth0 as shown in BOLD and RED below. You will
need to remove the remark from several fields and add the
“master” and “slave” lines. (NOTE: The HWADDR MAC
address value in the output below is just an example – do not
change the value on your device)
3. Change ifcfg-eth1 as shown in BOLD below. You will need to
remove the remark from several fields and add the “master” and
“slave” lines. (The HWADDR MAC address value in the output
below is just an example – do not change the value on your
device)
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
#DEVICE=eth0
#BOOTPROTO=none
#BROADCAST=10.255.255.255
#HWADDR=00:1A:64:08:6D:86
#IPADDR=10.90.90.67
#IPV6INIT=yes
#IPV6_AUTOCONF=yes
#NETMASK=255.0.0.0
#NETWORK=10.0.0.0
#ONBOOT=yes
#GATEWAY=10.0.0.1
#TYPE=Ethernet
DEVICE=eth0
BOOTPROTO=none
HWADDR=00:1A:64:08:6D:86
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-37
4. Take the file ifcfg-bond0 from the Allot Knowledge Base and
copy it to /etc/sysconfig/network-scripts/
5. Unmark the lines shown in bold/red below and enter the IP
Address of the NX Server (IPADDR), the Default Gateway
(GATEWAY), Subnet (Network) of the NX server as shown
below:
6. Reboot the NX Server by entering Reboot.
7. Repeat steps 1-6 above for NX-2
DEVICE=bond0
USERCTL=no
ONBOOT=yes
BROADCAST=10.255.255.255
NETWORK=10.0.0.0
NETMASK=255.0.0.0
GATEWAY=10.0.0.1
IPADDR=10.90.90.67
TYPE=Ethernet
#MTU=1500
# Broadcom Corporation NetXtreme II BCM5708 Gigabit Ethernet
#DEVICE=eth1
#BOOTPROTO=dhcp
#HWADDR=00:1A:64:08:6D:88
#ONBOOT=no
#DHCP_HOSTNAME=nx-1.allot.com
#TYPE=Ethernet
DEVICE=eth1
BOOTPROTO=none
HWADDR=00:1A:64:08:6D:88
ONBOOT=yes
MASTER=bond0
SLAVE=yes
USERCTL=no
TYPE=Ethernet
Chapter 2: Installation
NetXplorer Installation and Administration Guide 2-38
To add Virtual IP Target for receipt of SNMP traps:
1. Open the NetXplorer GUI.
2. From Network in the Network Pane, right click and choose
Configuration
3. Select the SNMP Tab
4. In the “IP Target For Receipt Of SNMP Traps” section, choose
“Other IP target” and enter the Virtual IP address of the NX-HAP
cluster to ensure that traps are sent here.
Figure 2-32: Specifying NX-HAP IP for Receipt of SNMP Traps
NetXplorer Installation and Administration Guide 3-1
Chapter 3: Configuration
Overview
This chapter describes the processes used to configure, add and change NetEnforcers,
Service Gateways and other devices as well as how to register and maintain users.
The NetXplorer, once installed on the network, enables the central configuration of
managed NetEnforcers, Service Gateways and Monitoring Collectors. It has an easy
GUI interface that provides access to all the devices via a device tree. All available
configuration parameters can be accessed via the GUI.
Monitoring Collectors may be added between the NetXplorer Servers and the
NetEnforcers or Service Gateways, in order to support sparse and remote geographic
regions.
In order to manage more than one NetEnforcer or Service Gateway device using
NetXplorer, the NetXplorer Server must be enabled by entering the appropriate key.
This key may be entered at installation or at any time following.
Working with Devices
In order for NetXplorer to manage a Device (NetEnforcer or Service Gateway, SMP,
etc), it must be added to the NetXplorer's network and properly configured. The IP
address of the NetEnforcer or Service Gateway is required for this procedure.
NOTE Initial configuration of the NetEnforcer or Service Gateway should be performed on the NetEnforcer or Service Gateway (via the CLI interface) before it is added to the NetXplorer configuration. Refer to the hardware manual for the specific NetEnforcer or Service Gateway model for details.
To add a NetEnforcer or Service Gateway:
1. In the Navigation pane, right-click Network in the Network of the
Navigation tree and select New NetEnforcer from the popup
menu.
OR
Select Network in the Network pane of the Navigation tree and then select New
NetEnforcer from the Actions menu.
The NetEnforcer Properties - New dialog is displayed.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-2
Figure 3-1: NetEnforcer Properties – New Dialog
2. Enter the User Name and Password of the NetXplorer
administrator and the IP address of the NetEnforcer or Service
Gateway in the designated fields.
3. Assign a Monitoring Collector or Collector Group to the
NetEnforcer or Service Gateway from the drop down menus. This
means that the new NetEnforcer or Service Gateway will transmit
its monitoring data to that Collector or Group only. If it does not
matter which Collector is used, select <system defined>. If you
do not have any Monitoring Collectors on the Network, select No
Collector.
4. Click OK. The NetEnforcer or Service Gateway is added to the
Navigation tree. The Add NetEnforcer operation can take up to a
couple of minutes to complete.
To Import a NetEnforcer or Service Gateway:
1. A NetEnforcer or Service Gateway can be imported into
NetXplorer if it already exists on the network but has not
previously been part of this NetXplorer network or had
NetXplorer enabled. When a NetEnforcer or Service Gateway is
imported, its policy tables and catalogs remain intact and are
imported into the NetXplorer database.
2. Select Import NetEnforcer from the Tools menu.
The NetEnforcer Properties - Import dialog is displayed.
Figure 3-2: NetEnforcer Properties – Import Dialog
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-3
3. Enter the User Name and Password of the NetXplorer
administrator and the IP address of the NetEnforcer or Service
Gateway in the designated fields.
4. Assign a Monitoring Collector or Collector Group to the
NetEnforcer or Service Gateway from the drop down menus. This
means that the new NetEnforcer or Service Gateway will transmit
its monitoring data to that Collector or Group only. If it does not
matter which Collector is used, select <system defined>. If you
do not have any Monitoring Collectors on the Network, select No
Collector.
5. Click OK. The NetEnforcer or Service Gateway is added to the
Navigation tree. The Import NetEnforcer operation can take up to
a couple of minutes to complete.
To add a Monitoring Collector
1. In the Navigation pane, right-click Servers in the Network pane
of the Navigation tree and select New Collector from the popup
menu.
OR
Select Servers in the Network pane of the Navigation tree and
then select New Collector from the Actions menu.
The Monitoring Collector Properties - New dialog is displayed.
Figure 3-3: Monitoring Collector Properties – New Dialog
2. On the General tab, enter the Name and IP address of the
Monitoring Collector.
3. In the Backup if Monitoring Collector Fails area, select one of the
two radio buttons, No Backup or On Failure, Transfer To…. If
On Failure, Transfer To… is selected, select the backup
Monitoring Collector from the drop down menu.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-4
Figure 3-4: Monitoring Collector Properties – New Dialog
4. In the Associated NetEnforcers tab, a list of all NetEnforcer or
Service Gateways transmitting monitoring information to this
Collector appears. They are assigned by right clicking on a
NetEnforcer or Service Gateway in the Network pane and
selecting Properties.
5. Click Save. The Monitoring Collector is added to the Navigation
tree. The Add Monitoring Collector operation can take up to a
couple of minutes to complete.
NOTE For more information concerning Monitoring Collectors, see the NetXplorer Administration Guide.
To add a Collector Group
Collector Groups are made up of two Collectors, providing 1+1 redundancy.
1. In the Navigation pane, right-click Servers in the Network pane of
the Navigation tree and select New Collector Group from the
popup menu.
The Collector Group Properties - New dialog is displayed.
Figure 3-5: Collector Group Properties – New Dialog
2. In the Collector Group tab Select the two Collectors (already part
of the network) to be included in the group. Collector 2 will act as
the backup for Collector 1.
3. Those NetEnforcer or Service Gateways associated to the added
Collectors will be listed in the Associated NetEnforcers tab.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-5
4. Click Save. The Collector Group is added to the Navigation tree.
The Add Collector Group operation can take up to a couple of
minutes to complete.
To add an SMP
NOTE This feature is only available with the appropriate license key, enabling Subscriber Management. Contact Allot Customer Support at [email protected] for more information concerning your license.
1. In the Navigation pane, right-click Servers in the Network pane of
the Navigation tree and select New SMP from the popup menu.
OR
Select Servers in the Network pane of the Navigation tree and
then select New SMP from the Actions menu.
The SMP Properties - New dialog is displayed.
Figure 3-6: SMP Properties – New Dialog
2. Enter the Name and IP address of the SMP.
3. Select the SMP Type using the radio buttons. Select either
Subscriber Mapping, Subscriber Mapping Short Term Collector or
Subscriber Mapping Short Term Collector Quota Management.
4. Click Save. The SMP is added to the Navigation tree. The Add
SMP operation can take up to a couple of minutes to complete.
NOTE For more information concerning SMPs, see the Allot SMP User’s Manual.
To change the IP of a NetEnforcer or Service Gateway:
1. Select the NetEnforcer or Service Gateway device in the
Navigation tree and then select Properties from the Actions menu.
The Device Properties-Update dialog is displayed.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-6
Figure 3-7: Device Properties Update dialog
2. Enter the User name, Password of the NetXplorer administrator
3. Enter the new IP address of the NetEnforcer or Service Gateway
in the designated field
4. Click Save
NOTE If you change the IP of the NetEnforcer or Service Gateway, you must also change the IP in the device configuration of the NetXplorer.
To Remove a NetEnforcer or Service Gateway from the network:
1. Right-click Network and select a NetEnforcer or Service Gateway
and select Delete.
The following Delete message is displayed.
Figure 3-8: System Message
2. Click Yes to delete the NetEnforcer or Service Gateway.
To configure a NetEnforcer or Service Gateway via the NetXplorer:
1. In the Navigation pane, select and right-click the NetEnforcer or
Service Gateway in the Navigation tree and select Configuration
from the popup menu.
OR
Select the NetEnforcer or Service Gateway in the Navigation tree and then
select Configuration from the View menu.
OR
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-7
Select the NetEnforcer or Service Gateway in the Navigation tree and then
click the Configuration icon on the toolbar.
The Configuration window for the selected NetEnforcer or Service Gateway is
displayed.
Figure 3-9: NetEnforcer Configuration
2. Configure the NetEnforcer or Service Gateway parameters, as
required.
3. Click or select Save from the File menu to save the changes
to the NetEnforcer or Service Gateway configuration.
NOTE For detailed descriptions of the parameters in each of the NetEnforcer Configuration tabs, refer to NetEnforcer Configuration Parameters in the NetXplorer Operations Manual.
The NetEnforcer Configuration parameters available in the NetEnforcer Configuration
window are grouped on the following tabs:
General – indicates the NetEnforcer or Service Gateway‟s bypass status.
Identification and Keys – includes parameters that provide system information
and activation keys
SNMP – enter the contact person, location, system name and description for
SNMP purposes
Security – includes security and authorization parameters
NIC – includes parameters to configure the system interfaces to either
automatically sense the direction and speed of traffic or use default parameters
as well as parameters to define ports
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-8
Networking – includes parameters that enable you to configure network
topology
IP Properties – enables you to modify the IP and host name configuration of
your network interfaces as well as the DNS and connection control parameters
Date/Time – includes the date, time and NTP server settings for the
NetEnforcer or Service Gateway
Service Activation - includes IP and Port Redirection Parameters
Slots and Boards- includes device layout to provide schematic device
components layout (when applicable) and status information
After modifying configuration parameters you must select Save in order for the changes
to take effect. The save process prompts a rebooting of the NetEnforcer or Service
Gateway. Rebooting is required to ensure that some saved parameter values are
committed and activated on the NetEnforcer or Service Gateway.
Configuring NetXplorer Users
NetXplorer implements a role-based security model. The role defined for each
authorized user indicates the scope of operations that can be performed by the user.
There are three types of NetXplorer roles, as follows:
Regular: Read/write privileges in the NetXplorer application not
including User Configuration definitions.
Monitor: Read-only access.
Administrator: Read/write privileges in the NetXplorer application,
which includes read/write privileges to define User Configurations.
This section describes the processes used to register and maintain users. It includes how
to add a new user, change a user‟s information and how to delete a user.
To Add a New User:
1. Select the Users Configuration Editor from the Tools menu.
2. The Users Configuration Editor dialog is displayed, listing all
currently defined NetXplorer users.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-9
Figure 3-10: Users Configuration Editor
3. Click Add.
The User Editor dialog is displayed.
Figure 3-11: User Editor
4. Enter the name of the user in the User Name field.
5. Enter a password for the user in the Password field and then again
in the Confirm PW field.
NOTE The user password must be at least six characters in length and include at least one numerical digit.
6. Set the permissions level of the user by selecting the radio button
for the required role (Administrator, Regular or Monitor).
7. (Optional) Enter the user's contact information in the Email and
phone fields. You can also enter a brief description in the
designated field.
Chapter 3: Configuration
NetXplorer Installation and Administration Guide 3-10
8. Click OK.
9. The new user has been added to the list of users in the Users
Configuration Editor dialog.
To edit user information:
1. In the Users Configuration Editor dialog (Figure 3-18), select the
user whose information you want to edit
2. Click Edit.
The User Editor dialog is displayed.
3. Edit the user parameters, as required
4. Click OK.
To delete a user:
1. In the Users Configuration Editor dialog, select the user(s) to be
deleted
2. Click Delete.
3. A confirmation message is displayed.
4. Click Yes to confirm the deletion.
The user is no longer able to access the NetXplorer.
WARNING There must be at least one Administrator user in the system.
NetXplorer Installation and Administration Guide 4-1
Chapter 4: Monitoring Collectors
Overview
Figure 4-1: Collector – Front View
Figure 4-2: Collector– Rear View
Allot‟s NetXplorer utilizes Distributed Monitoring Collectors. The collectors gather
short-term network usage statistics from the NetEnforcer or Service Gateways.
Distributed monitoring collectors increase the scalability of your deployment. Each
collector can support several NetEnforcers or Service Gateways. By deploying
distributed collectors, you can increase the total number of NetEnforcers or Service
Gateways supported by a single NetXplorer server. This is possible because the
NetXplorer can split the storage of the real-time monitoring data between several short-
term databases.
A second reason for using distributed monitoring collectors is to overcome connectivity
issues in distributed networks. In order to support data collection, the line speed
between the NetEnforcer or Service Gateway and the collector must be at least 10Mbps
mainly for the high throughput devices such as AC-1000 and 2500. If you are working
with a low throughput device, for example an AC-400 with 2 or 10 Mbps, statistics can
be collected over slower connections without the need for distributed collectors.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-2
Up until now, the collectors have always been situated on the NetXplorer server.
However, some cases the networks have topology that does not allow for a 10Mbps line
between the NetEnforcer or Service Gateway and the server. This can happen for
example when the network is spread out over remote geographical locations. In such
cases, the use of collectors is necessary. The line between the NetEnforcers or Service
Gateways and their collectors will be at least 10Mbps. The line between the collectors
and the NetXplorer server can be of lower capacity however, a collector is needed for
each network zone that cannot guarantee a 10Mbps connection to the server.
A third reason for deploying distributed monitoring collectors is redundancy. If a
collector is unavailable, data from the NetEnforcer or Service Gateways, which this
collector supports, can automatically be collected by a defined backup collector.
Data Collection Process
In addition to any external collectors which may be deployed, the NetXplorer server has
its own internal short-term collector.
NOTE This short-term collector cannot be deleted even if there are external collectors.
Traffic statistics are collected in buckets. There are 30-second buckets and 5-minute
buckets. The buckets are imported into the database by the collector per sample period.
In a NetXplorer implementation, which does not include external collectors, the buckets
are loaded into the short-term database, located on the NetXplorer, every 30 seconds or
5 minutes. Long-term buckets are created every hour on the NetXplorer and are then
loaded into the long-term database on the same machine.
Implementations with external monitoring Collectors also collect samples in 30-second
buckets and 5-minute buckets. The buckets are imported to the collector at every sample
period. The data contained in the buckets is stored in the short-term database of the
collector. The samples in the Database are aggregated into one-hour buckets, which are
then loaded into the long-term database on the NetXplorer once an hour. Therefore, a
NetXplorer implementation that includes external collectors will have additional traffic
sent once an hour, namely, the long-term bucket. The short-term data, however, arriving
every 30 seconds, will have a shorter distance to travel. This could be of great
importance when NetEnforcers or Service Gateways do not have constant connectivity
to the server. External monitoring collectors can significantly lower the burden on the
NetXplorer server.
The monitoring data is saved on the NetXplorer server, and can be displayed in the GUI
Collector Redundancy
In case a collector is unavailable, data from the NetEnforcers or Service Gateways that
this collector supports can automatically be collected by a defined backup collector.
There are two types of redundancy models possible:
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-3
One type of redundancy model is the N+1 model. In this case, several collectors are all
backed up by a single collector dedicated to this purpose. This solution takes into
account that the probability of more than one collector failing is very low. However, it
may be difficult to locate the backup collector in close proximity to all of the configured
collectors.
Figure 4-3 N+1 Collector Redundancy
Where high performance redundancy is of particular importance, or where the network
topology does not allow for the use of a single collector for backup, you will need to use
the 1 to 1 redundancy model. In this situation, each collector has a dedicated backup
collector as part of a Collector Group.
Figure 4-4 1+1 Collector Redundancy
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-4
NetXplorer Support
Each NetXplorer server can support up to five external short-term collectors in addition
to its one built-in internal collector.
Each collector can support a single Service Gateway (SG-Omega or SG-Sigma) or
NetEnforcer AC-10000, up to two (2) NetEnforcers of the AC-5000 series, up to five
(5) NetEnforcers of the AC-2500 or AC-10000 series, up to ten (10) NetEnforcers of the
AC-800 or up to fifteen (15) NetEnforcers of the AC-400 series.
You can also combine NetEnforcers of different models according to this formula. For
example, one collector can support three AC-1000s and six more AC-400s.
The NetXplorer‟s built in short-term collector can support additional NetEnforcers
according to the same ratios.
NOTE This is a simple calculation based on a series of conservative assumptions. It is important to consult with Allot HQ to verify the exact number of collectors required.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-5
Installing Monitoring Collectors
Once the Collector has been physically installed, the following steps must be taken in
installing Monitoring Collectors:
Set the collector‟s initial parameters
Physically connect the Collector to the network
Add the Collector to the NetXplorer using the NetXplorer user interface
Associate NetEnforcers or Service Gateways to the Collector.
To set initial parameters of the Monitoring Collector:
1. Connect a monitor and keyboard to the appropriate connectors of
the Monitoring Collector.
Figure 4-5: Connecting the Collector – Rear View
2. When prompted, enter admin for the login and allot for the
password.
3. Enter the following command to set the IP address, network mask
and default gateway: go config ips –ip <IP ADDRESS>:<NETWORK MASK> -g <DEFAULT GATEWAY>
4. The Collector should be set to STC (short term collector) mode.
This can be checked by running the following command: dev_setup.sh –v command.
If the device mode is not set to STC use the following command
to set it as an STC appliance: dev_setup.sh –m stc
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-6
Change the password by entering the following command: passwd
5. When prompted, enter a new password, between 5 and 8
characters in length and press <enter>.
6. Enter the new password a second time when prompted to confirm
the change.
To add the new Monitoring Collector to the network:
1. Open NetXplorer.
2. In the Navigation pane, right-click Servers in the Network pane in
the Navigation tree and select New Collector from the popup
menu.
The Monitoring Collector Properties - New dialog is displayed.
Figure 4-6: Monitoring Collectors Properties dialog – General tab
3. On the General tab, enter the IP address of the Monitoring
Collector.
4. Enter a name for the Monitoring Collector.
5. In the Backup if Monitoring Collector Fails area, select one of the
two radio buttons, No Backup or On Failure, Transfer To
6. If you select On Failure, Transfer To, select the backup
Monitoring Collector from the drop down menu.
7. Click Save. The Monitoring Collector is added to the Navigation
tree. The New Collector operation can take up to a couple of
minutes to complete.
NOTE There are no NetEnforcers or Service Gateways associated with this collector yet, therefore the Associated NetEnforcers tab is disabled.
8. Repeat this process as often as required to add further Collectors
to the network.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-7
To assign NetEnforcers to the new Monitoring Collector:
1. In the Navigation pane, right-click a NetEnforcer or Service
Gateway in the Navigation tree and select Properties from the
popup menu.
The NetEnforcer Properties - Update dialog is displayed.
Figure 4-7: NetEnforcer Properties dialog
2. Assign a Monitoring Collector to the NetEnforcer or Service
Gateway from the drop down menu. This means that the
NetEnforcer or Service Gateway will transmit its monitoring data
to that Collector only. If it does not matter which Collector is
used, select <system defined>.
3. If there is currently a collector associated with this NetEnforcer or
Service Gateway, its unique name is displayed. Select a new
monitoring collector from the drop down menu.
4. Click Save.
To verify that the new collector has been associated with the NetEnforcer or Service
Gateway, select the collector in the Navigator pane and click Properties. You should see
the NetEnforcer or Service Gateway in the Associated NetEnforcer tab.
NOTE: You cannot change the association from this dialog, only from the NetEnforcer properties dialog.
To view the NetEnforcers or Service Gateways associated with a Monitoring Collector
1. Right-click the selected collector and choose properties. The
Associated NetEnforcers tab is not disabled and you can view a
list of all NetEnforcer or Service Gateways transmitting
monitoring information to this Collector.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-8
Figure 4-8: Monitoring Collector Properties - Update
Collector Groups
Collector Groups are made up of two Collectors, providing 1+1 redundancy for each
other.
To add a Collector Group
1. In the Navigation pane, right-click Servers in the Network pane of
the Navigation tree and select New Collector Group from the
popup menu.
The Collector Group Properties - New dialog is displayed.
Figure 4-9: Collector Group Properties – New Dialog
2. In the Collector Group tab Select the two Collectors (already part
of the network) to be included in the group. Collector 2 will act as
the backup for Collector 1.
3. Those NetEnforcers or Service Gateway‟s associated to the added
Collectors will be listed in the Associated NetEnforcers tab.
4. Click Save. The Collector Group is added to the Navigation tree.
The Add Collector Group operation can take up to a couple of
minutes to complete.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-9
Configuring Monitoring Collectors
To configure a Monitoring collector, you will use two dialogs. The first is the
Configuration dialog and the second is the Properties dialog.
To configure the Collector’s Settings - Configuration
1. In the Navigation pane, right-click the Collector and select
Configuration
The configuration window for that collector is displayed.
The dialog shows the following tabs:
General – View the collector‟s serial number, software version and model
Figure 4-10: Collector Configuration Window - General Tab
SNMP - Add a contact person, location and system name for SNMP purposes
NOTE The Collector, as well as the NetEnforcer or Service Gateway supports SNMP (Simple Network Management Protocol) that includes standard MIB II traps.
Figure 4-11: SNMP Tab
Date/Time – Configure the time zone according to the geographical location of the
collector
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-10
NOTE The NTP server cannot be changed
Figure 4-12: Date/Time Tab
IP Properties – Inset the IP Address, Network Mask, Default Gateway, Host Name,
Domain Name, Primary Server and the Secondary Server
NOTE If you change the Collector’s IP address, you must make the NetXplorer server aware of this change by changing the IP in the Collector’s Properties dialog.
Figure 4-13: IP Properties Tab
Security – Check the appropriate boxes to apply general security attributes. Select
the radio button to limit access to specific hosts
NOTE If you select Unrestricted Access Allowed, any host can access the system.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-11
Figure 4-14: Securities Tab
To configure the Collector’s Settings - Properties
1. In the Navigation pane, right-click the Collector and select
Properties
2. The Monitoring Collectors Properties dialog is displayed.
Figure 4-15: Monitoring Collector Properties – Update Dialog
The dialog shows two tabs:
General – Set the name, IP and backup setting of the Collector
Associated NetEnforcers - View the NetEnforcer or Service Gateways
currently associated with this collector.
NOTE Collector Role shows the collectors as configured. It will show a collector as backup only if the configured collector is unavailable and the backup collector is operating instead.
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-12
Troubleshooting the Collector
Command Line Interface
To connect to the collector using an SSH connection
1. Login as user admin with the password allot.
2. Enter go config, with no additional parameters, to view all the
available configuration commands
3. Enter go config plus parameter to view the available commands
for that parameter
For example, enter go config ips to view the available CLI options for ips
Processes
To check that all of the collector's processes are running, enter the command
keeperMgr –l
The processes that should be running include:
dbserv9
AllSnmpAgent
The following processes must be running to insure proper data collection
Converter.exe
Loader.exe
Poller.exe
Logs and Snapshots
Log files for the collector are located in the following directory: opt/allot/log.
To take a snapshot of a Collector, run the following script on the Collector: host:/opt/allot/bin$ create_snapshot_logs.sh
Snapshots can be found in the tmp folder located at: host:/opt/allot/tmp$
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-13
Recreating Databases
To recreate the default database of the collector, login to the collector as root user and
use the following command: ./recreate_db.sh stc
Output Example
NetXplorerCollector:/opt/allot/bin# ./recreate_db.sh stc
Create(initialization) database - allot_stc
Adaptive Server Anywhere Initialization Utility Version
9.0.2.3397
Creating system tables
Collation sequence: ISO1LATIN1
Creating system views
Setting permissions on system tables and views
Setting option values
Initializing UltraLite deployment option
Database "/opt/sybase/data/db/stc/allot_stc.db" created
successfully
Create user - nms
Create dbspaces
Create tables
Load default data into database
Get mediation device type for stc database
Mediation device type is 1
Configure parameters
Version name is 8.1.0b07
Create stored procedures and user defined functions
Add common STC/LTC stored procedures and user defined
functions
Create database events
Create database remote server/table
Configure database
Pre-allocate space for dbspaces
Fri Jan 23 18:44:13 GMT 2009
!!! This script will work up to 60-120 minutes !!!
Fri Jan 23 19:39:03 GMT 2009
NetXplorerCollector:/opt/allot/bin# reboot
Changing IP Addresses
To change the IP address of the NetEnforcer or Service Gateway and Collector:
1. Stop the NX Server process (in Windows Services).
Chapter 4: Monitoring Collectors
NetXplorer Installation and Administration Guide 4-14
2. Copy the original CFG folder on the server to another place for
backup. It is located in $Allot\data\db.
3. Start the NX Server process again.
4. Login and delete the NEs and Collector from the NX server (that
enables us not to affect the device policy on the NetEnforcer or
Service Gateways during the process). The NE's must be deleted
before the collector (right-click on each and choose delete).
5. Stop the NX Server process again.
6. Change the IP address and reboot the server.
7. Now logon to the collector as admin. Reboot it with the command
'reboot'.
8. Log back onto the Collector again and change the IP address and
gateway – to change the ip on the collector run the follow
command:
go config ips -ip oob:<CURRENT COLLECTOR
IP>:255.255.255.0 -g <NEW COLLECTOR IP>
9. Reboot the collector.
10. Log back onto the NX Server, stop the service, and copy the
backup CFG folder back to its original location.
11. Start the NX server process.
12. Right click on the configuration of the collector and change it to
the new IP address.
NetXplorer Installation and Administration Guide 5-1
Chapter 5: Database Management
The NetXplorer is a centralized management system, which enables the ongoing
collection and consolidation of data from multiple NetEnforcer or Service Gateway
devices that enable users to produce consolidated reports. The key to a centralized
system is the ability to consolidate information from all the managed groups that are
being monitored. Because NetXplorer allows for the ongoing collection and
consolidation of data from multiple NetEnforcer or Service Gateway devices, users are
able to produce consolidated reports based the information collected.
In order to manage the collected data, there are three databases:
CFG Tables - Configuration parameters
STC Database – Short term database
LTC Tables – Long term database
Backup Terms
Full Backup – A backup process that copies all of the data to a location from
which we can create an entire database.
Incremental Backup – A process that preserves only the changes made since
the latest backup, either full or incremental, the latest of them.
Database Restore – A process to create a database using the backup copy.
Typically, the restore process consists of copying the latest full backup to the
restore directory, and then “applying” the incremental backups that were
performed after that last full backup.
Backup generation –Backups are kept cyclically as generations. Each
generation is a full set of backup files capable of restoring the database to the
point in time in which its last iteration was created. Each generation typically
consists of one full backup and several incremental backups.
Incremental Backup serial number – Within a certain generation, incremental
backups are performed one after another, each one being part of a certain serial
number.
Using Backups to Achieve NX Redundancy
The following scenario is one suggestion for using backups to achieve NetXplorer
redundancy:
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-2
1. Install two NetXplorer servers, one used exclusively as backup.
2. Schedule regular backups for the CFG and STC databases.
3. Perform a manual backup of the LTC database once per
day/week/months (depending on the requirements)
4. In the event that the main NetXplorer server fails, assign the same
IP to the backup NetXplorer server.
5. Restore the CFG, STC, and LTC database backups to the new
NetXplorer.
Database Management on Windows
Backup Types
Cold backup – Performed with the NetXplorer server offline.
Hot backup – Performed without interrupting NetXplorer operation
Cold Backup
To perform a Cold backup:
1. Stop the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Stop
from the drop-down menu.
Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home
Directory\Logs in order to verify that NetXplorer services are not
running:
The following lines should appear in both allot_ltc.txt, allot_stc.txt log
files:
"Disable all events"
"End of current events"
2. Copy Allot Home Directory\data\db folder to a backup directory
3. Restart the NetXplorer Service.
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-3
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Start
from the drop-down menu.
NOTE If a customer is upgrading from a previous NetXplorer version the backup directory will be located at Allot Home Directory\data\db.
To restore the Cold backup:
1. Stop the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Stop
from the drop-down menu.
Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home
Directory\Logs in order to verify that NetXplorer services are not
running:
The following lines should appear in both allot_ltc.txt, allot_stc.txt log
files:
"Disable all events"
"End of current events"
2. Restore the database by copying the backup to the following
folder: /opt/sybase/data/backup/cfg OR d:\allot\data\backup.
If you get a "Confirm Folder Replace" pop-up window, then press
"Yes to All".
3. Restart the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Start
from the drop-down menu.
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-4
Hot Backup
Database Types
Configuration Tables (CFG) –Full backup and periodical
incremental backups, manually or scheduled. Full backup is
performed once a day while the incremental backup is performed
every hour. All values are configurable by the user and can be
changed according to requirements.
Short Term Collector Database (STC) –Full backups only,
manually or scheduled. STC full backup only backs up a set of
files that hold the values kept in key tables (such as param) but the
actual traffic data is NOT saved. The restore process, therefore,
recreates a new database from scratch, performs a delete and then
loads the key tables mentioned.
Long Term Collector table (LTC) – Full backups only. This is a
manual process only. This is due to the database‟s potential size.
Backing up CFG Tables
NOTE The following commands should not be cut and pasted into the DOS window, but typed in. They may not function properly unless entered manually.
To perform an incremental hot backup manually:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup –n cfg –t incremental
To perform a full hot backup manually:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup –n cfg –t full
To check the hot backup parameters:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-5
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –sa list
The backup parameters will indicate what scheduled backups are enabled, when they
are scheduled, and how many generations will be backed up.
To enable incremental scheduled hot backups:
NOTE Incremental scheduled hot backup is enabled by default.
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –t incremental –sa enable
To schedule an incremental hot backup for a specific time:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –t incremental –sa change_sched –ns <TIME>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-6
To set the amount of time between scheduled incremental hot backups:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. Enter the following command:
db_maint –a backup_status –n cfg –t incremental –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 2 hours between incremental backups, enter the
following command
db_maint –a backup_status –n cfg –t incremental –sa change_sched –ni 2 –nt hours
To schedule a full hot backup for a specific time:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –t full –sa change_sched –ns <TIME>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-7
To set the amount of time between scheduled full hot backups:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 20 hours between full backups, enter the following
command
db_maint –a backup_status –n cfg –t full –sa change_sched –ni 20 –nt hours
To change the backup directory:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –sa change_dir –nd <NEW LOCATION PATH>
For example, to change the database directory to cfg1, enter the following command
db_maint –a backup_status –n cfg –sa change_dir –nd D:\backup\cfg1
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-8
To change the number of generations:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –sa change_gen –ng <VALUE>
Restoring CFG Tables
To check the hot backup parameters:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n cfg –sa list
The backup parameters will indicate the generation numbers of the backups.
The increment number must be found in the correct folder under the backup folder (for
example: D:\Allot\backup\cfg\5\incremental).
To restore the database:
1. Stop the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Stop
from the drop-down menu.
Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home
Directory\Logs in order to verify that NetXplorer services are not
running:
The following lines should appear in both allot_ltc.txt, allot_stc.txt log
files:
"Disable all events"
"End of current events"
2. Open a Microsoft DOS window on the NetXplorer Server.
3. Open the Allot\Bin directory (by default D:\Allot\bin).
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-9
4. At the prompt enter the following command:
db_maint –a restore –n cfg –s <D:\Allot\backup\cfg or LOCATION PATH> –g <GENERATION NUMBER> –i <INCREMENT NUMBER> –d <D:\Allot\data\db\cfg or LOCATION PATH> -b <TEMP LOCATION TO KEEP CURRENT CONFIGURATION>
5. Restart the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Start
from the drop-down menu.
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-10
Backing up STC Databases
To perform a full hot backup manually:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup –n stc –t full
To check the hot backup parameters:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –sa list
The backup parameters will indicate what scheduled backups are enabled, when they
are scheduled, and how many generations will be backed up.
To schedule a full hot backup for a specific time:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –t full –sa change_sched –ns <TIME>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-11
To set the amount of time between scheduled full hot backups:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 20 hours between full backups, enter the following
command
db_maint –a backup_status –n stc –t full –sa change_sched –ni 20 –nt hours
To change the hot backup directory:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –sa change_dir –nd <NEW LOCATION PATH>
For example, to change the database directory to cfg1, enter the following command
db_maint –a backup_status –n cfg –sa change_dir –nd D:\backup\cfg1
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-12
To change the number of generations:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –sa change_gen –ng <VALUE>
Restoring STC Databases
To check the hot backup parameters:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n stc –sa list
The backup parameters will indicate the generation numbers of the backups
To restore the database:
1. Stop the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Stop
from the drop-down menu.
Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home
Directory\Logs in order to verify that NetXplorer services are not
running:
The following lines should appear in both allot_ltc.txt, allot_stc.txt log
files:
"Disable all events"
"End of current events"
2. Open a Microsoft DOS window on the NetXplorer Server.
3. Open the Allot\Bin directory (by default D:\Allot\bin).
4. At the prompt enter the following command:
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-13
db_maint –a restore –n stc –s <D:\Allot\backup\stc or LOCATION PATH> –g <GENERATION NUMBER> –i 0 –d <D:\Allot\data\db\stc or LOCATION PATH>
5. Restart the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Start
from the drop-down menu.
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-14
Backing up LTC Tables
To perform a full hot backup manually:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup –n ltc –t full
To check the hot backup parameters:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n ltc –sa list
To change the hot backup directory:
1. Open a Microsoft DOS window on the NetXplorer Server.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n ltc –sa change_dir –nd <NEW LOCATION PATH>
For example, to change the database directory to cfg1, enter the following command
db_maint –a backup_status –n ltc –sa change_dir –nd D:\backup\cfg1
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-15
To change the number of generations:
1. Access the NetXplorer via Telnet.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n ltc –sa change_gen –ng <VALUE>
Restoring LTC Tables
To check the hot backup parameters:
1. Access the NetXplorer via Telnet.
2. Open the Allot\Bin directory (by default D:\Allot\bin).
3. At the prompt enter the following command:
db_maint –a backup_status –n ltc –sa list
The backup parameters will indicate the generation numbers of the backups
To restore the database:
1. Stop the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Stop
from the drop-down menu.
Check the allot_ltc.txt, allot_stc.txt log files located under Allot Home
Directory\Logs in order to verify that NetXplorer services are not
running:
The following lines should appear in both allot_ltc.txt, allot_stc.txt log
files:
"Disable all events"
"End of current events"
2. Open a Microsoft DOS window on the NetXplorer Server.
3. Open the Allot\Bin directory (by default D:\Allot\bin).
4. At the prompt enter the following command:
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-16
db_maint –a restore –n ltc –s <D:\Allot\backup\ltc or LOCATION PATH> –g <GENERATION NUMBER> –d <D:\Allot\data\db\ltc or LOCATION PATH>
5. Restart the NetXplorer Service.
Click Start on the Windows Task Bar and select Settings > Control
Panel.
Double-click Administrative Tools and open Services.
Right-click NetXplorer Server in the list of Services and select Start
from the drop-down menu.
Database Management on Linux
Backup Types
Cold backup – Performed with the NetXplorer server offline.
Hot backup – Performed without interrupting NetXplorer operation
Cold Backup
To perform a Cold backup:
1. Telnet to the NetXplorer Server
2. Stop the NetXplorer Service.
As root user run the following command: service netxplorer stop
Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]
3. Copy the /opt/Sybase/data/db directory to a backup directory
4. Restart the NetXplorer Service
As root user run the following command: service netxplorer start
To restore the Cold backup:
1. Telnet to the NetXplorer Server
2. Stop the NetXplorer Service.
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-17
As root user run the following command: service netxplorer stop
Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]
3. Copy the backup directory to /opt/Sybase/data/db
4. Restart the NetXplorer Service
As root user run the following command: service netxplorer start
Hot Backup
Database Types
Configuration Tables (CFG) –Full backup and periodical
incremental backups, manually or scheduled. Full backup is
performed once a day while the incremental backup is performed
every hour. All values are configurable by the user and can be
changed according to requirements.
Short Term Collector Database (STC) –Full backups only,
manually or scheduled. STC full backup only backs up a set of
files that hold the values kept in key tables (such as param) but the
actual traffic data is NOT saved. The restore process, therefore,
recreates a new database from scratch, performs a delete and then
loads the key tables mentioned.
Long Term Collector table (LTC) – Full backups only. This is a
manual process only. This is due to the database‟s potential size.
Backing up CFG Tables
NOTE The following commands should not cut and pasted into the telnet session, but typed in. They may not function properly unless entered manually.
To perform an incremental hot backup manually:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup –n cfg –t incremental
To perform a full hot backup manually:
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-18
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup –n cfg –t full
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –sa list
The backup parameters will indicate what scheduled backups are enabled, when they
are scheduled, and how many generations will be backed up.
To enable incremental scheduled hot backups:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa enable
To schedule an incremental hot backup for a specific time:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ns <TIME>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-19
To set the amount of time between scheduled incremental hot backups:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 2 hours between incremental backups, enter the
following command
./db_maint_sudo.sh –a backup_status –n cfg –t incremental –sa change_sched –ni 2 –nt hours
To schedule a full hot backup for a specific time:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ns <TIME>
To set the amount of time between scheduled full hot backups:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 20 hours between full backups, enter the following
command
./db_maint_sudo.sh –a backup_status –n cfg –t full –sa change_sched –ni 20 –nt hours
To change the backup directory:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-20
./db_maint_sudo.sh –a backup_status –n cfg –sa change_dir –nd <NEW LOCATION PATH>
To change the number of generations:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –sa change_gen –ng <VALUE>
Restoring CFG Tables
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n cfg –sa list
The backup parameters will indicate the generation numbers of the backups.
The increment number must be found in the correct folder under the backup folder (for
example: /opt/Sybase/data/db/cfg/5/incremental).
To restore the database:
1. Telnet to the NetXplorer Server
2. Open the /opt/allot/bin/ directory.
3. Stop the NetXplorer Service.
As root user run the following command: service netxplorer stop
Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]
4. Enter the following command as the root user:
./db_maint_sudo.sh –a restore –n cfg –s <LOCATION PATH> –g <GENERATION NUMBER> –i <INCREMENT NUMBER> –d <LOCATION PATH> -b <TEMP LOCATION TO KEEP CURRENT CONFIGURATION>
5. Restart the NetXplorer Service
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-21
As root user run the following command: service netxplorer start
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-22
Backing up STC Databases
To perform a full hot backup manually:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup –n stc –t full
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –sa list
The backup parameters will indicate what scheduled backups are enabled, when they
are scheduled, and how many generations will be backed up.
To schedule a full hot backup for a specific time:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ns <TIME>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-23
To set the amount of time between scheduled full hot backups:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ni <VALUE> –nt <UNIT OF TIME>
For example, to set a period of 20 hours between full backups, enter the following
command
./db_maint_sudo.sh –a backup_status –n stc –t full –sa change_sched –ni 20 –nt hours
To change the hot backup directory:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –sa change_dir –nd <NEW LOCATION PATH>
To change the number of generations:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –sa change_gen –ng <VALUE>
Restoring STC Databases
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n stc –sa list
The backup parameters will indicate the generation numbers of the backups
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-24
To restore the database:
1. Telnet to the NetXplorer Server
2. Stop the NetXplorer Service.
As root user run the following command: service netxplorer stop
Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]
3. Enter the following command as the root user:
./db_maint_sudo.sh –a restore –n stc –s <LOCATION PATH> –g <GENERATION NUMBER> –i 0 –d <LOCATION PATH>
4. Restart the NetXplorer Service
As root user run the following command: service netxplorer start
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-25
Backing up LTC Tables
To perform a full hot backup manually:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup –n ltc –t full
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n ltc –sa list
To change the hot backup directory:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n ltc –sa change_dir –nd <NEW LOCATION PATH>
Chapter 5: Database Management
NetXplorer Installation and Administration Guide 5-26
To change the number of generations:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n ltc –sa change_gen –ng <VALUE>
Restoring LTC Tables
To check the hot backup parameters:
1. Telnet to the NetXplorer Server.
2. Open the /opt/allot/bin/ directory.
3. Enter the following command as the root user:
./db_maint_sudo.sh –a backup_status –n ltc –sa list
The backup parameters will indicate the generation numbers of the backups
To restore the database:
1. Telnet to the NetXplorer Server
2. Stop the NetXplorer Service.
As root user run the following command:
service netxplorer stop
Wait for the following message - Stopping NetXplorer Server (this may take a few minutes) [OK]
3. Enter the following command as the root user:
./db_maint_sudo.sh –a restore –n ltc –s <LOCATION PATH> –g <GENERATION NUMBER> –d <LOCATION PATH>
4. Restart the NetXplorer Service
As root user run the following command:
service netxplorer start
NetXplorer Installation and Administration Guide 6-1
Chapter 6: Command Line Interface (CLI)
The Server CLI described in this chapter enables you to modify the NetEnforcer,
Service Gateway or NetXplorer database from the command line rather than the GUI.
The CLI supplies a set of commands to add, change, rename and remove NetEnforcer or
Service Gateway entities, such as, Pipes, Virtual Channels or other Catalog entries and
change the configuration of the NetEnforcer or Service Gateway. You can also use the
CLI to set system parameters and device settings.
There are two types of NetXplorer Server CLI:
Provisioning CLI, which enables you to create traffic policies
via CLI without using the NX GUI
Monitoring CLI, which enables you to generate .csv based
traffic and subscriber network usage reports via CLI without
using the NX GUI
The Allot Command Line Interface is available in both Windows and Linux format.
When NetXplorer Server is installed on a Linux server, either format may be used.
However, if NetXplorer is installed on a server running Windows, only the Windows
CLI is available.
NOTE The computer used to send CLI commands to the NetXplorer or to NetEnforcer or Service Gateway devices must have Java installed and be included in the allowedHosts.properties.
Scripts
Scripts can contain CLI commands in order to automate the data entry process.
Provisioning CLI
To use the provisioning CLI in Windows:
1. Unzip the file \<VERSION NUMBER>\RnD\WSCli.zip on the
NetXplorer Software CD to a folder on the computer from which
you wish to access the statistics.
2. The newly created folder contains 4 batch files: topologyCLI.bat,
policyCLI.bat, catalogsCLI.bat and wuCLI.bat. Each of these
files needs to be edited. Open a .bat file using a text editor. Look
for the -Dserver parameter. It is set by default to the local host,
127.0.0.1. Change the value to the IP Address of the NetXplorer
Server you wish to work with.
3. The NetXplorer server must be configured to allow your computer
to use its web services. On the NetXplorer server machine go to:
<allot home>\netxplorer\jboss-4.0.2\server\allot\conf. Open the
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-2
file allowedHosts.properties with a text editor. Add the IP of the
machine the CLI is going to be run on in the following format:
<IP>=<IP>.
4. Open cmd and go to the folder to which you extracted the files,
run the batch files you require and enter CLI commands.
To use the provisioning CLI in Linux:
1. Go to the /opt/allot/netxplorer/jboss-4.0.5/server/allot/conf
directory.
2. Edit the allowedHosts.properties to show either
127.0.0.1=127.0.0.1 OR the IP of the server.
3. Unzip the file \<VERSION NUMBER>\RnD\WSCli.zip on the
NetXplorer Server.
4. The newly created folder contains four .sh files: topologyCLI.sh,
policyCLI.sh, catalogsCLI.sh and wuCLI.sh.
5. From the NetXplorer client machine, telnet to the folder on the
server to which you extracted the files and enter CLI commands.
There are 4 types of provisioning CLI:
Topology CLI is used to add, import or remove NetEnforcer or Service
Gateway devices from the managed network.
Catalog CLI is used to create, delete or modify the catalogs used to build
traffic policies
Policy CLI is used to create lines, pipes and VCs (collectively known as
“tubes”) and to add and remove catalogs from them.
WU CLI is used to update the service catalog to the latest protocol pack and
roll-back if necessary.
Topology CLI
Topology CLI commands are used to add, import of remove NetEnforcers and Service
Gateways to the Network
The Topology CLI syntax on Windows is:
topologyCLI <action> <option> <value> [<value>] [<option> <value> [<value>]] …
The Topology CLI syntax on Linux is:
./topologyCLI.sh -<action> <option> -<value> [<value>] [<option> <value> [<value>]] …
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-3
The following actions are possible:
1. addDevice
2. importDevice
3. deleteDevice
4. help
Add Device
topologyCLI –addDevice
options:
o -uiName <value: name>
o -netAddress <value: ip>
o -password <value: password>
Import Device
topologyCLI –importDevice
options:
o -uiName <value: name>
o -netAddress <value: ip>
o -password <value: password>
Delete Device
topologyCLI –deleteDevice
options:
o -uiName <value: device name>
Catalogs CLI
Catalogs CLI is used to add, modify and delete catalogs
The Catalogs CLI Syntax in Windows is:
catalogsCLI -<action> -<catalog> [<-option> <value>]
The Catalogs CLI Syntax in Linux is:
./catalogsCLI.sh -<action> -<catalog> [<-option> <value>]
Actions
List All
catalogsCLI –list_all
No required arguments
Get catalog
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-4
catalogsCLI –get – catalog name
Required arguments:
o -name –existing name of the required catalog
Delete catalog
catalogsCLI –delete –catalog name
Required arguments:
o -name – existing name of the required catalog
Add catalog
catalogsCLI –add –catalog name
Required arguments:
o –name - existing name of the required catalog
Arguments:
o See Options for the specific catalog and global options.
Update catalog
catalogsCLI – update –catalog name
Required arguments:
o -name – existing catalog name
Arguments:
o See Options for the specific catalog and global options.
Catalogs
o tos
o dos
o qos
o vlan
o alert
o action
o time
o host
o host group
o service
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-5
o service group
Options
Global
ARGUMENT NAME OPTION REMARKS
Name Catalog name
access_right Access right 0-read only
1-provisioned user
2-super user
3-super provisioned user
Admin Desirable source status 0-unknown
1-enabled
2-disabled
3–deleted
description Catalog description
DoS Catalog Arguments
ARGUMENT NAME OPTION REMARKS
max_connections Connections limitation
max_CER Connection establishment
rate limitation
violation_action Violation action 2 – drop
3 - reject
Vlan Catalog Arguments
ARGUMENT NAME OPTION REMARKS
vlan_type Vlan type 0-Do not ignore
1-Ignore Vlan id
2-Ignore priority bits
3–Ignore Vlan id and
priority bits
vlan_tag Vlan value
For example, to list all VLAN catalogs, use the following command:
catalogsCLI -list_all –vlan
For example, to change the value of an existing VLAN catalog, use the following:
catalogsCLI -update –vlan –name vlan_name –tag 256
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-6
For example, to add a VLAN catalog called “vlan_name” with a VLAN tag of 128 and
set to ignore VLAN ID and priority bits, use the following command
catalogsCLI -add -vlan –name vlan_name – description “vlan description” –vlan_type 3 -tag 128
For example, to delete a VLAN catalog called vlan_name, use the
following command:
catalogsCLI -delete –vlan –name vlan_name
ToS Catalog Arguments
ARGUMENT NAME OPTION REMARKS
tos_type 0-Ignore Tos bytes
1-Differentiated services
2-Free format
tos_byte Tos value
Alert Catalog Arguments
ARGUMENT NAME OPTION REMARKS
alert_type Event Name From
EVENT_DEF_CORE table
oid OID of the corresponding
MIB counter
From ALERT_COUNTER
table
is_alarm Alert is an alarm 0-not an alarm
1-is an alarm
mode Alert mode 0-regular
1-applies to every template
instance
severity 0-unknown
1-cleared
2-indeterminate
3-critical
4-major
5-minor
6-warning
relation 0-equal
1-greater
2-less
3-not equal
threshold Bad value
normal Normal value
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-7
ARGUMENT NAME OPTION REMARKS
register % time in the sample to
start the event (start barrier)
unregister % time in the sample to
stop the event(stop_barrier)
Qos Catalog Arguments
ARGUMENT NAME OPTION REMARKS
qos_type 1-ignore
2-each VC
3-both VC
4-each pipe
5-both pipe
6-half duplex pipe
7-each line
8-both line
9-half duplex line
10-PCMM
11-SDX
12 -ENH_EACH_VC
13 -ENH_BOTH_VC
14 -ENH_EACH_PIPE
15 - ENH_BOTH_PIPE
16 - ENH_EACH_LINE
17 - ENH_BOTH_LINE
18 - ENH_EACH_SLINE
19 - ENH_BOTH_SLINE
qos_action
direction 0-for both direction
1-for internal (outbound)
2-for external (inbound)
mode
is_reserved Minimum reserved
bandwidth on use
Only for pipe
min_bw
max_bw
min_bw_conn
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-8
ARGUMENT NAME OPTION REMARKS
max_bw_conn
mode 0-burst
1- CBR (constant bit rate)
delay if mode=CBR, then max
time in microsecond for
the package to be in the
system (box)
burst for all flows of this VC
bw_type bandwidth type measure 0-absolute value
1- percent from max
priority
Action Catalog Arguments
ARGUMENT NAME OPTION REMARKS
location Action source 0 –Application server
1-device
action_type action type 1-script
2-email
3-sms
4-stored procedure
actor Script, stored procedure
name ; e-mail address
Host Catalog Arguments
ARGUMENT NAME OPTION REMARKS
host_type Host type 0 - regular (entries)
1 - data source (queries)
2 - NE for the compression
(entries)
device_id host device For common host – device
ID is null
add_entry New host-entries Syntax: TYPE:value[,…]
TYPE values are:
Name / ip_address / subnet
/ range /
Mac_address / all_address
remove_entry Entries to remove
For example, to change the value of an existing host catalog called testA, use the
following:
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-9
catalogsCLI -update –host –name testA -add_entry ip_address:1.1.1.1
As a further example, to add a new host catalog called testB, use the following:
catalogsCLI -add –host –name testB -add_entry ip_address:2.2.2.2
Host – Group Catalog Arguments ARGUMENT NAME OPTION REMARKS
add_host Host list that will be added
to the host group
Syntax hostname[,…]
remove_host Host list that will be
removed from the host
group
For example, to remove existing hosts from a host group, use the
following:
catalogsCLI -update -host_group -name group1 -remove_host host1,host2 -add_host host3
Service Catalog Arguments
ARGUMENT NAME OPTION REMARKS
service_type Service type 0 - secondary service -
content definition
1-primary service - ports
characteristics
application An existing application
name
Null for all.
add_port Protocol:port_type:from-
port:[to-port] [,…]
Protocols
{TCP,UDP,IP,NON_IP}.
Port types:
{SIGNATURE,DEFAULT
,PORT_BASED}
remove_port
parent Parent service For service content only.
add_content_item For service content use.
Syntax:
content_key:content_value remove_content_item
For example, to add a port based citrix service, use the following
command:
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-10
catalogsCLI -add -service -service_type PRIMARY -name service1 -type 1 -application "Citrix ICA" -add_port TCP:PORT_BASED:1000:1000,UDP:DEFAULT:1100:1111
For example, to add a service content item for uploading 100BAO Peer to
peer traffic, use the following command:
catalogsCLI -add -service –service_type CONTENT -name "lilach by CLI" -description "added by CLI" -parent "100BAO" -add_item Direction:Upload
Service – Group Catalog Arguments
ARGUMENT NAME OPTION REMARKS
add_service service list that will be
added to the service group
Syntax service-name[,…]
Remove_service service list that will be
removed from the service
group
Time Catalog Arguments
ARGUMENT NAME OPTION REMARKS
add_item Time items that will be
added time catalog
Syntax service-
TYPE:DAY[:TIME] [,…]
while Type is
{DAILY,WEEKLY,MON
THLY,ANUALLY}, DAY
is the day number in
week/month/year, Time
format: hh:mm-hh:mm
Remove_item Time items that will be
removed from the time
catatlog
For example to add a time catalog (called time_name), daily at 10-100am,
use the following command
catalogsCLI -add -time -name time_name -add_item DAILY:10:00-11:00,WEEKLY:2:10:00-11:00
Policy CLI
Policy CLI commands are used to create or remove rules from the policy table. For the
purposes of Policy CLI, a line, pipe or VC rule is known as a “tube”. In addition, Policy
CLI is used to add pre-defined catalogs or alarms to these rules. For the purposes of
Policy CLI, a condition catalog is known as a “filter” and an action catalog is known as
an “action”
The Policy CLI Syntax on Windows is:
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-11
policyCLI <action> <option> <value> [<value>] [<option> <value> [<value>]] …
The Policy CLI Syntax on Linux is:
./policyCLI.sh -<action> <option> -<value> [<value>] [<option> <value> [<value>]] …
Actions
o help
o addTube
o addFilter
o addAlarm
o listTube
o listPolicy
o deleteTube
o deleteFilter
o deleteAlarm
o updateTube
Options
ARGUMENT NAME OPTION REMARKS
tubeDeviceName Device Name Only active devices
tubeType Tube Type line, pipe, VC
tubeName Tube Name
tubeOffset Tube Offset (location) First filter is offset 0
tubeLineName Tube Line Name
tubePipeName Tube Pipe Name
tubeId Tube ID
tubeVcName Tube VC Name
tubePolicyId Policy ID Currently all options work with
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-12
ARGUMENT NAME OPTION REMARKS
active
filterId Filter ID
filterDirection Direction 0-Bi, 1-Int. to Ext.,2- Ext to Int
filterService Service ID
filterServiceGroup Service Group ID
filterExternalHost External Host ID
filterExternalHostGroup External Host Group ID
filterInternalHost Internal Host ID
filterInternalHostGroup Internal Host Group ID
filterTime Time Catalog ID
filterTos Filter Tos ID
filterVlan Vlan ID
actionQos Qos ID
actionDos Dos ID
actionTos Action Tos ID
actionAccess Action Access
actionId Action ID
Alarmed alarm ID
alarmActionId alarms‟ action ID
alarmAlertId Alarms‟ Alert ID
alarmParams Alarm Params
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-13
Add Tube
policyCLI – addTube
For example: To add a line called “newline” (12th in the list) to NetEnforcer 73, you
would use the following command:
policyCLI -addTube -tubeDeviceName 73 -tubeType line -tubeOffset 11 -tubeName newLine
Required Arguments:
o -tubeDeviceName Device Name
o -tubeType Tube Type (line, pipe, VC)
o -tubeName Tube Name (unique in its level)
o -tubeOffset Tube Offset (starting at 0)
o -tubeLineName required for pipe and VC only
o -tubePipeName required for VC only
Optional Arguments (if not specified, defaults apply):
o All filter options except filterId
o All action options except actionId
o All alarm options except alarmed
Add Filter
policyCLI - addFilter
Required Arguments:
o -tubeDeviceName
o -tubeType
o - tubeLineName
o - tubePipeName - Required for pipe and VC
o - tubeVcName – Required for VC only
Optional Arguments:
o All filter options except filterId
Add Alarm
policyCLI -addAlarm
Required Arguments:
o -tubeDeviceName
o -tubeType
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-14
o - tubeLineName
o - tubePipeName - Required for pipe and VC
o - tubeVcName – Required for VC only
o - alarmActionId
o - alarmAlertId
Optional Arguments:
o alarmParams
List Tube
policyCLI -listTube
Required Arguments:
o -tubeDeviceName
o -tubeType
o - tubeLineName
o - tubePipeName - Required for pipe and VC
o - tubeVcName – Required for VC only
List Policy
policyCLI -listPolicy
Required Arguments:
o -deviceId
Delete Tube/Filter/Alarm
PolicyCLI -deleteTube/-deleteFilter/-deleteAlarm
For example, to delete a VC called VV1 from the fallback pipe in the
fallback line of NE 73, you would use the following command:
policyCLI -deleteTube -tubeType vc -tubeDeviceName 73 -tubeLineName Fallback -tubePipeName Fallback -tubeVcName vv1
Required Arguments:
o -tubeDeviceName
o -tubeType
o - tubeLineName
o - tubePipeName - Required for pipe and VC
o - tubeVcName – Required for VC only
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-15
o -filterId - For delete Filter only
o -alarmId - For delete Alarm only
Update Tube
policyCLI –updateTube
For example, to change the action catalog of the “newVc” VC on the
“newPipe” pipe on the “newline” line of NE 73 to a “Best Effort” ToS
catalog, enter the following
-updateTube -tubeDeviceName 73 -tubeType vc -tubeLineName newLine -tubePipeName newPipe -tubeVcName newVc -actionTos “Best Effort”
Required Arguments:
o -tubeDeviceName
o - tubeType
o - tubeLineName
o - tubePipeName - Required for pipe and VC
o - tubeVcName – Required for VC only
o -filterId – If filter fields were modified
o -alarmId – if alarm fields were modified
Optional Arguments:
o tubeName
o All filter options
o All alarm options
All action options
Web Updates CLI
The Web Updates CLI Syntax in Windows is:
wuCLI <option> [<value>] [<option> <value> [<value>]] …
The Web Updates CLI Syntax in Linux is:
./wuCLI.sh -<option> [<value>] [-<option> <value> [<value>]] …
Device ID
wuCLI -deviceId
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-16
ID number of the device to be updated/rolled back
Update Server
wuCLI -updateServer
Updates the Service catalog of the NetXplorer Server
Update Device
wuCLI -updateDevice
Updates the Service Catalog of the selected device
Update Number
wuCLI -updateNumber
Selects the Protocol Pack to be used in the update.
For example, to update NE2 to protocol pack 2, use the following
wuCLI -updateDevice -deviceId 2 -updateNumber 2
Help
wuCLI -help
Provides usage and help information.
Rollback Server
wuCLI -rollbackServer
Rolls back the last update to the Services Catalog of the NetXplorer Server
Rollback Device
wuCLI -rollbackDevice
Rolls back the last update to the Services Catalog of the selected device
For example to rollback NE2 to the last update, use the following command:
wuCLI -rollbackDevice -deviceId 2
Monitoring CLI
The NetXplorer GUI may only display up to 50 items in a monitoring graph. Using
monitoring CLI, reports may be generated as CSV files that include hundreds or
thousands of items.
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-17
By using the Export to CLI function in the NetXplorer GUI, you can create a template
for the monitoring CLI command and then simply change the parameters later.
NOTE The computer used to send CLI commands to the NetXplorer or to NetEnforcer or Service Gateway devices must have Java installed and be included in the allowedHosts.properties.
To enable the monitoring CLI in Windows:
1. Unzip the file \<VERSION NUMBER>\RnD\monitorCLI.zip
on the NetXplorer Software CD to a folder on the computer from
which you wish to access the statistics.
2. In the newly created folder, open monitorCLI.bat with a text
editor and change the value of the parameter SERVER_URL to
the IP address or domain name of the NetXplorer server.
3. Open a DOS window, run monitorCli.bat and enter a command
requesting monitoring CLI command. The command is sent to the
NetXplorer server. Any monitoring data returned by the
NetXplorer server is stored in a .csv file.
The Monitoring CLI Syntax in Windows is:
monitorCLI <option> [<value>] [<option> <value> [<value>]] …
To enable the monitoring CLI in Linux:
1. Unzip the file \<VERSION NUMBER>\RnD\monitorCLI.zip
on the NetXplorer Server.
2. The newly created folder contains monitorCLI.sh.
3. From the NetXplorer client machine, telnet to the folder on the
server to which you extracted the file and enter CLI commands.
The Monitoring CLI Syntax in Linux is:
./monitorCLI.sh -<option> [<value>] [-<option> <value> [<value>]] …
Export to CLI
It is possible to create a monitoring CLI command by first creating the report definition
in the NetXplorer GUI and then generated a code string which may be edited and
entered into the CLI.
To export a graph definition to CLI:
1. Create a graph definition using the NetXplorer user interface
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-18
2. Right click on the graph and select Export to CLI from the drop
down menu.
3. The report definition is saved as a .txt file in whatever directory
you choose.
4. You may edit the file to alter the report definition.
For example if the graph shows the 10 most active Pipes, you can
edit the .text file so that the CLI command will generate a graph
showing the 100 most active Pipes simply by changing the value.
5. The file may now be used as input for the monitoring CLI
To run the file, open a Command Prompt and run the
monitoringCLI.
6. Use the –inputFile parameter to specify the path to the .txt file and
use the –outputFile parameter to specify the location and name of
the output (.CSV) file (as shown below).
NOTE This method is supported on servers running NX8.1.1 and later.
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-19
Monitoring Arguments
ARGUMENT NAME OPTION REMARKS
-dayDefinitionArray DayDefinitionList Day Definition List in UTC
used by Typical (50):
[Day(1-sun,2-mon,7-sat,0-
all),startHour0,endHour0,start
Hour1,endHour1,
,startHourn,endHourn]
[Day,startHour0,endHour0,star
tHour1,endHour1,startHourn,e
ndHourn]
-allSubjectsInScope Regular req All Subjects in
scope.
-inputFile <file> Input request file
-help Provides usage and help
information.
-longTermRequest Long Term Reporting.
-mostActive Most Active Request.
-relativeTimeUnit <relativeTimeId> Relative Time (default 1) :
[RelativeTimeUnit[Seconds=7],
RelativeTimeUnit[Minutes=6],
RelativeTimeUnit[Hours=1],
RelativeTimeUnit[Days=2],
RelativeTimeUnit[Weeks=3],
RelativeTimeUnit[Months=4],
RelativeTimeUnit[Years=5]]
-typicalType <TypicalTypeId> Request Typical Type :
[TypicalType [Day=1],
TypicalType[Week=2]]
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-20
ARGUMENT NAME OPTION REMARKS
-subject <subjectId> Request Subject (default 0) :
[SubjectType[Enterprise=0],
SubjectType[NetEnforcer=1],
SubjectType[Line=2],
SubjectType[Pipe=3],
SubjectType[Virtual
Channel=4],
SubjectType[Host=5],
SubjectType[Internal Host=6],
SubjectType[External
Host=7],
SubjectType[Protocol=8],
SubjectType[Conversation=9],
SubjectType[Subscriber=10]]
-time fromDate/Time
toDate/Time
Request Date & Time
{dd/MM/yyyy,HH:mm:ss}.
-relativeTimeCount relativeTimeCount Relative Time count (default 0)
: 1..50.
-allAsOne Regular req All as one.
-sortingCriteria <statisticId> Most Active req Sort Based On (default 1) :
[StatisticType[TotalBandwidth=1], StatisticType[BandwidthIn=2],
StatisticType[BandwidthOut=3], StatisticType[LiveConnections=4],
StatisticType[DroppedConnections=6],
StatisticType[NewConnections=5],
StatisticType[PacketsIn=7],
StatisticType[PacketsOut=8],
StatisticType[HostCount=9], StatisticType[BurstIn1=20],
StatisticType[BurstIn2=21],
StatisticType[BurstIn3=22], StatisticType[BurstIn4=23],
StatisticType[BurstIn5=24], StatisticType[BurstOut1=25],
StatisticType[BurstOut2=26],
StatisticType[BurstOut3=27], StatisticType[BurstOut4=28],
StatisticType[BurstOut5=29]]
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-21
ARGUMENT NAME OPTION REMARKS
-subjectCapacity <capacity> Most Active req Subject
capacity (default 5) : 1..50.
-distributor <distributorId> Most Active req Stack result by
element:
[DistributorType[NetEnforcer=
1], DistributorType[Line=2],
DistributorType[Pipe=3],
DistributorType[Virtual
Channel=4],
DistributorType[Host=5],
DistributorType[Protocol=6],
DistributorType[Subscriber=7]]
-outputFile <file> Output file result
-hostFilerArray <hostFilterList> Host Filter List(50): [hostIp or
hostName] ... [hostIp
or hostName]
-subjectArray <subjectDefinerList> Regular req Subject Definer
List Inluded in Graph(50) :
[NE,Line,Pipe,Vc]
[NE,Line,Pipe,Vc] or [hostIp or
hostName]
[hostIp or hostName] or
[serviceId]
[serviceId] or
[hostIpIn,hostIpOut]
[hostIpIn,hostIpOut]
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-22
ARGUMENT NAME OPTION REMARKS
-scopeLimiterType <ScopeLimiterId> Request Scope Limiter (Most
active default 0) :
[ScopeLimiterType[Enterprise
=0],
ScopeLimiterType[NetEnforce
r=1],
ScopeLimiterType[Line=2],
ScopeLimiterType[Pipe=3],
ScopeLimiterType[Virtual
Channel=4]]
-scopeLimiterArray
<ScopeLimiterList>
Scope Limiter List(50):
[NE,Line,Pipe,Vc] ...
[NE,Line,Pipe,Vc]
-isAllOthers Most Active req All Others
-splitter <splitterId> Most Active req Display
Separately for each element:
[SplitterType[Host=1],
SplitterType[Protocol=2],
SplitterType[Subscriber=7],
SplitterType[NetEnforcer=3],
SplitterType[Line=4],
SplitterType[Pipe=5],
SplitterType[Virtual Channel=6
]]
-resolution <resolutionId> Request Resolution (default 1) :
[AggregationResType[Level
0=1],
AggregationResType[Level
1=2],
AggregationResType[Hour=3],
AggregationResType[Day=4],
AggregationResType[Month=5
]]
-serviceFilerArray <serviceFilterList> Service Filter List(50):
[serviceId] [serviceId]
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-23
ARGUMENT NAME OPTION REMARKS
-adjustTime Adjust Time
Links Format
[NE,Line,Pipe,Vc] / [NE,Line,Pipe,Vc,Template] /
[NE,Line,Pipe,Vc,InstanceType,instanceValue]:
1) [NE,Line,Pipe,Vc] simple VC = 1,2,3,4 ; simple Line = 1,2,0,0
2) [NE,Line,Pipe,Vc,Template] VC Template = 1,2,3,4,T ; Pipe Template = 1,2,3,0,T
3) [NE,Line,Pipe,Vc,InstanceType,instanceValue] VC Instance = 1,2,3,4,2,9999 ; Pipe
Instance = 1,2,3,0,1,9999 [InstanceType[Pipe=1], InstanceType[Virtual Channel=2]]
Examples
5 Most Active NEs on Level0 resolution :
monitorCLI -mostActive -subject 1 -resolution 1 -time 22/11/2005,11:20:00
5 Most Active Hosts on Days resolution scope limited to NE #32 & #37 :
monitorCLI -mostActive -subject 5 -longTermRequest -resolution 4 –time 20/11/2005,00:00:00 23/11/2005,23:59:59 -scopeLimiterType 1 -scopeLimiterArray 32,0,0,0 37,0,0,0
10 Most Active VCs on Level0 resolution scope limited to NE #32 stack result by
Protocol
monitorCLI -subjectCapacity 10 -mostActive -subject 4 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -scopeLimiterArray 32,0,0,0 -distributor 6
Statistics on NE #37, last 5Min on Level0 resolution :
monitorCLI -subject 1 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -subjectArray 37,0,0,0
Pipes Distribution on Network, last 5Min on Level0 resolution :
monitorCLI -subject 3 -resolution 1 -time 22/11/2005,11:20:00 22/11/2005,11:25:00 -scopeLimiterType 0 -scopeLimiterArray 0,0,0,0
Statistics on VC Instance #37,1,1,1,2,42 last 5Min on Level0 resolution :
monitorCLI -subject 4 -resolution 1 -time 22/11/2005,11:20:00 -relativeTimeUnit 2 -subjectArray 37,1,1,1,2,42
Chapter 6: Command Line Interface (CLI)
NetXplorer Installation and Administration Guide 6-24
Use regular monitor request file & create monitor result file (csv format) :
monitorCLI -inputFile c:\monitor_cli\monitor42060.req -outputFile c:\monitor_cli\monitor42060.csv
Use most active monitor request file & create monitor result file (csv format) :
monitorCLI -inputFile c:\monitor_cli\monitor42061.req -outputFile c:\monitor_cli\monitor42061.csv
NetXplorer Installation and Administration Guide 7-1
Chapter 7: Troubleshooting
Troubleshooting Basics
First Steps
There are some basic checks to begin with when troubleshooting almost any type of
problem:
1. Validate that the NetXplorer server and relevant NetEnforcers or
Service Gateways are actually up and running.
2. NetXplorer components (GUI, Server and NetEnforcers/Service
Gateways) communicate with each other using the protocols and
ports listed on p 2-17. Validate that the communication is not
blocked by using the following command (on either the
NetXplorer or NetEnforcer/Service Gateway): netstat –an
3. Each one of the NetXplorer components has configured time
settings. It is crucial that the component times are synchronized.
Processes
NetXplorer
There are certain processes that should be running on the NetXplorer Server. These
processes can be identified using several different tools when using Windows:
1. Use Windows Services (Start > Control Panel > Administrative Tools >
Services) to check that NetXplorer Server is running
2. Use Windows Task Manager (CTRL+ALT+DEL and click Task Manager) to
check that the following processes are running:
• poller.exe, converter.exe and loader.exe
• ltc_poller.exe and ltc_loader.exe
• ltreducer (only appears periodically)
• manifest_manager.exe (only appears periodically)
• KeeperService.exe
• Dbsrv9.exe (3 instances)
• ntpd.exe
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-2
When on a Linux based server, use the command ps –ef or ls to list running processes.
NetEnforcer or Service Gateway
There are several processes that should always be running on the NetEnforcer or
Service Gateway. These processes can be identified using the following command: swgadmin
Each time a process is restarted, its value increases. If one of the values is significantly
higher than the others, it indicates that a process has been restarted. Restart may have
been initiated automatically or manually.
Log Files
Several key log files are stored on the NetXplorer Server. For the sake of convenience
we can divide these into three main categories.
Database Logs
Database log files are stored in C:\Allot\log (or /opt/allot/log on a Linux server). These
files log the performance of the NetXplorer‟s three main databases – cfg, stc and ltc as
well as the data collection processes.
Figure 7-1: Database Logs
The allot_cfg log can be consulted for problems related to general configuration (e.g:
saving policy, password). The allot_ltc log can be consulted for problems with long-
term reporting, and the allot_stc log for problems with real-time monitoring.
In addition, the logs which record the data collection processes are also useful,
specifically the Poller, Convertor and Loader logs. The keeper.log records the status
of the keeper process which makes sure that all other processes are up.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-3
Figure 7-2: Key Database Logs
Application Server Logs
The application server log files are stored in C:\Allot\netxplorer\jboss-
4.0.5\server\allot\log (or /opt/allot/netxplorer/jboss-4.0.5/server/allot/log on a Linux
server). These files are responsible for logging all of the java-based activity which takes
place on the application server.
Figure 7-3: Application Server Logs
The events log records every event in the NetXplorer server. It can help you for
example to view alarms that have been cleared from the GUI.
The NMS.log records every activity carried out by the application server such as
records of alarms, GUI errors, web update checks, scheduled reports, and NetEnforcer
or Service Gateways which have been added or imported. As soon as this log reaches
5Mb, a new one is created, and a log history is maintained up to a total of 20 NMS logs.
The latest log is called simply NMS.log.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-4
Figure 7-4: NMS.log Example
The NMS-Monitor.log records everything related to graphs and reports and the
UserOperations.log records of what has been done in the GUI by each user. This log
can reach a total of 10Mb and the NetXplorer will store 20 such historic logs in the
folder before over-writing the oldest one.
Installation Log
The install_log can be found in C:\Allot\conf (or /opt/allot/conf if you are working on
a Linux server). This simple log details the history of NX installations on the server.
You can see here for example if the current installation was an upgrade from a previous
version or a clean installation. This may be useful for detecting specific problems that
are related to upgraded NetXplorers only.
Figure 7-5: Install Log
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-5
Snapshots
Windows
This will prepare a zip-file that contains log and configuration files from all NetXplorer
components (Application Server, Collector, Databases) and the last backup of the CFG
(configuration allot_cfg) database.
Figure 7-6: Snapshot File
To create a snapshot in Windows:
1. Open MSDOS command window (cmd.exe). Run from command-
line - %ALLOT_HOME%\bin\ create_snapshot_logs.bat.
2. A message will appear in the command window indicating that the
snapshot was taken successfully and its location.
Zip-file - snapshot_<yyyy_mm_dd_hh_mi>.tar.gz will be located in
%ALLOT_HOME%\tmp directory.
Message Example –
Snapshot zip-file - D:\Allot\tmp\snapshot_2005_10_26_19_09.tar.gz is ready
To create a snapshot in Linux:
1. Open directory /opt/allot/bin/
2. Run the following command:
./create_snapshot_logs.sh
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-6
3. A message will appear in the command window indicating that the
snapshot was taken successfully and its location.
Message example -
Snapshot zip-file - /opt/allot/tmp/snapshot_2008_05_28_14_15.tar.gz is ready
How to restore CFG (allot_cfg) database from the Snapshot-File
1. Install the appropriate NetXplorer version from
<snapshot>\conf\install_log.txt file.
2. From the <snapshot>\conf\dynamic.ini file discover the CFG path.
3. After installation, reboot the computer and stop the NetXplorer
service.
4. Restore allot_cfg database using db_maint.exe from
%ALLOT_HOME%\bin directory using the following command
line operation:
db_maint -a restore -n cfg -t incremental -s <snapshot>\backup_cfg -g 1 -i
<max incr number(1-22)> -d %ALLOT_HOME%\data\db\cfg
5. <max incr number> - max number(1-22) in directory name from
<snapshot>\backup_cfg\1\incremental (example: 10)
6. Start the NetXplorer service
The NetXplorer server is now ready to work with snapshot allot_cfg database
Login Errors
Login errors can occur for several reasons:
Incorrect Java Version
An error messages stating that netxplorer.jnlp is an unrecognized file extension
typically indicates that the correct version of JRE has not been installed. Where JRE
1.5.6 or higher has not been installed, the java “.jnlp” extension is not registered to any
application.
• If the root cause of the issue is with Java, you can often solve it by clearing the
Java Cache on the machine that cannot access the NetXplorer, and then
reinstalling JRE.
• Go to control panel and choose Java.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-7
• On the General tab, under Temporary Internet Files, click on delete and then
OK.
This action will clear the java cache files. It will also remove the NetXplorer
shortcut from the desktop.
• Open browser with NX server IP address (http://<NXServer-IP>) and choose the
first option “Install Java JRE First”. Now launch the application.
If the previous method does not solve the problem, run Java WebStart - javaws.exe from
the Java 1.5 environment.
This will typically be located at a location similar to: C:\Program
Files\Java\jre1.5.0_06\bin.
Delete anything shown on this screen (this will clear the cache).
Lack of Connectivity
A common cause of GUI initialization problems is a lack of communication between
the GUI and the NetXplorer, that is there is something on the network which may be
blocking the traffic (HTTP port 80).
• Below is a table of the TCP ports required for communication between the client
and server.
• Validate that there is nothing blocking communication on these ports and that all
the required NetXplorer services are running.
PORT # DESCRIPTION
TCP:80 HTTP
TCP:1098 RMI (Java J2EE protocol)
TCP:4444 RMI (Java J2EE protocol)
TCP:1099 JNP (Java J2EE protocol)
TCP:8093 Alarms
Antivirus Conflict
Antivirus or backup utilities could be interfering with the database, locking the file and
not permitting changes to it. Antivirus and backup utilities can also cause many other
types of problems for any operation involving a database modification.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-8
It is highly recommended NOT to run antivirus or backup programs on folders where
the databases reside. The database folder is usually located in:
C:\Allot\data\dc\<DatabaseName>
Policy Saving Errors
Typically, inability to save a policy can result from a communication problem between
the GUI and the server, a communication problem between the NetEnforcer or Service
Gateway and the server or a synchronization problem between the NetEnforcer or
Service Gateway and the NetXplorer server.
To troubleshoot this problem, you must first understand how the provisioning data is
updated in the system.
The process consists of 3 stages.
First of all, the NetXplorer server sends an XML command to the NetEnforcer
or Service Gateway
The NetEnforcer or Service Gateway then performs the required changes and
updates the counters.
Finally, the NetEnforcer or Service Gateway sends a trap back to the server.
If the server has successfully sent the XML, the request should be received by the
DataSrv on the NetEnforcer or Service Gateway. The DataSrv should acknowledge
receipt, apply the change and confirm.
We can therefore check if the second stage has been passed, by examining the DataSrv
log file to see if the request has been received by looking at the following log file:
$SWGL/nedbg.DataSrv.log
Having confirmed this, we should look at allotProvision.xml. This is the actual policy
configuration file on the NetEnforcer or Service Gateway. By analyzing this file, we can
verify that the changes have actually been written.
If there is a synchronization problem between the NetXplorer and the NetEnforcer or
Service Gateway, perhaps caused by a temporary loss of communication between the
two, a tool that can help solve the problem is to perform a full policy export.
Using the Restore Policy and Catalog feature it is possible to restore the saved image
of the Policy Table and catalogs which is stored for each NetEnforcer or Service
Gateway and updated periodically. This feature should be used if a NetEnforcer or
Service Gateway becomes corrupted or its policies and catalogs become damaged,
requiring a roll back to a previous, working configuration.
To restore policies and catalogs:
1. Select Restore Policy and Catalogs from the Tools menu.
The Restore Policy and Catalogs dialog is displayed.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-9
Figure 7-7: Restore Policy and Catalogs Dialog
2. The NetEnforcer Devices list will populate with all NetEnforcers
or Service Gateways on the network. Each relevant NetEnforcer
or Service Gateway is listed by name, with the time it received the
new policies and any system messages.
3. Click the Restore checkbox to include that NetEnforcer or
Service Gateway in the restoration or select a NetEnforcer or
Service Gateway and use the Check and Uncheck buttons.
4. Select a NetEnforcer or Service Gateway and click Up or Down
to change its location in the distribution order.
5. Select a NetEnforcer or Service Gateway and click Remove to
delete the NetEnforcer or Service Gateway from the list or Clear
Messages to delete any system messages.
6. Select the Abort on First Error checkbox to instruct NetXplorer
to cancel the entire Policy Distribution operation on the first error.
7. Click Restore to restore the saved Policy table and catalogs to
each device. The NetEnforcers or Service Gateways selected will
be restored in order, starting at the top of the list.
8. Click Abort at any time to stop the process or Print to print the
Results list.
NOTE Aborting the restoration will not roll back the Policy Tables or Catalogs of any NetEnforcers or Service Gateways already overwritten.
9. Click Close to close the Restore Policy and Catalogs dialog box.
Data Display Errors
When there is no data in a graph for a certain period of time, this typically indicates a
problem with data collection.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-10
Data Transmission Check whether the NetEnforcer or Service Gateway is sending statistics
buckets to the NetXplorer server.
Data Reception It could be that buckets are being sent, but because of communication
problems, they are not reaching their destination.
Data Loss It could be that buckets are sent to the server and received, but are subsequently
dropped.
A common reason for this is a lack of synchronization. If the time of the bucket
is dramatically different from that of the NetXplorer server time, then buckets
will be discarded.
Stress Alternatively, the problem could be one of “stress”. If there is more data than
the NetXplorer server can handle, the server will only handle buckets that have
already been received and will discard any new buckets.
Data Transmission
As the first step of our troubleshooting we do not need to leave the NX GUI. Using the
GUI, we examine the event and alarms logs.
In most cases there will be an alert that shows us where the problem lies.
Figure 7-8: Events Log
For example, if we see the event: “Collector Reported Device Unreachable”, this
indicates that the data collector cannot access the NetEnforcer or Service Gateway for
short term data collection. In this case, you should check network connectivity, possible
firewall and ACL (access control list) rules.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-11
If we see the event: “Invalid Bucket Time on Collector”, this indicates that the time on
the NetEnforcer or Service Gateway and on the NetXplorer Data Collector is not
synchronized. Make sure you synchronize the time for the NetEnforcer or Service
Gateway, Data Collector and NetXplorer. (See the “Time Synchronization Issues”
module for further information)
The event “Real Time Bucket Overload in Collector” indicates a problem of stress.
Data Reception
It could be that buckets are not being sent from the NetEnforcer or Service Gateway in
the first place.
This can be checked by consulting the manifest of a specific NetEnforcer or Service
Gateway.
The Manifest is the list of buckets that the NetEnforcer or Service Gateway has created
and that are waiting to be sent to the NetXplorer. This can be accessed using any web
browser.
Figure 7-9: Bucket Manifest
To see the 30 seconds buckets waiting to be sent, enter:
http://<NE_IP>/bucket/30/manifest
To see the 300 seconds buckets waiting to be sent, enter:
http://<NE_IP>/bucket/300/manifest
Refresh the browser window a few times to check that the NetEnforcer or Service
Gateway is continuously creating buckets.
Data Loss
To confirm that the data, once received, is not being dropped, check the log files that are
created by the data collection processes and are located on the NetXplorer server. Here
we can check if the NetXplorer and/or distributed collector has received the collected
data. The poller process is responsible for polling the buckets from the manifest file on
the NetEnforcer or Service Gateway. This process is logged in the poller log.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-12
Figure 7-10: Data Logs
The convertor process then converts the buckets from binary into ASCII form – this is
logged in the convertor log.
Finally, the loader process, logged in the loader log is responsible for loading the
converted buckets into the short term database.
The Ltc_poller polls the 1hour buckets from the short term collector and the Ltc_loader
loads them into the long term collector.
You can look in the log files and see if there are any error indications.
Stress
What should you do if the events suggest a situation where buckets are being dropped
due to excess stress? Firstly, check the Collection Configuration to validate that the
NetEnforcer or Service Gateway is actually configured to collect the data you expect to
see.
One thing you can do to reduce stress is to disable real-time data collection. This will
lower the number of buckets dramatically.
Disabling Real-Time Collection stops the import of 30 sec buckets from the
NetEnforcer or Service Gateway to the NetXplorer. Therefore you will not be
able to see real-time monitoring graphs at 30 sec resolution. You will still be
able to see real-time monitoring graphs at other resolutions though, and long
term reporting which relies on the 300 sec buckets is not affected at all.
Disabling Long-Term Collection stops the import of 1 hr buckets from the
short term database on the NX to its Long Term database. By disabling this
option, you will not be able to view long-term reports at all.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-13
Short Term Collection refers to the 300 seconds, or 5 minutes, buckets. What
happened when you disable Short Term collecting depends on whether Long
Term collecting is enabled or not. If Long Term Collection is also disabled, the
only graphs that you will be able to see are real-time graphs at 30 sec
resolution. If Long Term collection is enabled, short term data (300 sec
buckets) will be imported to the NX regardless of the state selected in the short
term collection dialog. This is because Long term data is aggregated from the
300 sec buckets.
Add Device Errors
In some situations, the attempt to add a device to the NetXplorer may fail. What might
be the reasons for this failure?
The more obvious reasons could be down to an incorrect IP address or an incompatible
software version.
There may be communication problems between NetXplorer and the NetEnforcer or
Service Gateway. These might arise due to problems with a firewall or with a router
access list for example. Alternatively, this problem can arise when management traffic
and user traffic are not fully separated.
By consulting with the NX server log (NMS.log), you can see at exactly which stage,
the “add device” process failed. There are eleven stages to adding a device.
You can see which stage has succeeded and which has failed by looking at the
NetXplorer‟s NMS.log.
There are eleven stages to adding a NetEnforcer or Service Protector. To start tracking
the add device messages in the log file, look for the string: “CREATE (1/11)” or for the
string “create device”
In stages one and two of the add device process, NetXplorer prepares its database
tables for update. Normally you should not encounter problems at these stages.
In stage three, the NetXplorer validates that the device has a software version that
matches that version on the NetXplorer Server. If there are error messages here
you might need to upgrade the device software version.
At stage four, the NetXplorer reads the NetEnforcer or Service Gateway‟s
configuration file: rc.conf. The file is sent via SNMP on port 161. Issues can
occur when there is a communication problem, or if the SNMP agent is not
running on the NetEnforcer or Service Gateway. If there is a problem at this
stage, check the following:
• Run netstat -an on the NetEnforcer or Service Gateway or Server and
check whether a connection on port 161 is established
• Run swgadmin and validate that allSNMPagent is running
• Check that nothing is blocking SNMP traffic along the way
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-14
• Check that the database is up and available
At stage five the catalogs are sent from the NetXplorer to the NetEnforcer or
Service Gateway. There are a few things that can go wrong at this stage:
• Communication issues – communication is carried out on HTTP port 80.
An error can occur if communication is blocked or if the NetEnforcer or
Service Gateway is not listening for requests on port 80. To validate that
NetEnforcer or Service Gateway is running the HTTP daemon, run ps –
awx and look for HTTPD
• Incorrect password – this happens when the password for the admin user
that was supplied in the “Add Device” dialog is not the right password. If
you have forgotten the password you can change the password by
logging into the NetEnforcer or Service Gateway as “root” and using the
menu>change password option.
During stage 6, the default policy is exported to the NetEnforcer or Service
Gateway by HTTP over port 80. The process could fail at this stage if there is a
timeout issue. This can be verified by looking at the nms.log. If this is the case,
you will need to contact Allot support for a fix.
At stage 7, the server performs several updates, one of which is updating NTP.
Issues can occur when the NetEnforcer or Service Gateway is set up in a way that
management traffic flows through the NetEnforcer or Service Gateway. This
happens when the management port is connected to the same part of the network
as the external connection is. In such cases, an NTP update can occur before the
NetEnforcer or Service Gateway update is complete. This interrupts the update
process.
A possible solution can be to switch the NetEnforcer into bypass mode until the
addition process is complete. In any case, it is recommended to connect the
management port to the internal section of the network.
During the final stages 8-11, the NetXplorer updates its databases. A problem at
this stage could result from the unavailability of one of the databases. In this
case, try to stop and restart the NetXplorer service. This may kick-start the
unavailable database. If this does not work, you may have to recreate the
database that is unavailable.
Adding a new collector has only 6 steps. These can be found in the server‟s NMS log by
looking for the string “CREATE (1/6)” or “create collector”.
The process of importing a device has 12 steps and the relevant messages can be found by
looking for “IMPORT (1/12)”
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-15
NX-HAP Troubleshooting
Monitoring the Cluster Status
cl_status is a linux command that retrieves information about the status of the
NetXplorer High Availability Cluster. For a full list of the cl_status commands, simply
enter cl_status.
We can check the node status by entering cl_status nodestatus <node name>.
NX-1.allot.com:~$ cl_status nodestatus NX-1.allot.com
cl_status: 2008/09/09_09:45:26 debug: optind: 1
argv[optindex+1]: NX-1.allot.com
active
NX-1.allot.com:~$ cl_status nodestatus NX-2.allot.com
cl_status: 2008/09/09_09:45:43 debug: optind: 1
argv[optindex+1]: NX-2.allot.com
active
In the example above, the nodes are named NX-1.allot.com and NX-2.allot.com. The
cl_status nodestatus command is run for each node in turn. An output of “active” (for
both nodes) indicates that the NX High Availability Cluster is alive.
The heartbeat program is at the core of the High Availability platform. It is responsible
for detecting the different nodes, communicating between them and managing the
cluster.
cl_status hbstatus tells us if heartbeat is running on the local system. The command
cl_status hblinkstatus <node name><link name> displays the status of a heartbeat
link. This indicates up if we are able to hear from that node across that link.
NX-1.allot.com:~$ cl_status hbstatus
Heartbeat is running on this machine.
NX-1.allot.com:~$ cl_status hblinkstatus NX-2.allot.com eth2
up
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-16
NOTE If the <node-name> is the current node, the status is not meaningful, since with few exceptions we don't receive messages from ourselves on any links. Make sure that you use this command to check the status of the peer node in the cluster.
NX-1.allot.com:~$ cl_status hblinkstatus NX-1.allot.com eth2
dead
Viewing Available Resources
The crm_mon command can be used to analyze which node in the cluster is using
system resources. This tells the system administrator which node is currently active.
==============
Last updated: Mon Jun 1 19:24:44 2009
Current DC: NX-1.allot.com (l3425fesfth)
2 Nodes configured.
1 Resources configured.
Node: NX-1.allot.com (l3425fesfth): online
Node: NX-2.allot.com (fewf834271h): online
Resource Group: nx_ha
vip (ocf::heartbeat:IPaddr2): started NX-1.allot.com
db (ocf::heartbeat:Filesystem): started NX-1.allot.com
nx (lsb:netxplorer): started NX-1.allot.com
The output of this command shows us that there are two nodes in the cluster and that
both are on-line. The Resource Group, nx-ha consists of 3 sub-resources:
VIP: which is the virtual IP address of the cluster
db: which is the database
nx: which is the NetXplorer service
Adjacent to each of these sub-resources you will see on which node it is running. In this
case, we see clearly that NX-1.allot.com is the active node in the cluster.
In case problems are detected, the administrator may run crm –rf. This gives an
extended view of the cluster resources and includes fail messages for each of the nodes.
Chapter 7: Troubleshooting
NetXplorer Installation and Administration Guide 7-17
Stopping Heartbeat Service
To stop the heartbeat service on the currently active node, opening an SSH session to
this node and enter the command: service heartbeat stop
This will stop the cluster suite running on the currently active node and the second node
will take control of the resources.
NetXplorer Installation and Administration Guide 8-1
Chapter 8: Appendices
Upgrading NetXplorer Server
NetXplorer Server and Mediation Device Version 9.2.0 build 03 and above use a newer
version (10 – SA10) of Sybase Anywhere database. The upgrade process from previous
NetXplorer and Mediation Device versions to 9.2.0 build 03 and above includes an
automatic conversion process of CFG, LTC and SMF databases from ASA version 9 to
SA version 10. The STC database will be recreated as a new database in SA version 10.
It is recommended that software versions previous to NX9.2.1 upgrade in two steps as
described below:
First upgrade to NX9.2.1
Then upgrade from NX9.2.1 to the most recent version.
For more information, contact Allot Technical Support at [email protected].
The database conversion process can be time consuming depending on the amount of
collected data. Due to the large size of the LTC database, this process can take up to 6
hours. To reduce the LTC database conversion time, the standard upgrade procedure
runs a process that reduces the resolution of collected data older than one month. Data
older than one month collected in resolution of hours and days will be reduced to a
resolution of months. For this reason, an additional manual conversion process also
exists, to avoid losing long term data. Both procedures are outlined below.
NOTE You should close all open GUI sessions before beginning any of the upgrade procedures
Standard Upgrade Procedure
NOTE The standard upgrade procedure outlined below, reduces the resolution of collected data older than one month. If you wish to maintain the resolution of this data, refer to the manual upgrade procedure.
On a Linux NetXplorer Server:
After completing the download of the Linux files verify the files are complete and intact
by checking the MD5 checksum.
To confirm the checksum:
1. Run the following command: md5sum <filename>.tgz
Example: [root@REDHATNX NX811b10]# md5sum nx8.1.1_b10.11.tgz
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-2
The output should appear as follows:
10b350dd88470ead4e4c12b6796aae68 nx8.1.1_b10.11.tgz
2. Confirm the correct checksum number in the md5 file by running
the command: cat <filename>.tgz.md5
Example: [root@REDHATNX NX811b10]# cat nx8.1.1_b10.11.tgz.md5
The output should appear as follows: 10b350dd88470ead4e4c12b6796aae68 nx8.1.1_b10.11.tgz
3. If the two numbers match then the file is intact and complete and
you may continue. If they do NOT match, download the software
again.
To unzip the file:
1. After downloading the file, extract the files by using the following
tar command: tar -xzvf <filename>.tgz
Example: [root@REDHATNX NX811b10]# tar -xzvf nx8.1.1_b10.11.tgz ./
./accounting-manager-8.1.1-10.i386.rpm
./netxplorer-8.1.1-10.i386.rpm
./WSCli.tgz
./monitorCLI.tgz
./jdk-6u2-linux-i586.rpm
./netpolicy-provisioner-8.1.1-10.i386.rpm
[root@REDHATNX NX811b10]#
To perform the upgrade:
1. Close any open NetXplorer GUI sessions
2. Stop the NetXplorer service by entering: service netxplorer stop
3. When upgrading the NetXplorer software you must use the U
option to upgrade the software. Therefore, the proper command to
use when upgrading is as follows: rpm -Uvh <filename>.rpm
Example:
rpm –U netxplorer-9.2.1-7.i386.rpm
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-3
NOTE You may discover the filename by using the following command: cd / find|grep -i netxplorer-
4. Upgrade the JDK to the most recent version (if required) with no
dependencies by entering the following command: rpm -U <JDK
filename> –nodeps
NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.
On a Windows NetXplorer Server
1. Close any open NetXplorer GUI sessions
2. Double click on the setup.exe file provided in the Allot
installation CD or downloaded from the Allot FTP site.
NOTE Do not attempt to run the setup file from a net long address, such as \\file_server\.
3. Follow the onscreen instructions in the Setup Wizard to upgrade
the NetXplorer Server.
NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.
Manual Upgrade Procedure
To avoid losing long term data, the following procedure should be performed prior to
upgrading NetXplorer:
1. Stop the NetXplorer service.
On Windows – Open the services console, and locate the
NetXplorer Server service. Right click it and select stop.
On Linux – Open CLI and type /opt/allot/bin/nx_stop.sh.
2. Copy the entire ltc folder located in <allot root>\data\db\
(Windows) or /opt/sybase/data/db/ (Linux) and paste it outside
the Allot folder.
NOTE: Make sure that enough free disk space is left on the same hard drive (approximately 90% of LTC database size) for the conversion process to take place.
3. Upgrade NetXplorer and/or Mediation Device version. Once the
installation completes you may be asked to restart your server.
4. Once the server boots up, stop the NetXplorer service.
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-4
5. Delete the contents of the <allot root>\data\db\ltc folder.
6. Copy the contents of the ltc folder previously backed up and paste
them back in <allot root>\data\db\ltc.
7. Launch the LTC database conversion process by executing the
following script:
On Windows - <allot root>\bin\db_upgrade_ltc_2sa10.bat
On Linux - /opt/allot/bin/db_upgrade_ltc_2sa.sh
8. The process is logged in two log files located in
On Windows - <allot root>\log\
On Linux - /opt/allot/log
1) dbunload_log_ltc.txt
2) dbunload_log_time_cfg.txt.
9. Start the NetXplorer Server service:
On Windows – Open the services console, and locate the NetXplorer
Server service. Right click it and select start.
On Linux – Open CLI and type /opt/allot/bin/nx_start.sh.
NOTE NetXplorer Accounting cannot be upgraded directly. The old version must be uninstalled and the new version of Accounting may then be installed.
Example of Log File Content
Below is a successful conversion process log for reference:
dbunload_log_time_cfg.txt
*************************************************************
Start Convert DB to version SA10 - 6/18/2009 2:11:14 PM
Unload LTC data to C:\Allot\tmp\ltc_datadirectory
Finish Unload LTC data - 6/18/2009 2:11:34 PM
Create new LTC database - 6/18/2009 2:15:49 PM
Default PARAM table truncated - 6/18/2009 2:15:58 PM
Load data into new LTC database - 6/18/2009 2:16:49 PM
*************************************************************
dbunload_log_ltc.txt
SQL Anywhere Unload Utility Version 10.0.1.3807
Connecting and initializing
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-5
Unloading "nms"."CONVER_STAT_" into C:\Allot\tmp\ltc_data/438.dat
(relative to server)
Unloading "nms"."DEVICE" into C:\Allot\tmp\ltc_data/439.dat (relative to
server)
Unloading "nms"."EVENT" into C:\Allot\tmp\ltc_data/440.dat (relative to
server)
Unloading "nms"."EVENT_VALUE" into C:\Allot\tmp\ltc_data/442.dat
(relative to server)
Unloading "nms"."LINE_BURST_" into C:\Allot\tmp\ltc_data/443.dat
(relative to server)
Unloading "nms"."PARAM" into C:\Allot\tmp\ltc_data/444.dat (relative to
server)
Unloading "nms"."VC_STAT_HRS_1_3" into C:\Allot\tmp\ltc_data/453.dat
(relative to server)
...
...
...
Unloading "nms"."SERVICE_STAT_DAY_3_11" into
C:\Allot\tmp\ltc_data/1664.dat (relative to server)
Unloading "nms"."SERVICE_STAT_DAY_3_12" into
C:\Allot\tmp\ltc_data/1665.dat (relative to server)
Unloading "nms"."SERVICE_STAT_MON_1" into C:\Allot\tmp\ltc_data/1666.dat
(relative to server)
Unloading "nms"."SERVICE_STAT_MON_2" into C:\Allot\tmp\ltc_data/1667.dat
(relative to server)
Unloading "nms"."SERVICE_STAT_MON_3" into C:\Allot\tmp\ltc_data/1668.dat
(relative to server)
Unloading "nms"."SMS_QUOTA_" into C:\Allot\tmp\ltc_data/1669.dat
(relative to server)
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-6
Upgrading NX-HAP
Follow the procedure below to upgrade the NX High Availability Platform.
NOTE NX-HAP includes 3 different databases: NX-HAP1 local database, NX-HAP2 local database and the external storage database. The upgrade procedure updates only the external storage database. The two local databases do not need to be updated.
NOTE All of the operations outlined below must be performed by a root user.
1. Check the NetXplorer version. This is done by using the
command: rpm –qa | grep netxplorer
2. Make sure that nx1 is the active node and nx2 is passive. This is
done by using the command crm_mon (see Viewing Available
Resources for more details). If needed, initiate a switchover to
ensure that nx1 is the active node. This is done by entering the
command service heartbeat stop on the currently active node.
3. Stop the HA monitoring on both NX nodes. This is done by using
command: service heartbeat stop
4. On nx1 node, mount the common disk storage. This is done by
using the command: mount /dev/dm-1 /opt/sybase/data
5. Upgrade the NX1 node as you would upgrade a regular
NetXplorer Server. The upgrade steps (for a Linux Server) are
outlined below:
a. Check that netxplorer server is stopped by entering: service netxplorer
status.
b. In case netxplorer service is running stop the service by entering: service
netxplorer stop
c. Download the software image file for the upgrade into a specific
directory (for example /root/NX_software/NX10.1.1b5-Linux.tar.gz)
d. Extract the NetXplorer new software image file with the command: tar -
7xvf NX<version>.tar.gz
e. Enter the following: rpm -U <JDK filename>.rpm --nodeps
f. Now enter the following: rpm -U <filename>.rpm
g. Under no circumstances should you stop the upgrade process!
Do NOT reboot the server once the upgrade is completed. Do not
reboot, even though you will receive the output message: [root@nx1 nx_soft]# rpm -U netxplorer-10.1.1-5.i386.rpm
Running upgrade process. This may take a few minutes...
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-7
Followed by: [root@nx1 nx_soft]# rpm -U netxplorer-10.1.1-5.i386.rpm
Running upgrade process. This may take a few minutes...
Installation finished.Please reboot your device.
6. Now upgrade the NX-1 node as in step 4 above. The local
databases will be updated here too, simply to ensure consistency
of the upgrade process.
7. Enter the following command: chown hacluster:haclient
/var/lib/heartbeat/crm/*
8. On both NX nodes edit the /etc/init.d/netxplorer file. Use vi
editor. This file should be changed in follow manner –
a. In function start() change command sleep 60 to sleep 40
b. In function restart()change command sleep 60 to sleep 40
9. Reboot both NX nodes.
10. After rebooting check the status of each NX node. Use command
– crm_mon. This will reveal which node is active and will detail
the status of the common storage status
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-8
Upgrading Distributed Monitoring Collector
Follow the procedure below to upgrade a distributed monitoring collector. Assuming for
example that the target software version is stored at: /root/MD1011:
1. Change directory to: /root/MD1011
2. Change md-inst to executable by entering: chmod +x md-inst.sh
3. Perform the upgrade by entering: ./md-inst.sh
4. The monitoring collector will reboot automatically after.
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-9
Events
NetXplorer includes a pre-defined list of events that are recorded in the Events Log and
can be used to monitor the occurrence of system events in the Network. You can view
the events for specific devices in the Events Log or you can configure specific events to
generate alarms that are displayed in the Alarms Log,
All event types available in the NetXplorer are listed in the EVENT_DEF_CORE table
in the CFG database. Each event is displayed in the table below with its Event ID. In the
“Traps/Alarms/Actions” column, “Configurable” is recorded if the user can configure
whether such an event triggers an alarm, an action (a pre-prepared script) or the sending
of a trap to a pre-defined trap receiver. This is done from the Event Types Configuration
dialog in the NetXplorer GUI. “Automatic Trap Sent” is recorded if a trap will
automatically be sent to a pre-defined trap server whenever this event occurs.
ID Event Traps/Alarms/Actions
1 Rising TCA ('Threshold Crossing Alarm') Automatic Trap Sent
2 Falling TCA ('Threshold Crossing Alarm') No
3 Device Configuration Configurable
4 Line Policy Change Configurable
5 Pipe Policy Change Configurable
6 Virtual Channel Policy Change Configurable
7 Catalog Entry Change Configurable
8 Suspected DoS Attack Started Automatic Trap Sent
9 Suspected DoS Attack Stopped No
10 External Data Source Down Automatic Trap Sent
11 External Data Source Up No
12 Software Problem No
13 NetEnforcer Access Violation No
14 Link Down Configurable
15 Link Up No
16 Cold Start Configurable
17 Warm Start No
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-10
18 Authentication Failure No
19 NetEnforcer IP Address Change Configurable
20 Connection Routing Configuration No
21 Device Status Down Configurable
22 Device Status Up No
23 Application info Automatic Trap Sent
24 Protocol update installation No
25 Board status changed No
100 Server Unreachable Configurable
101 Server Reachable No
102 Device Unreachable Configurable
103 Device Reachable No
104 User Forced Clear Alarm No
107 Device Hardware Change Configurable
108 User Force Cleared All Alarms No
109 User Logged In No
110 User Logged Out No
111 Catalogs Synchronization Problem No
112 Catalog Rejected by NetEnforcer No
113 Automatic Alarm Purge No
114 Policy and Catalogs Export No
115 NetEnforcer Configuration Import No
116 Server Management Ownership Taken from Device Automatic Trap Sent
117 Server Management Ownership of Device Taken Automatic Trap Sent
118
Missing Events Were not Found on Device Trap Table
During Synchronization No
119 Device Add No
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-11
120 License expiration warning Automatic Trap Sent
121 License is expired Automatic Trap Sent
122 Server license registered Automatic Trap Sent
123 Clear license expiration warning No
124 Device policy replaced with rescue policy Automatic Trap Sent
125 Policy data is not synchronized on device No
126 AS does not support device software version Automatic Trap Sent
127 Device was deleted from system No
128 Server was deleted from system No
129 Catalog action failed Automatic Trap Sent
130 Configuration Database Incremental Backup failed No
131 Configuration Database Full Backup failed No
132 Country classification file updated Automatic Trap Sent
133 New protocol updates are available Automatic Trap Sent
134 Install new protocol updates to AS Automatic Trap Sent
135 Install new protocol updates to device Automatic Trap Sent
136 Scheduler forced clear alarms No
137 Device license expiration warning Automatic Trap Sent
138 Device license is expired Automatic Trap Sent
139 Clear device license expiration warning No
140 Rollback AS protocol updates Automatic Trap Sent
141 Rollback device protocol updates Automatic Trap Sent
200 Collector Reported Device Unreachable Configurable
201 Collector Reported Device Reachable No
202 Invalid Bucket Time in Collector Automatic Trap Sent
203 Valid Bucket Time in Collector No
204 Invalid Bucket in Collector No
Chapter 8: Appendices
NetXplorer Installation and Administration Guide 8-12
205 Real Time Bucket Overload in Collector No
206 Short-term Bucket Overload in Collector No
207 Bucket Validated in Collector No
208 Invalid Bucket Time in Collector Automatic Trap Sent
209 Valid Bucket Time in Collector No
210 Real Time + Short-term Bucket Overload in Collector No
211 Bucket Overload in Collector Finished No
212 Collector Reported Disk Space Problem Automatic Trap Sent
213 Collector Reported Disk Space Problem Fixed No
214
Short Term Collector Reported Database Full Backup
failed No
300
Long Term Collector Reported Short Term Collector
Unreachable Configurable
301
Long Term Collector Reported Short Term Collector
Reachable No
302 Invalid Bucket Time in Collector Automatic Trap Sent
303 Valid Bucket Time in Collector No
304 Long Term Collector Reported Disk Space Problem Automatic Trap Sent
305
Long Term Collector Reported Disk Space Problem
Fixed No
306
Long Term Collector Reported Database Full Backup
failed No
401 Quota violation No
402 Quota recovery No
403 Domain not found No
404 SMP provision error trap Configurable
405 SMP multi fail trap Configurable
406 SMP High Availability Trap Configurable
407 SMP System Trap Configurable