As a general rule, there really aren't many good commands the admin can use to do much troubleshooting from the command line. Since most admins don't have root access, there are many commands which either simply cannot be run, or can be, but will have limited effectiveness. The GUI should be used for most troubleshooting. That said, standard linux troubleshooting tools can be used on the CLI, although keep in mind that the admin user doesn't have root access.
The GUI is designed to do it all, which drives command line preferrers like me nuts. As eplossl indicated, most customers dont' have root on the box and the admin shell is rather limited. For whatever reason the ethos of this product is that administrators can't be trusted with the box they're administering. Web Gateway in stark contrast is the usual "okay, you're an adult, have thee root access, but be advised... it's ROOT ACCESS, don't screw things up, okay?" MEG's ethos is "root access to be used only with adult supervision of McAfee Support." At least it's somewhat better than the IronMail days when you had to expose an ssh port to the internet to allow them to initiate the connection inbound to admin the box. I digress.
That said, in an admin shell
top is useful to keep an eye on swap use, memory and cpu when the goin gets rough. But that's about it. And even that can be found in teh GUI under troubleshooting> tools> system load.
The troubleshooting tab of the GUI especially the messages and mail log search (troubleshooting > reports> save log files> system log viewer) functionality is crucial.
Dear eplossl and Regis!!
Thanks for your valuable time. You bith are right, but if a person is working and having full access of the devices. and sometime the issue is not that much critical and you just want to check the logs of some emails and it cannot be shown in the GUI .. so you need to login through SSH and you need some basic commands. I think it should be good that admin have some knowledge of commands and will help him to grow his skills through command line also like GUI.
Jehanzeb, do you have access to the root ssh account on your device (e.g. su - after logging in as admin)? Or do you only have access to the admin account?
I agree access to all of those log files is what a conscientious administrator can benefit from quickly, however, if you don't have root access what we're saying is that you can't even see any of the useful log files as just the admin account.
Dear? Easy there, big fella--I'm taken!
Most customer's don't have root on their device. Now that you've finally clarified that, though and it also seems that the regular ole admin shell account can also see more of /var/log than I remember them being able to see when I started using meg ( *slow clap* ) ....
...and at the risk of taunting the MEG gods (as the past 2 weeks has been mercifully smooth),
I'll share some keys from past issues (for which you've hopefully deployed the latest patches to address).
unset TMOUT # logout timeouts are rather short
fgrep segv /var/log/messages # crashes make Regis sad
zfgrep segv /var/log/messages.*.gz # something crashed that shouldn't
fgrep IPMI /var/log/messages # There's a new BIOS out if you see errors involving these #THANKSINTEL
fgrep 'Out of memory' /var/log/messages # should something cause a run on memory
I never used 6.7.x but MEG 7.x is based on McAfee Linux. I'm not sure which distribution McAfee Linux most resembles, but knowing LInux will make you feel rather at home with MEG. If you could post some of the commands you're used to using and wondering what equivalent ones are, perhaps that could start yielding some answers to your questions.
Alright, I think maybe I can help here.
MEG 7.x is built on McAfee Linux OS. It is a custom variant of the Redhat family of OSes. I am not sure which Redhat variant it most closely resembles, but I know that it's in that family. MEG 6.7.2 and below were built on (as I recall) OpenBSD or FreeBSD. I know it was one of the variants of BSD. That said, admin access was very tightly controlled. The interface admins could access was a strictly controlled thing, and didn't allow access to, really, any of the filesystem. There was a specific set of commands which could be used to look at specific things, but there was no real filesystem access.
In MEG 7.0, the admin has access to the actual filesystem on the appliance. I know that there are a number of commands which cannot be run except as root (tccpdump, for instance), but most greps in the logs should be possible. Assuming that you do, in fact, have root access, it would even be possible to edit the configuration on the back end. That said, we strongly recommend that you not do that as editing the raw configuration files without knowing precisely what you are doing can result in system instability or unexpected operation.
The grep commands Regis gave would be useful. I have to admit I am not sure what zfgrep does that zgrep or simply grep do not, but that's ok. Some suggested commands I would use to look at things...
zgrep <search_string> /var/log/messages* # This command will search for the search string specified (note that it should not be enclosed in brackets) in the messages log
zgrep <search_string> /var/log/mail* # This command will search for the search string specified in the mail log.
The messages log contains system data relating to the processes running and the general operation of the appliance. The mail log contains (if syslog on the appliance is enabled and off-box syslog is not) information about message status. Depending on the appliance log level and what you have going to the syslog, this data may be very little or it may be a glut of data. Note, however that it is a bad idea to turn the log level up to the highest level for any extended period of time as that can cause issues due to filesystem usage.
top #This command will allow the admin to see the top processes running on the appliance. It also allows seeing the load on the box as well as memory status
df -h #This command will allow the admin to see the free disk space on the device, listed in a concise format
If there is a specific thing you would like to be able to do, please let us know and we will see if we can assist with finding a way you can look up that information. Otherwise, I again recommend that the best place to find most of the data you want is via the GUI, as we explicitly designed the appliance to be accessed via the GUI for all administration tasks.
Support Engineering Operations Engineer