Reporting
The CLI provides commands to support the reporting features. The commands are accessible from exec mode.
The reporting features include configuration, cache reporting for systems and devices, statistics for systems and devices, and Kerberos-related reporting.
•Displaying Sentry configuration
•Displaying information for entries in the device cache
•Displaying information about Kerberos modules
•Displaying information about servers
•Displaying Sentry system resources
•Displaying Sentry log configuration
•Displaying Sentry log filters
Displaying Sentry configuration
You can request a report of the entire configuration or filter by a string of text so that the output only displays rows matching the filter-string text.
To show the Sentry log configuration, enter the following command:
show sentry config-properties [filter-string]
•filter-string
Optional. Specify text to filter the output.
Example of a request for output of the Sentry log configuration for asproxy.client:
|
#show sentry config-properties asproxy.client asproxy.client.port = 80 asproxy.client.tls.port = 443 |
If you do not specify a filter, the output includes all configuration information.
Displaying information for entries in the device cache
You can display information for entries in the Sentry device cache. You can also display information about the in-memory device list, the persistent device list, and connectivity to UEM.
Caution: The purpose of these commands is to assist Technical Support with troubleshooting. Do not depend on the output’s format for use with any programs.
|
Feature |
Command |
|
Display a list of entries in the Sentry device cache. |
show sentry device-cache dump {all | active-sync | app-tunnel} |
|
Display detailed information for a specific entry. |
show sentry device-cache entry <tunnel-id> <user-id> |
|
Display the entries associated with a device id |
show sentry device-cache device <device-id> |
|
Display the entries associated with a user id |
show sentry device-cache user <user-id> |
|
Display the entries with the specified number of minimum connections |
show sentry device-cache min-connection |
|
Show the entries that need validation from UEM. |
show sentry device-cache validation-pending {yes | no} |
|
Show the status of the Sentry-device cache. |
show sentry device-cache status |
|
Show the connection status to UEM. |
show sentry status |
•To display the entries in the device cache, type the following command:
show sentry device-cache dump {all | active-sync | app-tunnel}
| - | all Displays all entries in the cache in table format. |
|
#show sentry device-cache dump all |
| - | active-sync Displays the ActiveSync entries in the cache in table format. |
|
#show sentry device-cache dump active-sync |
| - | app-tunnel Displays the app tunnel entries in the cache in table format. |
|
#show sentry device-cache dump app-tunnel |
•To display detailed information about a specific entry in the device cache, type the following command:
show sentry device-cache entry <tunnel-id> <user-id>
| - | tunnel-id |
The Tunnel ID of the entry in the device cache for which you want information. You can view the Tunnel-ID in the output from show sentry device-cache dump.
| - | user-id |
The User ID associated with the entry.
•To display all entries associated with a specific device, type the following command:
show sentry device-cache device <device-id>
| - | device-id The device-id for which you want to display all entries. If you provide a partial device id, the rows for all matching devices are displayed. |
Example of a request for a report for a specific device-id:
|
sentry# show sentry device-cache device 0V55EEVSRT5UVFA05AUBLF9O4S
S: Tunnel State {A:Allowed, B:Blocked, P:Policy Pending, W:Wipe Pending} Vs: EMM Validation State {Y:validated, N:not-validated} Cn: Connection count Ver: AppTunnel Version or ActiveSync Version Time: Timestamp of the last request or connection Application[/ID]: Application[/ActiveSync Device ID (if application is 'ActiveSync')] Tunnel-ID: Generic Tunnel ID
Index User S Vs Cn Ver Time Application[/ID] Tunnel-ID 1 testuser3351 A Y 0 14.1 2015-08-27 18:30:57 GMT ActiveSync/0V55EEVSRT5UVFA05AUBLF9O4S 0v55eevsrt5uvfa05aublf9o4s
sentry# |
•To display all entries associated with a specific user, type the following command:
show sentry device-cache user <user-id>
| - | user-id The user-id for which you want to display all entries. If you provide a partial userid, the rows for all matching users are displayed. |
Example of a request for a report for a specific user-id:
|
sentry# show sentry device-cache user testuser3351
S: Tunnel State {A:Allowed, B:Blocked, P:Policy Pending, W:Wipe Pending} Vs: EMM Validation State {Y:validated, N:not-validated} Cn: Connection count Ver: AppTunnel Version or ActiveSync Version Time: Timestamp of the last request or connection Application[/ID]: Application[/ActiveSync Device ID (if application is 'ActiveSync')] Tunnel-ID: Generic Tunnel ID
Index User S Vs Cn Ver Time Application[/ID] Tunnel-ID 1 testuser3351 A Y 0 14.1 2015-08-27 18:30:57 GMT ActiveSync/0V55EEVSRT5UVFA05AUBLF9O4S 0v55eevsrt5uvfa05aublf9o4s sentry# |
•To display the entries with the specified minimum number of connections, enter the following command:
show sentry device-cache min-connection <value>
| - | value The number of connections, at a minimum, for which you want to display the associated entries. |
Example of a request for a list of devices that have the minimum number of connections:
|
#show sentry device-cache min-connection 1 |
•To display the entries that require EMM validation, enter the following command:
show sentry device-cache validation-pending {yes | no}
Example of a request for a list of devices that require validation from UEM:
|
#show sentry device-cache validation-pending yes |
•To display information about the persistent device list and the in-memory device list, enter the following command:
show sentry device-cache status
Example of the command:
•To display information about the Standalone Sentry’s connection to the UEM server , enter the following command:
show sentry status
Example of the command and its output:
|
#show sentry status EMM server type : Ivanti EPMM Connectivity to Ivanti EPMM: Connected Last connectivity change detected by : Periodic connectivity check Last connectivity change time : Fri Aug 03 18:55:16 UTC 2012
Ivanti EPMM periodic connectivity check status Current time : Fri Aug 03 21:32:49 UTC 2012 Last successful : Fri Aug 03 21:25:17 UTC 2012 Last failed : Never Next scheduled : Fri Aug 03 21:40:17 UTC 2012
EMM server fail-open status : Allow Last fail-open status change detected by : Sentry initialization Last fail-open status change time : Tue Aug 02 23:05:08 UTC 2012 |
The Standalone Sentry detects changes to EMM connectivity in one of the following ways:
| - | The Standalone Sentry checks EMM connectivity on a regular basis. This is known as the periodic connectivity check. |
| - | The Standalone Sentry checks EMM connectivity when the Sentry initializes. |
| - | The administrator can manually check EMM connectivity by using the Verify button on the Troubleshooting > Service Diagnosis page of the Standalone Sentry Web Portal. |
Displaying information about Kerberos modules
You can display the Kerberos and UPN information. The new CLI commands for Kerberos reporting are described below.
|
Feature |
Command |
|
Display the SPN, timeout, and cache size for Kerberos |
show sentry kerberos |
|
Display Kerberos UPN information |
show sentry kerberos cache dump [upn-filter] |
|
Display Kerberos information related to a specific UPN |
show sentry kerberos cache upn |
•To display Kerberos information for the Sentry, enter the following command:
show sentry kerberos
Example of a request for Kerberos information:
|
#show sentry kerberos sentry-spn = HTTP/sentry.company.com cache-ticket-idle-timeout = 48 cache-size = 1 |
•To display information for all UPNs in the Kerberos cache, enter the following command:
show sentry kerberos cache dump [upn-filter]
| - | upn-filter Optional. Full or partial UPN to filter on. Shows only the rows matching this string. |
Example of a request to display Kerberos UPN information for UPNs that match the upn-filter:
|
# show sentry kerberos cache dump user Indx User-UPN Created(m) IdleTime(m) 1 [email protected] 1010 7 |
•To display Kerberos information for a specific UPN in the Kerberos cache, enter the following
command:
show sentry kerberos cache upn <upn-string>
| - | upn-string The full UPN of the UPN for which you want to display information. |
Example of a request to display Kerberos UPN information for a specific UPN:
|
# show sentry kerberos cache upn [email protected] Kerberos Cache for UPN: [email protected] [0]user-upn = [email protected] [0]idle-time-min = 7 [0]creation-time = Fri Jan 13 01:44:11 UTC 2012 |
Displaying Sentry statistics
Displays statistics for Sentry. You can specify parameters for global statistics or statistics for a specific device.
|
Feature |
Description |
|
Display Sentry statistics for a specific device |
show sentry statistics entry <device-id> <user-id> |
|
Display Sentry global statistics for a specific device |
show sentry statistics global [device|system] |
|
Display complete global Sentry system statistics |
show sentry statistics global system [filter-string] |
|
Display complete global Sentry statistics for a server |
show sentry statistics global server [filter-string] |
•To display complete Sentry statistics for a specific device, type the following command:
show sentry statistics entry <device-id> <user-id>
| - | device-id |
The id of the device for which you want information.
| - | user-id |
The User associated with the device.
Example:
sentry#show sentry statistics entry ApplDN6FM6SZDKPH testuser2885
d-connection = 4
s-connections = 4
d-bytes-rcvd = 8572
s-bytes-sent = 8368
s-bytes-rcvd = 2704
d-bytes-sent = 2704
d-http-requests = 20
s-http-requests = 16
s-http-responses = 16
d-http-responses = 16
d-http-449 = 0
s-http-449 = 0
permits = 16
pendings = 0
blocks = 0
wipes = 0
s-http-3xx-redirects = 0
s-http-451-redirects = 0
d-http-451-redirect-drops = 0
cmd-none = 0
cmd-options = 0
cmd-provision = 0
cmd-sync = 0
cmd-folder-sync = 0
cmd-ping = 16
cmd-get-attachment = 0
cmd-item-operations = 0
cmd-unknown = 0
d-err-conn-timeout = 0
s-err-conn-timeout = 0
d-err-so-timeout = 0
s-err-so-timeout = 0
s-err-cmd-ping-timeout = 0
s-err-cmd-sync-timeout = 0
d-err-cmd-timeout = 0
s-err-cmd-timeout = 0
d-err-reset = 0
s-err-reset = 0
d-so-close = 0
s-so-close = 0
http-status-200 = 0
http-status-401 = 16
http-status-404 = 0
http-status-409 = 0
http-status-5xx = 0
http-status-other = 0
err-conn-pooling = 0
d-unclassified = 0
s-unclassified = 0
ping-sync-throttled = 0
kerberos-auth-error = 0
attachments-encrypted = 0
attachment-encrypt-failures = 0
attachments-converted = 0
attachments-replaced = 0
attachment-replaced-failures = 0
attachments-fwd-restored = 0
attachments-fetched = 0
attachments-embedded = 0
attachments-renamed = 0
attachments-size-MB = 0
attachments-size-bytes = 0
decryption-failures = 0
d-http-503-s2c = 0
d-http-503-c2s = 0
d-http-400-c2s = 0
active-sync-status-reports = 0
sentry#
•To display complete global Sentry statistics for devices, type the following command:
show sentry statistics global device <filter-string>
| - | filter-string The full or partial string of one of the fields in the statistics report. The filter-string can either be a field name or a value in the field. |
Example of a request to display global statistics for devices, filtered on http-status:
|
# show sentry statistics global device http-status http-status-200 = 388 http-status-401 = 32 http-status-404 = 0 http-status-409 = 0 http-status-5xx = 0 http-status-other = 0 |
•To display complete global Sentry system statistics, type the following command:
show sentry statistics global system [filter-string]
| - | filter-string The full or partial string of one of the fields in the statistics report. The filter-string can either be a field name or a value in the field. |
Example of a request to display global Sentry statistics, filtered on peak:
|
# show sentry statistics global system peak
peak-heap-mem-used-MB = 389 peak-date-heap-mem-used-MB = Thu Aug 27 22:32:30 UTC 2015 peak-buff-cached-mem-used-MB = 1189 peak-date-buff-cached-mem-used-MB = Thu Aug 27 22:33:30 UTC 2015 peak-process-virtual-mem-used-MB = 2988 peak-date-process-virtual-mem-used-MB = Thu Aug 27 22:32:30 UTC 2015 peak-process-resident-mem-used-MB = 1049 peak-date-process-resident-mem-used-MB = Thu Aug 27 22:34:30 UTC 2015 peak-cpu-% = 14 peak-date-cpu-% = Thu Aug 27 22:32:30 UTC 2015 peak-mem-% = 39 peak-date-mem-% = Thu Aug 27 22:32:30 UTC 2015 peak-running-threads = 1 peak-date-running-threads = Thu Aug 27 22:33:21 UTC 2015 peak-device-cache-size = 2 peak-date-device-cache-size = Thu Aug 27 22:32:30 UTC 2015 peak-user-url-cache-size = 0 peak-date-user-url-cache-size = Thu Aug 27 22:32:30 UTC 2015 peak-kerb-servtkt-cache-size = 0 peak-date-kerb-servtkt-cache-size = Thu Aug 27 22:32:30 UTC 2015 sentry# |
The full global statistics report can be downloaded in CSV format using the user interface. See Sentry Statistics.
•To display complete global Sentry statistics for a server, type the following command:
show sentry statistics global server <filter-string>
| - | filter-string |
The full or partial string of one of the fields in the statistics report. The filter string can either be a field name or a value in the field.
Example:
|
sentry#show sentry statistics global server hc-connections = 6 hc-bytes-sent = 816 hc-bytes-rcvd = 1116 hc-http-requests = 6 hc-http-responses = 6 hc-err-conn-timeout = 0 hc-err-so-timeout = 0 hc-err-reset = 0 hc-so-close = 0 hc-unclassified = 0 hc-http-status-200 = 0 hc-http-status-401 = 6 hc-http-status-404 = 0 hc-http-status-other = 0 |
Example with filter string:
|
sentry#show sentry statistics global server err hc-err-conn-timeout = 0 hc-err-so-timeout = 0 hc-err-reset = 0 sentry# |
Displaying information about servers
•To display server details and connection status, type the following command in EXEC mode:
show sentry server status
Example:
|
sentry# show sentry server status
Current Time : Thu Aug 27 19:21:37 UTC 2015
Service Name : <ANY> Service Type : App Tunnel Server Scheduling : PRIORITY Server Declared Last Failure Name/IP Status Failed Count -------------------------------------------------------------------------- Live Never 0
Service Name : default Service Type : Active-Sync Server Scheduling : PRIORITY Active Background Health Check : Enabled Server Declared Last Last Failure Name/IP Status Successful Failed Count ----------------------------------------------------------------------------------------------- ex2010sp3.enterprise.com Live 08/27/2015 19:20:52 Never 0
Service Name : <TCP_ANY> Service Type : App Tunnel Server Scheduling : PRIORITY Server Declared Last Failure Name/IP Status Failed Count -------------------------------------------------------------------------- Live Never 0 sentry# |
Displaying Sentry system resources
•To display Sentry system resources, type the following command:
show sentry utilization
Example:
|
sentry#show sentry utilization Number of Connected Devices : 0 Number of Open Connections : 0 Thread Pool Utilization : 0.0% CPU Utilization : 0% System Memory Utilization : 23% Heap Memory Utilization : 15% sentry# |
Displaying Sentry log configuration
You can display the Sentry log configuration. To change the log configuration, see the commands in Logging.
To display the Sentry log configuration, type the following command:
show sentry log
Example of a request to display log configuration information:
|
# show sentry log log-from-to = both enable = true verbosity = level3 |
Displaying Sentry log filters
You can display the log filters that are currently configured on Sentry. To configure the log filters, see Logging.
To display the Sentry log filters, type the following command:
Example of a request to display the log filters:
|
# show sentry log filter TAG ENABLED TYPE VALUE
KensPhone true user-id ksmith |
Displaying Sentry GC log configuration
You can display the garbage collection (GC) currently configured on Sentry. To configure GC, see Configuring garbage collection (GC).
To display the Sentry GC configuration, type the following command:
show sentry gc-log