Symantec Privileged Access Management

  • Private Community

  • 1.  HOW TO: Extract more than 10K Target Accounts using the CLI

    Posted May 23, 2019 02:26 PM

    Using the 3.2.4 CLI against a 3.2.4.62 PAM clustered node, when running the CLI command

     

    capam_command cmdName=searchTargetAccount > AllTargetAccounts.xml

     

    The XML content returned only contains 10K rows (10K accounts) but we know there are many more accounts in the system; 33K more, to be exact.

     

    I found this command, thought i might give it a try:

     

    capam_command cmdName=setReportRowLimit rowLimit=50000

     

    but, it doesn't seem to increase the result set size limit, but it ran successfully.

     

    Is there a known issue or limitation with the number of rows returned by a CLI search command?

     

    thanks in advance.



  • 2.  Re: HOW TO: Extract more than 10K Target Accounts using the CLI
    Best Answer

    Broadcom Employee
    Posted May 23, 2019 03:18 PM

    Hi Seb, Please review the documentation page for this command at https://docops.ca.com/ca-privileged-access-manager/3-2-4/en/programming/credential-manager-remote-cli-and-java-api/credential-manager-cli-commands/searchtargetaccount

     

    It includes a description of parameters Page.Size and Page.Number.



  • 3.  Re: HOW TO: Extract more than 10K Target Accounts using the CLI

    Posted May 23, 2019 04:12 PM

    well now I feel a bit embarrassed.

     

    I thought I had combed through that page.

     

    sorry I missed it.



  • 4.  Re: HOW TO: Extract more than 10K Target Accounts using the CLI

    Posted May 23, 2019 06:03 PM

    Although, i did get an error:

     

    Exception in thread "main" java.lang.OutOfMemoryError: Java heap space

            at org.a.a.a.b(Unknown Source)

            at org.a.a.a.a(Unknown Source)

            at org.a.a.a.c(Unknown Source)

            at org.a.a.a.next(Unknown Source)

            at com.cloakware.cspm.server.app.c.a(SourceFile:74)

            at com.cloakware.cspm.server.app.c.<init>(SourceFile:32)

            at com.cloakware.cspm.server.ui.CommandLineInterface.a(SourceFile:290)

            at com.cloakware.cspm.server.ui.CommandLineInterface.execute(SourceFile:213)

            at com.cloakware.cspm.server.ui.CommandLineInterface.main(SourceFile:111)

    Seems like on a 4GB vm the max is 35K rows.
    so i had to split it into two pages... using both Page.Size=25000 and Page.Number=1 ... and run again for Page.Number=2...
    learn something new every day.
    thanks for you help Ralf. Greatly appreciated.


  • 5.  Re: HOW TO: Extract more than 10K Target Accounts using the CLI

    Broadcom Employee
    Posted May 23, 2019 07:07 PM

    Ok, good. I believe the limit was not the memory of the VM, but the Java max heap memory setting of the tomcat process running in the VM, which uses setting -Xmx1536M in current PAM releases.