Symantec Access Management

Expand all | Collapse all

usage of "smpolicysrv -publish" ?

Jump to Best Answer
  • 1.  usage of "smpolicysrv -publish" ?

    Posted 01-22-2016 01:26 PM

    can some one explain usage of "smpolicysrv -publish" ?as well  how to enable/disable ?

     

    --> will there any particular libraries required ?

     

    Thanks-



  • 2.  Re: usage of "smpolicysrv -publish" ?
    Best Answer

    Posted 01-23-2016 01:37 AM

    Hi JaswanthChadalawada4210560,

     

    "smpoilcysrv -publish" is a command line tool for publishing diagnostic information about a CA SiteMinder® deployment. Using the tool, you can publish information about Policy Servers, policy stores, user directories, Agents, and custom modules.

     

    You can run this from <siteminder>\bin directory and the published information will be written to a XML file (by default : <policy_server_install_dir>\log\smpublish.xml).

     

    You can specify the location and output file name using following command:

    smpolicysrv -publish c:\netegrity\siteminder\published-data.txt

     

    Sample XML file:

    <SMPUBLISH>

     

     

        <SERVER>

            <SHORT_NAME>   smpolicysrv </SHORT_NAME>

            <FULL_NAME>    SiteMinder Policy Server </FULL_NAME>

            <PRODUCT_NAME> SiteMinder(tm) </PRODUCT_NAME>

            <VERSION>  12.52 </VERSION>

            <UPDATE>   01.00 </UPDATE>

            <LABEL>    499 </LABEL>

            <PLATFORM> Windows version 6.1 Service Pack 1 (Build 7601) </PLATFORM>

            <PORT>     44442 </PORT>

            <RADIUS_PORT> 0 </RADIUS_PORT>

            <THREADPOOL>

                <THREAD_MSG_QUEUE>

                    <MSG_TOTALS>    12852 </MSG_TOTALS>

                    <MAX_HIGH_DEPTH>     1 </MAX_HIGH_DEPTH>

                    <MAX_NORM_DEPTH>     3 </MAX_NORM_DEPTH>

                    <MAX_MSG_DEPTH>     3 </MAX_MSG_DEPTH>

                    <CURRENT_HIGH_DEPTH>     0 </CURRENT_HIGH_DEPTH>

                    <CURRENT_NORM_DEPTH>     0 </CURRENT_NORM_DEPTH>

                    <CURRENT_MSG_DEPTH>     0 </CURRENT_MSG_DEPTH>

                </THREAD_MSG_QUEUE>

                <THREADS_LIMIT> 8 </THREADS_LIMIT>

                <THREADS_MAX>   8 </THREADS_MAX>

                <THREADS_CURRENT> 8 </THREADS_CURRENT>

                <THREADS_BUSY> 0 </THREADS_BUSY>

            </THREADPOOL>

            <CRYPTO> 128 </CRYPTO>

            <KEYMGT>

                <GENERATION> disabled </GENERATION>

                <UPDATE>     disabled </UPDATE>

            </KEYMGT>

            <JOURNAL>

                <REFRESH> 60 </REFRESH>

                <FLUSH>   60 </FLUSH>

            </JOURNAL>

            <PSCACHE>

                <STATE>          enabled </STATE>

                <PRELOAD>        enabled </PRELOAD>

            </PSCACHE>

            <USERAZCACHE>

                <STATE>    enabled </STATE>

                <MAX>      10 </MAX>

                <LIFETIME> 3600 </LIFETIME>

            </USERAZCACHE>

        </SERVER>

     

     

        <REPORTS>

            <THREAD_COUNT>        1 </THREAD_COUNT>

            <PENDING_LOG_ENTRIES> 0 </PENDING_LOG_ENTRIES>

            <PENDING_TEXT_LOG_SIZE_MB> 0 </PENDING_TEXT_LOG_SIZE_MB>

            <DROPPED_TEXT_LOG_ENTRIES> 0 </DROPPED_TEXT_LOG_ENTRIES>

            <AUTH_EVENTS>          ALL </AUTH_EVENTS>

            <AZ_EVENTS>            ALL  </AZ_EVENTS>

            <ADMIN_ACCESS_EVENTS>  ALL  </ADMIN_ACCESS_EVENTS>   

            <AFFILIATE_EVENTS>     ALL  </AFFILIATE_EVENTS> 

            <ADMINISTRATIVE_EVENTS>  NONE  </ADMINISTRATIVE_EVENTS>

            <OUTPUT>

                <TYPE> TEXT: </TYPE >

            </OUTPUT>

        </REPORTS>

     

     

        <AUDITLOG_STORE>

     

     

            <DATASTORE>

                <NAME> Audit Log Store  </NAME>

                <FILE> C:\CA\siteminder\log\smaccess.log </FILE>

                 <ROLLOVERSIZE> 10 </ROLLOVERSIZE>

                 <FILESTOKEEP> 10 </FILESTOKEEP>

            </DATASTORE>

     

     

        </AUDITLOG_STORE>

     

    <POLICY_STORE>

     

     

            <DATASTORE>

                <NAME> Policy Store   </NAME>

                <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

                <LOADED> true </LOADED>

               <SERVER_LIST>

      <CONNECTION_INFO>

                        <TYPE>ODBC</TYPE>

                        <SERVICE_NAME>siteminder</SERVICE_NAME>

                        <USER_NAME>sa</USER_NAME>

                        <DBMS_NAME>Microsoft SQL Server</DBMS_NAME>

                        <DRIVER_NAME>Microsoft SQL Server</DRIVER_NAME>

                        <DBMS_VERSION>10.00.2531</DBMS_VERSION>

      <CONNECTIONS>

      <TOTAL>3</TOTAL>

      <ACTIVE>0</ACTIVE>

      <AVAILABLE>3</AVAILABLE>

      <HUNG>0</HUNG>

      <INITIALIZED>0</INITIALIZED>

      </CONNECTIONS>

      </CONNECTION_INFO>

               </SERVER_LIST>

            </DATASTORE>

     

     

            <DATASTORE>

                <NAME>  Key Store  </NAME>

                <USE_DEFAULT_STORE> true </USE_DEFAULT_STORE>

                <LOADED> true </LOADED>

            </DATASTORE>

     

     

            <DATASTORE>

                <NAME>  Token Store  </NAME>

                <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

                <LOADED> true </LOADED>

               <SERVER_LIST>

      <CONNECTION_INFO>

      <CONNECTIONS>

      <TOTAL>0</TOTAL>

      <ACTIVE>0</ACTIVE>

      <AVAILABLE>0</AVAILABLE>

      <HUNG>0</HUNG>

      <INITIALIZED>0</INITIALIZED>

      </CONNECTIONS>

      </CONNECTION_INFO>

               </SERVER_LIST>

            </DATASTORE>

     

     

    </POLICY_STORE>

     

     

    <SESSION_STORE>

     

     

            <DATASTORE>

                <NAME> Session Server Store  </NAME>

                <USE_DEFAULT_STORE>  false </USE_DEFAULT_STORE>

                <LOADED> true </LOADED>

               <SERVER_LIST>

      <CONNECTION_INFO>

                        <TYPE>ODBC</TYPE>

                        <SERVICE_NAME>sessionstore</SERVICE_NAME>

                        <USER_NAME>sa</USER_NAME>

                        <DBMS_NAME>Microsoft SQL Server</DBMS_NAME>

                        <DRIVER_NAME>Microsoft SQL Server</DRIVER_NAME>

                        <DBMS_VERSION>10.00.2531</DBMS_VERSION>

      <CONNECTIONS>

      <TOTAL>1</TOTAL>

      <ACTIVE>0</ACTIVE>

      <AVAILABLE>1</AVAILABLE>

      <HUNG>0</HUNG>

      <INITIALIZED>0</INITIALIZED>

      </CONNECTIONS>

      </CONNECTION_INFO>

               </SERVER_LIST>

            </DATASTORE>

     

     

    </SESSION_STORE>

     

     

       <AGENT_CONNECTION_MANAGER>

            <CURRENT>      5 </CURRENT>

            <MAX>          15 </MAX>

            <DROPPED>      0 </DROPPED>

            <IDLE_TIMEOUT> 600 </IDLE_TIMEOUT>

            <ACCEPT_TIMEOUT> 10 </ACCEPT_TIMEOUT>

     

     

     

     

            <AGENT_CONNECTION>

                <NAME> lod0249_apache </NAME>

                <IP>   141.202.119.71 </IP>

                <API_VERSION> 1536 </API_VERSION>

                <LAST_MESSAGE_TIME> 1453530481 </LAST_MESSAGE_TIME>

             </AGENT_CONNECTION>

            <AGENT_CONNECTION>

                <NAME> i148122sps </NAME>

                <IP>   10.131.54.97 </IP>

                <API_VERSION> 1536 </API_VERSION>

                <LAST_MESSAGE_TIME> 1453530494 </LAST_MESSAGE_TIME>

             </AGENT_CONNECTION>

            <AGENT_CONNECTION>

                <NAME> wonsa03-i122123sps </NAME>

                <IP>   10.131.60.35 </IP>

                <API_VERSION> 1536 </API_VERSION>

                <LAST_MESSAGE_TIME> 1453530496 </LAST_MESSAGE_TIME>

             </AGENT_CONNECTION>

            <AGENT_CONNECTION>

                <NAME> i148122sps_sa01 </NAME>

                <IP>   10.131.54.97 </IP>

                <API_VERSION> 1536 </API_VERSION>

                <LAST_MESSAGE_TIME> 1453530407 </LAST_MESSAGE_TIME>

             </AGENT_CONNECTION>

            <AGENT_CONNECTION>

                <NAME> i148122sps </NAME>

                <IP>   10.131.54.97 </IP>

                <API_VERSION> 1536 </API_VERSION>

                <LAST_MESSAGE_TIME> 1453530485 </LAST_MESSAGE_TIME>

             </AGENT_CONNECTION>

        </AGENT_CONNECTION_MANAGER>

     

     

     

     

    <USER_DIRECTORIES>

    </USER_DIRECTORIES>

     

     

    <EVENT_HANDLERS>

          <CONFIGURED> C:\CA\siteminder\bin\XPSAudit.dll </CONFIGURED>

          <EVENT_LIB>

              <LIB_NAME> C:\CA\siteminder\bin\XPSAudit.dll

            </LIB_NAME>

              <FULL_NAME>

                    C:\CA\siteminder\bin\XPSAudit.dll

              </FULL_NAME>

          </EVENT_LIB>

      </EVENT_HANDLERS>

    </SMPUBLISH>



  • 3.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-25-2016 02:47 PM

    This is so good , Thank you and you had answered to one of my questions which i am suppose to ask later

     

    when i tried to run the command as smuse12 on a SM12.52 policy server , i got below error .

     

    ./smpolicysrv -publish

    ./smpolicysrv: error while loading shared libraries: libsmartheap_smp.so: cannot open shared object file: No such file or directory

     

    But as far i know this message will come , because the environment variable for the policy server is not loaded for the user running .

     

    So should i still need to run the ". ./nete_ps_env.ksh" command even running as smuser12?

     

    Thanks-



  • 4.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-25-2016 10:01 PM

    Yes, you can will need to source environment variable.



  • 5.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-25-2016 03:14 PM

    Adding to this ,

     

    can you help me understand the below what it signifies ? mainly on the LIFETIME?

     

            <USERAZCACHE>

                <STATE>    enabled </STATE>

                <MAX>      10 </MAX>

                <LIFETIME> 3600 </LIFETIME>

            </USERAZCACHE>



  • 6.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-25-2016 10:03 PM

    That is the expiry time of the user authorization cache. After this time it will contact policy server to fetch  user authorisation attributes.



  • 7.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-26-2016 03:57 PM

    It was helpful . Thank you all .

     

    I am sure there must be an option to close this thread as answered, i am looking for it .

     

    Thanks,.



  • 8.  Re: usage of "smpolicysrv -publish" ?

    Posted 01-26-2016 04:50 PM

    Hi, fixed that for you.



  • 9.  Re: usage of "smpolicysrv -publish" ?

    Posted 02-04-2016 01:23 PM

    Hi Ujwol ,

     

    Thank you ! i was doing some sort of testing and wanted to see if there is a way i can disable the lifetime parameter ?

     

    <LIFETIME> 3600 </LIFETIME>



  • 10.  Re: usage of "smpolicysrv -publish" ?

    Posted 02-04-2016 04:55 PM

    I found it under registry. Thank you !!