|
|
This chapter provides detailed instructions for using and managing the following Guardian features and components:
There are many ways to configure and use Guardian to diagnose the health of your domains. However, there are four essential tasks that can be considered the primary functions of Guardian. These are as follows:
There are numerous other Guardian tasks and activities, which are categorized according to the following topics:
The following sections provide detailed instructions for performing the tasks in each of these categories.
This section provides instructions for the following tasks:
For Guardian versions 1.0.7 and above, you must manually deploy the new Guardian Agent in WebLogic Server before you can use Guardian to evaluate your environment.
| Note: | If you have enabled Online Signature/Software Updates in your Guardian Preferences, Guardian periodically performs an automatic update for the latest Guardian version. Clicking the Update button in Guardian also initiates a software version update. If you were previously able to activate domains and run evaluations in Guardian, but are no longer able to do so, this may be due to an update to Guardian 1.0.7 or above. You must delete the earlier Guardian Agent and deploy the new Agent to continue using Guardian. |
You can use the WebLogic Server Administration Console to uninstall the existing Guardian Agent and then install and deploy the new Agent. The WebLogic Server Administration Console provides a series of Web-based deployment assistants that guide you through the deployment process. For a summary of the steps involved in deploying the Guardian Agent, see Deploy Guardian Agent from WebLogic Server Adminstration Console on page 37 . For complete instructions on deploying applications, see the Administration Console Online Help, and WebLogic Server documentation.
If you want to deploy the Guardian Agent to multiple servers, you can use a WebLogic Scripting Tool to automate this task. For basic instructions, see Deploy Guardian Agent to Multiple Servers on page 38. For instructions on using a script to activate multiple domains in Guardian, see Activate Multiple Domains on page 49. For complete instructions on using the WebLogic Scripting tool to deploy applications, see the WebLogic Scripting Tool documentation.
You can use the WebLogic Server Administration Console to manually deploy the Guardian Agent on that server. This section provides a summary of the basic steps involved for WebLogic Server versions 9.0 and above. For complete instructions for your specific version of WebLogic Server, please see your WebLogic Server documentation and Administration Console Online Help. Please also refer to the Guardian 1.1 Installation Guide and Guardian 1.1 Release Notes for additional important information.
To use the Administration Console to manually deploy the Guardian Agent, do the following:
| Caution: | Make sure that Lock & Edit is selected for each of the following procedures. |
By default, the Guardian Agent is named bea-guardian-agent.
| Note: | For detailed instructions for this procedure, see “Start and stop a deployed Enterprise Application” in the WebLogic Administration Console Online Help. |
| Note: | For detailed instructions for this procedure, see “Delete an Enterprise Application” in the WebLogic Administration Console Online Help. |
The Guardian Agent is a WAR file named bea-guardian-agent.war, and is located in the following directory:
| WARNING: | Do not change the name of the Guardian Agent when deploying it. Be sure to use the default name, bea-guardian-agent.war. |
<root>\guardian\plugins\com.bea.guardian.agent.weblogic_<guard-version>\weblogic<wls-version>
<root> is the parent directory for the Guardian installation. For example:C:\\Program Files
<guard-version> is the current (updated) Guardian version.
<wls-version> is the version of WebLogic Server in which you are deploying this Agent.
If you are installing the Agent on WebLogic 8.1.x, install the bea-guardian-agent.war file located in the ..\weblogic8 directory. For WebLogic Server 9.x and 10.x, install the bea-guardian-agent.war file located in the ..\weblogic9 directory.
| Note: | For detailed instructions for this procedure, see the section entitled, “Install an Enterprise Application” in the Administration Console Online Help. |
| Note: | For detailed instructions for this procedure, see “Start and stop a deployed Enterprise Application” in the WebLogic Administration Console Online Help. |
| Note: | For detailed instructions for this procedure, see “Activate Domain” in the BEA Guardian Online Help. |
You can now use Guardian to evaluate the activated domains in your environment.
If you need to deploy the Guardian Agent to multiple servers in a cluster environment, you can use the weblogic.Deployer command in the WebLogic Server Command Line Interface to automate this task. You can also use the BEA WebLogic Diagnostics Framework (WLDF) to deploy the Agent. This section provides basic instructions for using the weblogic.Deployer command for this purpose. For instructions on using WLDF, please see the WebLogic Diagnostics Framework product documentation.
| Note: | Please also refer to the Guardian 1.1 Installation Guide and Guardian 1.1 Release Notes for additional important information. |
| WARNING: | Do not change the name of the Guardian Agent when deploying it. Be sure to use the default name, bea-guardian-agent.war. |
At the WebLogic Server CLI prompt, enter the following command line:
java weblogic.Deployer -debug -adminurl http://<admin_url>:<port> -username <username> -password <password> – targets adminserver,<cluster1>,<cluster2> -deploy -sourcerootforupload <dir_path>\bea-guardian-agent.war
If you have one or more managed servers in a domain, the Guardian Agent spawns the appropriate number of threads for communicating between the Guardian Agent on the WebLogic Administration Server, and the Guardian Agent running on the Managed Server(s). However, an excessive number of threads can affect the performance of the Administration Server. To control this, you can specify the maximum number of Agent threads to allocate to the WebLogic Server Administration Server for a specified domain. The Max. Agent Threads parameter setting determines this value. The default is 10.
There are two ways to set the value for this parameter:
To set the Max. Agent Threads value for an activated domain, do the following:
This displays the Domain Properties dialog box.
This can be an interger value from 1 to 20. The default is 10.
This resets Max. Agent Threads to the specified value for the selected domain.
In order to manage Agent resources on both the WebLogic Administration Server and Managed Servers, Guardian enables you to specify the maximum amount of time (in seconds) that can elapse before a thread is terminated. The Agent Thread Timeout parameter governs this timeout. The default is 60.
There are two ways to set the Agent Thread Timeout parameter:
To set the Agent Thread Timeout value for an activated domain, do the following:
This displays the Domain Properties dialog box.
This can be an integer value from 10 to 600. The default is 60.
This resets Agent Thread Timeout to the specified value for the selected domain.
This section provides instructions for the following tasks:
The Guardian Workspace is the directory in which all of your Guardian data is stored. It includes the following data for each domain you have defined in Guardian:
To prevent loss of work when Guardian is updated or uninstalled, your Workspace directory must be located outside of the Guardian installation directory. You can safely back up your Workspace data by exporting your Workspace to a file also located outside of your Guardian Installation directory. For instructions, see Export Workspace on page 42.
To specify the location for your Guardian Workspace, you must restart Guardian and specify a new location in the Select Workspace dialog box during startup.
| WARNING: | To prevent loss of work when Guardian is updated or uninstalled, your Workspace directory must be located outside of the Guardian installation directory. You can safely back up your Workspace data by exporting your Workspace to a file also located outside of your Guardian Installation directory. For instructions, see Export Workspace on page 42. |
To select a Guardian Workspace when starting Guardian, do the following:
Guardian first displays the initial splash screen while loading, and then displays the Select Workspace dialog box.
This opens the Browse For Folder dialog.
| Caution: | Make sure this directory is not located within the Guardian installation directory. |
To use an existing folder: Browse to the folder location and select the folder.
This creates or selects the file and returns to the Select Workspace dialog box.
If you do not want to select the Workspace each time you start Guardian, select the checkbox for Use this as the default workspace and do not ask again.
To change this setting at a later time, do the following:
Guardian loads the selected Workspace and completes the startup procedure.
You can export your Guardian Workspace data to a file, which you can use for backup and recovery purposes, or to import to another Guardian instance.
| WARNING: | To prevent loss of work when Guardian is updated or uninstalled, make sure your Workspace and any Workspace export files are located outside of your Guardian Installation directory. |
To export a Guardian Workspace, do the following:
This opens the Export Workspace Wizard.
| Note: | To clear a typed entry, click the Clear icon (file page icon) to the right of the destination field. This clears the Select an export destination field and redisplays the default folder tree. |
Use one of the following methods to specify the file:
This saves your current Workspace as a .zip file containing all of your Workspace data, including the guardian.registry, .project and .refresh files.
You can import a Guardian Workspace from another Guardian instance, or an exported Workspace data file.
To import a Guardian Workspace, do the following:
This opens the Import Workspace Wizard.
| Note: | To clear a typed entry, click the Clear icon (file page icon) to the right of the destination field. This clears the Select an import source field and redisplays the default folder tree. |
Use one of the following methods to specify the file:
This imports the selected Workspace data and returns to the main Guardian window.
This section provides instructions for the following tasks:
You can use the Preferences page to configure your Guardian Preferences and customize your Guardian environment.
To configure your Guardian Preferences, do the following:
You can use either of the following methods to open the Preferences configuration page:
The left pane of the Preferences configuration page is a navigation tree containing an extensive series of hierarchical folders and subfolders. Each folder and subfolder in the hierarchy is a category of preference attributes that you can configure.
The top level folders are as follows:
| Note: | For a detailed description of all Preference page folders and parameters, see Preferences on page 115 in Reference. |
This applies and saves all of your new Preference page settings.
You can export your Guardian Preferences to a file for backup and recovery purposes, or to import to another Guardian instance.
To export your Guardian Preferences to a file, do the following:
This opens the Export Preferences Wizard.
| Note: | To clear a typed entry, click the Clear icon (file page icon) to the right of the destination field. This will clear the Select an export destination field and redisplay the default folder tree. |
Use one of the following methods to specify the file:
This saves your current preferences information as a .epf file in the specified location.
To import a Guardian Preferences from a file, do the following:
This opens the Import Preferences Wizard.
| Note: | To clear a typed entry, click the Clear icon (file page icon) to the right of the destination field. This clears the Select an import source field and redisplays the default folder tree. |
Use one of the following methods to specify the file:
This replaces your current Preference page settings with the settings from the imported file.
This section provides instructions for the following tasks:
A domain is considered active when it is capable of being evaluated. Activating a domain prepares it for evaluation and creates a new Domain Inventory.
Activating a domain also results in the following:
To activate a domain, do the following:
| Note: | If you are unable to activate any domains, you may need to manually deploy the Guardian Agent. For instructions, see Manually Deploy Guardian Agent on page 36. |
You can use any of the following methods to open the wizard:
The General tab contains the following fields:
| Note: | If you preselected a deactivated domain when you invoked the Domain Activation Wizard, the Protocol, Hostname, and Port fields will be automatically filled with the appropriate values. |
The Advanced tab contains the following fields and options:
1 to 20. The default is 10.10 to 600. The default is 60. If you need to activate multiple domains in Guardian, you can use a script to automate this procedure.
| WARNING: | You must deploy the Guardian Agent to each domain that is to be activated prior to running the activation script. For instructions, see “ Deploy Guardian Agent to Multiple Servers ,” above. |
The following is an example script for activating multiple domains:
-gactivateDomain -t http://slp7:7001 -u un -p pw -c true
-gactivateDomain -t http://slp8:7001 -u un -p pw -c true
-gactivateDomain -t http://sqa-lldev:4044 -u un -p pw -c true
The script is then run in Guardian Headless Mode, by using the following command line:
guardianHeadless.cmd -gscript -f activatingScript.txt
For more information about running scripts, see Run Scripts on page 75.
When you deactivate a domain, it is no longer available for evaluation. Any shortcuts that use the domain are removed from the Shortcut Table and Shortcut Explorer. The Domain Inventory and Evaluation Summary data persists after deactivation, but is not available for viewing in Domain Explorer. You must reactivate the domain before you can view the data or evaluate the domain.
To deactivate a domain, do the following:
This deactivates the domain and returns to the Domain Explorer or Active Domain Table.
| Note: | The Domain Deactivation Wizard does not remove the BEA Guardian Agents that were installed when you activated the domains. For instructions on removing Agents, see the WebLogic Server Administration Console Online Help. For instructions on purging inactive domains from Guardian, see Purge All Inactive Domains on page 51. |
You can modify the Domain Properties for a domain to customize the way BEA Guardian communicates with that domain.
To modify the Domain Properties for a domain, do the following:
The Domain Properties configuration page contains the following fields and options:
1 to 20. The default is 10.10 to 600. The default is 60. This applies your new Domain Properties settings to the selected domain.
To remove all deactivated domains from the Domain Explorer, select Tools > Purge Inactive Domains. There is no confirmation request; the domains are purged immediately.
| WARNING: | Purging the inactive domains also deletes the associated Domain Inventories and Evaluation Summaries from the Guardian Workspace, and removes the domains from the Guardian Registry. |
This section provides instructions for the following tasks:
To create and populate a new Domain Group, do the following:
This opens the Add Domain Group dialog box.
This adds the new Domain Group to the Domain Explorer Domain Tree, and closes the Add Domain dialog box.
In the Domain Explorer Domain tree, click on a domain name to select it, then drag and drop it into the new Domain Group folder. Repeat this step for each domain you want to include in the new Domain Group.
To rename an existing Domain Group, do the following:
This opens the Rename Domain Group dialog box.
This renames the Domain Group in the Domain Explorer Domain Tree, and closes the Rename Domain dialog box.
You cannot delete a Domain Group that contains a domain. If there are domains in the Domain Group, you can drag and drop the domains into the Target Domain folder, or into another Domain Group folder.
This displays a Domain Group Delete Confirmation dialog box prompting you to confirm the delete request.
This deletes the Domain Group from the Domain Explorer Domain Tree, and closes the Delete Confirmation dialog box.
This section provides instructions for the following tasks:
If you want to use an inbound proxy server for communications between Guardian and the WebLogic Administration Server, you must first add the proxy server to Guardian.
To add an inbound proxy server, do the following:
This adds the proxy server to the Proxy Servers list in the Proxy Servers configuration page, and dismisses the Proxy Properties dialog box.
This adds the new proxy server to the Proxy Server drop-down list in the Advanced tab of the Domain Activation Wizard and dismisses the dialog box.
If you want to use an inbound proxy server for communications between Guardian and the WebLogic Administration Server, you must enable the proxy connection.
To enable an inbound proxy connection, do the following:
For instructions, see Add Inbound Proxy Servers on page 54.
You can use any of the following methods to open the wizard:
If you are using an outbound proxy server for communications between Guardian and the outside world, you will need to test the outbound proxy connection.
To enable and test an outbound proxy server connection, do the following:
This displays the Preferences configuration page.
This displays the BEA Support preferences, which include some settings for proxy testing.
After the test completes, a status message is displayed at the top of the page as to whether it was successful or not.
This section provides instructions for the following tasks:
A Domain Inventory is an assessment of your current domain environment. The results are displayed in a Domain Inventory Overview in the Document Pane. The inventory is also added to the Inventory History folder in the Domain Explorer. Domain Inventories are also created automatically whenever you activate or evaluate domains.
To inventory a domain, do the following:
You can use any of the following methods to open the wizard:
This initiates the Domain Inventory and displays the results in a Domain Inventory Overview in the Document Pane.
To view an existing Domain Inventory, do the following:
To identify potential problems before they occur, you can use the Evaluation Wizard to evaluate one or more domains.
To evaluate a domain, do the following:
Use any of the following methods to select a domain and open the wizard:
Select a Signature Bundle from the Bundle field drop-down menu. The default is Default Signatures.
In the Domain Credentials section, enter the following:
If you selected multiple domains, you must supply the login credentials for each domain before you can launch the Evaluation.
Select this option if you want your login information to persist so that you do not have to enter it each time you evaluate this domain. This is especially useful if you routinely evaluate multiple domains concurrently. Usernames and passwords are encrypted when stored.
This is useful if you routinely perform this particular type of evaluation. To create a shortcut, select the Create Shortcut checkbox, and enter a brief name for the shortcut in the text field. For detailed instructions on creating, evaluating, and managing shortcuts, see the section entitled, Shortcuts on page 70.
This initiates the evaluation and displays an Evaluation Summary of the results in the Document Pane. In the Domain Explorer, the new Domain Inventory is added to the Inventory History folder, and the new Evaluation Summary is added to the Evaluation History folder.
A Snapshot Evaluation is a complete assessment of all of the configuration details for a specific domain, at the particular moment the evaluation is executed. The process for performing a Snapshot Evaluation is the same as for any other type of evaluation. The primary difference is in the type of Signature Bundle you select for the evaluation, and the type of information the evaluation collects and evaluates.
| Note: | As with other evaluations, you can compare Snapshot Evaluations. Comparing two Snapshot Evaluations enables you to see very quickly the differences between configurations for those two domains. For instructions, see Compare Inventories or Evaluations on page 60. |
| Caution: | Generating a Snapshot Evaluation of a large domain may consume a lot of memory, and take a long time to complete. |
To evaluate a snapshot of a domain configuration, do the following:
Select one of the following from the Bundle field drop-down menu:
In the Domain Credentials section, enter the following:
This initiates the Snapshot Evaluation and displays an Evaluation Summary of the results in the Document Pane. In the Domain Explorer, the new Domain Inventory is added to the Inventory History folder, and the new Evaluation Summary is added to the Evaluation History folder.
You can compare inventories or evaluations from the same or different domains. Both objects must be of the same type—that is, two inventories or two evaluations. You cannot compare an inventory against an evaluation.
You can compare any two Evaluation Summaries. Comparing two Snapshot Evaluations is particularly useful, as a Snapshot Evaluation collects and evaluates all of the configuration data for the evaluated domain. Such a comparison enables you to see very quickly the differences between the configurations and their issues for those two domains.
To compare two Domain Inventories or Evaluation Summaries, do the following:
Click the Domain Explorer tab, or select Window > Show View > Domain Explorer.
Click on the first item to select it, and then hold down the Ctrl key and click on the second item.
| Note: | The Compare option remains deactivated until two like items have been selected. |
Selecting Compare opens the Text Compare display in the Document Pane. The differences between the two files are highlighted, and related segments are shown in boxed sections, with connectors indicating the relation.
The Text Compare navigation controls are as follows:
You can export a Domain Inventory or Evaluation Summary report to a PDF or HTML file for external viewing or archiving.
To export a report, do the following:
The Domain Explorer contains two History folders:
Double-click on a report name to open the report and display it in the Document Pane.
This opens a standard Save As file browser.
For the Save as type: field, select one of the following from the drop-down menu:
This section provides instructions for the following tasks:
To display the overview for a signature, do the following:
This opens the Signature Explorer or Bundle Explorer, respectively. Signature Overviews are accessible only through these two Explorers.
This displays the overview for that signature in the Document Pane.
You can use Signature Filters to specify which signatures are to be displayed in the Signature Explorer, Bundle Explorer, and Evaluation Summaries.
To apply Signature Filters, do the following:
Click a radio button to specify Show or Hide for each filter. The Signature Filters are as follows:
Name — Filter according to name. Specify all or a portion of a signature name to use as the filter criteria. This can be a character string or standard regular expression. Enter .* to filter all signatures. The default is Show all (.*).
Severity — Filter according to severity. Click a checkbox to select/deselect a severity level. These are: Critical, Warning, and Information. The default is Show all (all selected).
Type — Filter annotated signatures according to Annotation Type. Click a checkbox to select/deselect a type. There are two Annotation Types: Flag and Ignore. The default is Hide signatures with an Annotation Type of Ignore. For more information on Annotation Types, see Signature Annotations on page 22 in About BEA Guardian.
Annotation Name — Filter annotated signatures according to Annotation Name. Specify all or a portion of an Annotation Name to use as the filter criteria. This can be a character string or standard regular expression. Enter .* to filter all annotated signatures. The default is Show all (.*).
Comment — Filter annotated signatures according to annotation comment. Specify all or a portion of a comment to use as the filter criteria. This can be a character string or standard regular expression. Enter .* to filter all signatures. The default is Show all (.*).
Domain — Filter annotated signatures in this domain, as specified above.
Evaluation — Filter annotated signatures in this Evaluation, as specified above.
This applies your filter specifications and returns to the Guardian main window.
You can sort the list of signatures displayed in the Signature Explorer, Bundle Explorer, and Evaluation Summaries.
The signature lists are automatically reordered according to the selected category.
This section provides instructions for the following tasks:
You can use the Annotations Wizard to create, edit, delete, and view signature annotations.
You can access the Annotations Wizard from the Signatures List in any of the following contexts:
To open the wizard, right-click on a signature title and select Annotations > Manage Annotations from the context menu.
To create an annotation and add it to a signature, do the following:
The contents of a Signatures List may vary according to the context in which it occurs. Signatures Lists can be found in the following locations:
Right-click on the signature title and select Annotations > Manage Annotations from the context menu.
This displays the Add dialog box.
Click the down-arrow next to the Apply to field to display a drop-down menu of Annotation Targets. Select one of the following:
This adds the new annotation to the Annotations list for the selected signature.
This returns to the Guardian main window. Note that a decoration has been added to the icon for the annotated signature.
To change an existing annotation, do the following:
| Note: | If the signature is not included in the Signatures List(s), you may need to temporarily set one or more filter attributes to Show. For instructions, see Filter Signatures on page 63. |
Right-click on the title of the annotated signature and select Annotations > Manage Annotations from the context menu.
| Note: | The Edit button will be greyed out (deactivated) until you select an annotation. |
This displays the Edit dialog box for the selected annotation.
This updates the Annotations list with your changes.
This updates the appropriate Signatures Lists and returns to the Guardian main window.
| Note: | If you modified any filter settings in step 1, you can reset the filters to their original settings now. For instructions, see Filter Signatures on page 63. |
To delete an annotation, do the following:
| Note: | If the signature is not included in the Signatures List(s), you may need to temporarily set one or more filter attributes to Show. For instructions, see Filter Signatures on page 63. |
Right-click on the title of the annotated signature and select Annotations > Manage Annotations from the context menu.
| Note: | The Delete button remains deactivated until you select an annotation. |
This removes the annotation from the Annotations list for that signature.
This updates the appropriate Signatures Lists and returns to the Guardian main window.
| Note: | If you modified any filter settings in step 1, you can reset the filters to their original settings now. For instructions, see Filter Signatures on page 63. |
You can view the annotations for a signature by selecting the signature and then opening the Annotations Wizard. The Annotations Wizard displays a table of all annotations for the selected signature.
You can access the Annotations Wizard from the Signatures List in any of the following contexts:
To open the wizard, right-click on a signature title and select Annotations > Manage Annotations from the context menu.
You can use Signature Filters to specify which signatures to display in the Signature Explorer, Bundle Explorer, and Evaluation Summaries. Some filters apply specifically to annotated signatures and their attributes.
This section provides instructions for applying filters to annotated signatures, only. For complete instructions on using Signature Filters, see Filter Signatures on page 63.
To apply Annotation Filters, do the following:
In the Signatures List, right-click on a signature name and select Filters... from the context menu.
Click a radio button to specify Show or Hide for each filter. The Signature Filters that apply to annotations are as follows:
Type — Filter annotated signatures according to Annotation Type. Click a checkbox to select/deselect a type. There are two Annotation Types: Flag and Ignore. The default is Hide signatures with an Annotation Type of Ignore.
Annotation Name — Filter annotated signatures according to Annotation Name. Specify all or a portion of an Annotation Name to use as the filter criteria. This can be a character string or a standard regular expression. Enter .* to filter all annotated signatures. The default is Show all (.*).
Comment — Filter annotated signatures according to annotation comment. Specify all or a portion of a comment to use as the filter criteria. This can be a character string or standard regular expression. Enter .* to filter all signatures. The default is Show all (.*).
This applies your filter specifications and returns to the Guardian main window.
This section provides instructions for the following tasks:
You can use the Bundle Explorer to view the available Signature Bundles and their contents. For a detailed description of the Bundle Explorer, see Bundle Explorer on page 101 in Reference.
To display an overview of the contents of a Bundle, do the following:
This section provides instructions for the following tasks:
A Shortcut enables you to streamline the evaluation procedure by predefining and storing the domain, Signature Bundle, and other parameters for evaluations that you perform frequently. You can then evaluate the Shortcut, saving you the effort of re-entering the values each time you want to run the evaluation.
A Shortcut enables you to predefine the evaluation parameters for evaluations you perform frequently, saving you the effort of re-entering the values each time you run the evaluation.
There are two ways to create a Shortcut:
The following sections describe each of these procedures.
Use the Shortcut Wizard if you want to quickly create a Shortcut without evaluating the selected domain. However, you will not be able to enter and save the login credentials for the WebLogic Server Administrator or Monitor account. Consequently, you will need to enter these each time you evaluate the Shortcut. For instructions on storing the login credentials when creating a Shortcut, see Create Shortcut with Evaluation Wizard on page 71.
To use the Shortcut Wizard to create a Shortcut, do the following:
You can use any of the following methods to open the wizard:
Select a Signature Bundle from the Bundle field drop-down menu. This is the Bundle that will be evaluated against the specified domain when you evaluate the Shortcut. The default is Default Signatures.
This adds the new Shortcut to the Shortcuts Table and the Shortcut Explorer tree. For instructions on evaluating a Shortcut, see Evaluate Shortcut on page 72.
You can create a Shortcut by selecting the Save as Shortcut option when using the Evaluation Wizard to evaluate a domain. This method of creating a Shortcut enables you to enter and store the Administrator login credentials so that you need not enter them each time you evaluate the Shortcut.
To use the Evaluation Wizard to create a Shortcut, do the following:
You can use any of the following methods to open the wizard:
Select a Signature Bundle from the Bundle field drop-down menu. This is the bundle that will be evaluated against the specified domain when you evaluate the Shortcut. The default is Default Signatures.
Select this option if you want your login information to persist so that you do not have to enter it each time you evaluate this Shortcut. This is especially useful if you will be evaluating the Shortcut on a frequent basis. Usernames and passwords are encrypted when stored.
This adds the new Shortcut to the Shortcuts Table and the Shortcut Explorer tree. For instructions on evaluating a Shortcut, see Evaluate Shortcut on page 72.
A Shortcut enables you to predefine the evaluation parameters for evaluations you perform frequently, saving you the effort of re-entering the values each time you run the evaluation. To evaluate a Shortcut, use the Shortcut Evaluation Wizard.
To evaluate a Shortcut, do the following:
You can do this using any of the following methods:
The Shortcut Evaluation Wizard opens with the predefined values for the selected Shortcut displayed in the domain table. You can change the Bundle selection.
If you selected the Remember username/password option when you activated the domain or defined the Shortcut, the Username and Password fields are prefilled. Otherwise, you must enter this information before launching the evaluation.
This launches the evaluation, and returns you to the Guardian main window when the evaluation completes. As with a standard evaluation, the Domain Explorer History folders are updated to include an entry for the resulting Domain Inventory and Evaluation Summary. The results of the evaluation are displayed in an Evaluation Summary Overview in the Document Pane.
You can use either of the following methods to delete a Shortcut:
This section provides instructions for the following tasks:
The Command Line Interface (CLI) is also referred to as Guardian Headless Mode. For a complete list of Guardian Command Line Interface commands and syntax, see Command Line Interface on page 134 of the Reference section of this manual. For instructions on starting the Command Line Interface, see the next section, Start Guardian Headless Mode on page 74.
The Guardian Command Line Interface (CLI)—also referred to as Guardian Headless Mode—is a set of Guardian commands that can be issued directly from the operating system command prompt. There is a Guardian CLI command for almost every task available in the Guardian User Interface. For a complete description of these commands and their syntax, see Command Line Interface on page 134 in Reference.
To start the Guardian Command Line Interface, do the following:
| Note: | Guardian Command Line Interface commands are case sensitive. |
<root> is the parent directory for the Guardian installation directory.
The Command Line Interface uses your specified Guardian Workspace as the location for all CLI operations, unless you specify otherwise in each command. Identifying the Guardian Workspace location is essential for accessing the correct set of active domains, Domain Inventories, and Evaluation Summaries. For instructions on selecting a Guardian Workspace, see Select Workspace on page 41.
IMPORTANT: Each command must include the prefix -g with no trailing space, as shown in the following examples:
guardianHeadless.cmd -glistActiveDomains guardianHeadless.cmd -gactivateDomain -t http://localhost:9116 -u un -p pw -c true -data "D:\MyData\Guardian Data Directories\
Installer-2079" guardianHeadless.cmd -gcreateShortcut -d Naxos_localhost_9116 -b 2 guardianHeadless.cmd -gdeleteShortcut -s "Security Advisories in Naxos" The output of each command is sent to the following output file:
The output file is created in your current directory, and is overwritten each time you run a Guardian Headless Mode command.
For a complete list of Guardian Command Line Interface commands and syntax, see Command Line Interface on page 134 in Reference.
You can create a Guardian Command Line script to perform several Guardian tasks with one command. You can schedule scripts to run at specified times and intervals by using utilities such as the Windows Task Scheduler or the Linux crontab command.
To run a script, enter the following command at the operating system prompt:
<script_name> is the path and name of your CLI script.
To view the results of evaluations and inventories conducted from the CLI, use the Domain Explorer in the Guardian User Interface.
To schedule a script to run automatically at a specified time, you can use utilities such as the Windows Task Scheduler or the Linux crontab command. For instructions on scheduling scripts, see your operating system documentation.
To receive notification of detected signatures, create an evaluation script and use the Windows Task Scheduler or the Linux crontab command to schedule the script to run at regular intervals. Each time the script runs, the signature.log file in the Guardian installation directory is updated with an entry for each detected signature. You can the configure a third party management tool to scan the log for detected signatures, and notify you when one is found.
Each signature.log entry starts with four number signs (####) and includes a timestamp for the entry. Each entry with a detected signature contains the label <detected> and is followed by a brief description which is also surrounded by angle brackets. The description includes the domain name.
The following is a sample signature.log file:
####<Tue Aug 01 16:03:47 EDT 2006> <0> <g-dev_slp7_7001> <un> <0> <000022> <not detected> <Signature 000022 (Rotational Upgrade may cause java.io.StreamCorruptedException) not detected by username un evaluating bundle ID 0 in domain ID g-dev_slp7_7001.>
####<Tue Aug 01 16:03:47 EDT 2006> <0> <g-dev_slp7_7001> <un> <0> <000027> <detected> <Signature 000027 (Native IO should be enabled in production mode for better performance) detected by username un evaluating bundle ID 0 in domain ID g-dev_slp7_7001.>
####<Tue Aug 01 16:03:47 EDT 2006> <0> <g-dev_slp7_7001> <un> <0> <000055> <not detected> <Signature 000055 (JDK 1.5 is not certified for WebLogic 8.1) not detected by username un evaluating bundle ID 0 in domain ID g-dev_slp7_7001.>
This section provides instructions for the following tasks:
The BEA Guardian log files contain information that BEA Customer Support can use to diagnose and resolve issues with your system.
The Guardian log files are as follows:
guardian.log —This is located in the Guardian installation directory you specified during installation. This file contains information about every operation the Guardian application performs. signature.log — This is located in the Guardian installation directory you specified during installation. This file contains information about each evaluation performed, including entries for all detected signatures. You can also use a command line script to automatically scan the signature.log for detected signatures, and automatically notify you when new signatures are detected..log — This is located in the .metadata subdirectory of the Guardian Workspace directory you specified when starting Guardian. This file contains information about certain Guardian operations. install.log — This is located in the ../configuration/org.eclipse.update subdirectory of the Guardian installation directory you specified during installation. This contains Guardian installation details. Guardian crashes are extremely unlikely, since Guardian uses the Eclipse Rich Client Platform. If Guardian does crash, simply restart Guardian. No additional cleanup operations are required.
In the unlikely event of an exception, the recommended steps for resolving the issue are as follows:
| Tip: | To save log files, copy them to another location so that the error is among the last entries in the log file, making it easier to identify. For the location of Guardian log files, see View Logfiles on page 77. |
This section provides instructions for the following task:
You can use the Support Case Wizard to create a support case based on a detected signature, and automatically submit the case to BEA Customer Support. The wizard automatically creates the case with all of the signature-specific information required for a BEA support engineer to begin working on your case right away. You can also add any additional attachments and notes before sending the support case to BEA.
If you choose not to submit a support case, you can instead save the case information as a Case Creation Archive. Case Creation Archives are stored as files with the file name extension .car.
| Notes: | Before you can create and submit a support case, you must first associate your eSupport ID with Guardian. For information, visit the BEA Customer Support site at https://support.bea.com. |
| Note: | If you are using a proxy server for outbound Guardian communications, make sure that you have enabled and tested the outbound proxy connection. For instructions, see Enable and Test Outbound Proxy on page 55. |
To create and submit a support case, do the following:
Double-click on an Evaluation Summary entry in the Domain Explorer.
Click on a signature entry to highlight it. This displays the Description and Remedy for the signature in the bottom portion of the Evaluation Summary display in the Document Pane.
Click the Get more help from BEA support link at the bottom of the signature Remedy section to open the wizard. This automatically includes the signature details in the new support case, and displays the first page of the Support Case Wizard, which is the Support Case Notes page.
In the Additional Case Notes field, enter any additional text that may be helpful to BEA Customer Support in resolving your case.
Select the background information files to include with the support case. You can select one or more of the following:
If you elected to submit the case, enter your eSupport Username and Password. If you elected to save the case as an archive for later submittal, these fields are disabled.
Select an ID from the Enter Site ID drop down menu. If you have only one eSupport Site Identifier, this field is disabled. Otherwise, select an identifier from the Select Site drop down list.
If you elected to save the case to an archive file, a Case Creation Complete dialog box displays the date, time, and location of the file.
If you elected to submit your case, Guardian proceeds to connect to the eSupport site and submit the new support case to BEA Customer Support. When the submission completes, a Case Creation Complete dialog box displays the date, time, and location of the archive file.
This dismisses the dialog box and returns to the Guardian main window.
This section provides instructions for the following tasks:
| Notes: | Before you can update or upgrade Guardian, you must first associate your eSupport ID with Guardian. For information, visit the BEA Customer Support site at https://support.bea.com. |
| Note: | If you are using a proxy server for outbound Guardian communications, make sure that you have enabled and tested the outbound proxy connection. For instructions, see Enable and Test Outbound Proxy on page 55. |
To update Guardian, use the Update Wizard to download new BEA Guardian software and signatures from the BEA Guardian update site, http://guardian.bea.com/update.
| Notes: | Before you can update or upgrade Guardian, you must first associate your eSupport ID with Guardian. For information, visit the BEA Customer Support site at https://support.bea.com. |
| Note: | If you are using a proxy server for outbound Guardian communications, make sure that you have enabled and tested the outbound proxy connection. For instructions, see Enable and Test Outbound Proxy on page 55. |
To update Guardian, do the following:
Use one of the following methods to open the wizard:
Select this option if you want your login information to persist so that you do not have to enter it each time you create a support case.
This displays the Password Required dialog box for connecting to the Guardian Update Site.
This connects to the Guardian Update Site, initiates a search for new updates, and displays the results in the Search Results page of the wizard.
Expand the folders in the Select the features to install tree to see the available selections.
To select features, do the following:
Accept the terms in the license agreement to proceed with the installation.
Click Change Location to open a directory browser from which you can select the location. Click OK to enter your selection and close the browser. Click Next to proceed.
After the updates are installed, you are prompted as to whether to restart Guardian.
To update Guardian on servers that do not have Internet access, you can perform a manual update. To do so, first automatically update Guardian on a server that has Internet access, and then copy the updated files to the server(s) without access.
| WARNING: | If you are upgrading from Guardian 1.0.x to Guardian 1.1.0 and want to preserve your Guardian Registry, you must first back up and then manually update the Guardian Registry. For instructions, see Manually Update Guardian Registry on page 86. Please also refer to the Guardian 1.1 Installation Guide and Guardian 1.1 Release Notes for additional important information. |
To manually update Guardian, do the following;
For instructions, see Automatically Update Guardian on page 81.
Select File > Exit from the titlebar menu.
Copy the following directory and all of its contents from the updated server to the offline server(s) you want to update, overwriting the old contents:
<..>\guardian\repository\archives
<..> is the parent directory of the Guardian installation root directory. The Guardian installation root directory is named guardian.
| Note: | If you only want to update the Guardian Signatures Repository but not the Guardian application itself, you can skip the remainder of these steps. |
The Signature Features directories are kept in the following directory:
<..> is the parent directory of the Guardian installation root directory. The Guardian installation root directory is named guardian.
The Signature Features directories are named according to the following convention:
com.bea.guardian.feature.signature.weblogic_<old_version>
<old_version> is the old signature release version.
..\guardian\features\com.bea.guardian.feature.signature.weblogic_1.0.42
Copy the following directory and all of its contents from the updated machine to the offline server(s):
..\guardian\features\com.bea.guardian.feature.signature.weblogic_<CurVersion>
<..> is the parent directory of the Guardian installation root directory. The Guardian installation root directory is named guardian.
<CurVersion> is the most current signature release version.
The Signature Plugins JAR files reside in the following directory:
<..> is the parent directory of the Guardian installation root directory. The Guardian installation root directory is named guardian.
The files are named according to the following convention:
com.bea.guardian.signature.weblogic_<old_version>
<old_version> is the old signature release version.
Copy the following file from the updated machine to the offline server(s):
..\guardian\plugins\com.bea.guardian.signature.weblogic_<CurVersion>
<..> is the parent directory of the Guardian installation root directory. The Guardian installation root directory is named guardian.
<CurVersion> is the most current signature release version.
If you are upgrading from Guardian 1.0.x to Guardian 1.1, you must manually update the Guardian Registry. For instructions, please see the Guardian 1.1 Installation Guide and the Guardian 1.1 Release Notes.
You can use the Product Configuration page to check the current configuration for a Guardian installation. This is especially useful if you have manually updated Guardian and want to check that the update was completed correctly.
To check the current Guardian configuration, do the following:
|