RTM console (rcon)

You can use the NAM Probe's RTM console ("rcon") to check on the operation of the decryption mechanism.

Starting and stopping rcon

  • To run the RTM console (rcon), sign in to the NAM Probe as the root user and execute the rcon command.
    [root@server-name ~]# rcon
    Dynatrace NAM Probe Console, ver. 19.0.2.65 Linux
    Log file: /var/log/adlex/rcon.log
    >$
    
    At this point, you can issue the rcon commands described below.
  • To exit rcon and return to the system prompt, type exit.
    >$ exit
    Console terminates
    Bye, bye
    [root@server-name ~]#
    
Alternate access

To issue rcon commands directly from the system prompt (without entering the RTM console), type rcmd followed by the rcon command you want to use. This invokes rcon to run a single rcon command.

In this example, we use rcmd to issue the rcon command show version directly from the system prompt. The output of the rcon command is displayed but you remain at the system prompt (not the rcon prompt):

[root@server-name ~]# rcmd show version
RTMHS v. 19.0.2.65 Linux_x86_64 Copyright (C) 1999-2019 Dynatrace LLC.  
[root@server-name ~]#

Syntax tips

Enclose the command in double or single quotation marks to prevent the shell from interpreting special characters that are to be passed to rcon. If double quotation marks are a part of the rcon command, enclose the command in single quotes.

  • In this example, no quotation marks are necessary. The output is redirected to a file:

    [root@servername ~]# rcmd show status > sout  
    
  • In this example, we use quotes (single or double) because the greater-than sign ">" would otherwise be interpreted by the shell and a file named 5 would be created:

    [root@servername ~]# rcmd 'nfdump start "ip[0] & 0xf > 5" '
    
  • In this example, we use normal shell redirection to save the previous example to a file:

    [root@servername ~]# rcmd 'nfdump start "ip[0] & 0xf > 5" ' > sout
    
  • In this example, we use single quotes so we can pass the double quotes to the rcmd command:

    [root@servername ~]# rcmd 'ssldecr certs "/usr/tmp"'  
    

Commonly used rcon commands

The following are commonly used rcon commands.

HELP

Lists all commands (names and descriptions) or a specific commands.

SHOW VERSION

Displays version information

SHOW UPTIME

Displays when the system was last started and how long it has been up.

SHOW STATUS

Displays various types of status information. Note that some of the individual sections of the output can be generated separately by executing status commands related to the particular functionality only.

SHOW MEMORY

Displays memory usage per object type.

SHOW SESSIONS

Displays session information.

SHOW LICENSES

Displays all valid licenses currently present on the NAM Probe. Each row lists a license and the expiration date of that license (in human-readable format and Linux epoch time).

RELOAD LICENSES

Forces the NAM Probe to read and load all license files present in the /usr/adlex/config folder.

The command does not generate any output unless problems are encountered during command execution.

SHOW ANALYZER

Displays the status of all analyzers on the NAM Probe.

  • The output of show analyzer can be extensive. Enter help show analyzer to get a list of optional parameters you can use to focus the output on what you need to know.

Examples:

SNCDECR STATUS

Displays SNC decryptor diagnostic information. Examples:

  • sncdecr status — SNC decryptor diagnostics
  • sncdecr status all — SNC decryptor diagnostics - all details on all servers
  • sncdecr status 10.10.10.11 — SNC decryptor diagnostics for server 10.10.10.11
  • sncdecr status 10.10.10.11 443 — SNC decryptor diagnostics for server 10.10.10.11, port 443

SSLDECR CIPHERS

Displays cipher suites detected during decryption (with an option to list all available ciphers).

  • ssldecr ciphers — show cipher suites detected during decryption
  • ssldecr ciphers all — show cipher suites detected during decryption (with option to list all available ciphers).

SSLDECR KEYS

Displays keys read by decryptor (with an option to force a reload of all private keys).

  • ssldecr keys — show SSL keys
  • ssldecr keys reload — show SSL keys with option to reload all private keys

SSLDECR STATUS

Displays the status for the decryption engine and lists the statistics of the observed sessions. Internal decryptor diagnostics are also provided. You can use the command with the following options:

  • ssldecr status — show the summary status for all servers.
  • ssldecr status all — show the detailed status for each server individually.
  • ssldecr status 10.10.10.11 — show the detailed status for server 10.10.10.11.
  • ssldecr status 10.10.10.11 443 — show the detailed status for server 10.10.10.11, port 443.

All information and statistics returned by this command relate to the period of time since the last restart of the device.

  • The CONFIGURATION section of the output gives status information for the decryption engine. Note the SSL engine mode (native, auto, or thread) included in parentheses and statistics of how many private keys have been matched or failed to match.
  • The SESSIONS section of the output gives session statistics.
    • There are no statistics for “partially decrypted session in progress” (sessions with some errors but for which decryption is still continuing). This is because as soon as there is an error, the decryption process is terminated and the session is counted as “finished” even though the actual transfer of data may still continue and byte and packet statistics still counted.
    • The term “reused sessions” indicates sessions for which the server agrees to continue using an already established session key from earlier on. This is referred to as a short handshake, as compared to a long handshake when the entire process of establishing an SSL connection is started again.

SSLDECR CERTS

Displays discovered SSL certificates.

  • ssldecr certs — show all discovered SSL certificates.
  • ssldecr certs 10.10.10.11 — show all discovered SSL certificates for IP address 10.10.10.11.
  • ssldecr certs 10.10.10.11 443 — show all discovered SSL certificates for IP address 10.10.10.11, port 443.