Configuring System Settings
  
Configuring System Settings
This chapter describes how to configure settings that manage the system. It includes the following sections:
•  Setting Announcements
•  Configuring Alarms
•  Configuring the Date and Time
•  Configuring SNMP Basic Settings
•  Configuring SNMPv3 Settings
•  Configuring Authentication and Access Control
•  Setting Up Email Notifications
•  Configuring Log Settings
•  Viewing Permissions
•  Managing Configuration Files
Setting Announcements
You can create or modify a login message or a message of the day in the Announcements page. The login message appears in the Interceptor Login page. The message of the day appears on the Dashboard and when you first log in to the CLI.
To set an announcement
1. Choose Administration > System Settings: Announcements to display the Announcements page.
2. Use the controls to complete the configuration as described in this table.
Control
Description
Login Message
In the text box, type a message to appear on the Login page.
MOTD
In the text box, type a message to appear on the Dashboard page.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
Configuring Alarms
You can set and configure alarms in the Alarms page.
Enabling alarms is optional.
Some alarms have rising and reset thresholds. When an alarm reaches the rising threshold, it is activated; when it reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold.
When an alarm reaches the rising threshold, it is activated; it is reset when it reaches the lowest or reset threshold. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold.
You can also enable alerts that send email messages if the specified condition occurs.
To set alarms
1. Choose Administration > System Settings: Alarms to display the Alarms page.
Figure: Alarms Page
2. Under Enable Alarms, use the controls to complete the configuration as described in this table.
3. Click Apply to apply the settings to the current configuration.
Control
Description
Admission Control
Enables an alarm when the following admission control conditions are met:
•  Connection Limit - Sets an alarm that triggers when the connection limit is exceeded.
•  Memory - Sets an alarm that triggers when the appliance memory is exceeded.
•  Service Limit - Sets an alarm that triggers when the number of connections receiving unoptimized service has exceeded the supported limit.
CPU Utilization
Enables an alarm if the average and peak threshold for the CPU utilization is exceeded. When an alarm reaches the rising threshold, it is activated; when it reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold.
By default, this alarm is enabled.
Set the following:
•  Rising Threshold - Specify a whole number to specify a percent of CPU utilization. The default value is 100 percent.
•  Reset Threshold - Specify a whole number to specify a percent of CPU utilization. The default value is 95 percent.
Disk Full
Enables an alarm if one or more of the following partitions on the disk are full:
•  /boot Full
•  /bootmgr Full
•  /config Full
•  /tmp/mnt/config Full
•  /var Full
Hardware
Enables an alarm when the selected hardware conditions are met:
•  Fan Error - If a fan is failing or has failed and needs to be replaced.
•  Memory Error - If a memory error has occurred (for example, when a system memory stick fails).
•  Other Hardware Error - If other hardware issues occur: not enough disk, memory, CPU cores, or NIC cards to support the current configuration.
•  Power Supply - If an inserted power supply cord does not have power, as opposed to a power supply slot with no power supply cord inserted.
•  RAID - Enables an alarm and sends an email notification if the system encounters an error with the RAID array (for example, missing drives, pulled drives, drive failures, and drive rebuilds).
–  RAID Disk 0 Status - Checks error status of disk 0.
–  RAID Disk 1 Status - Checks error status of disk 1.
Along with an email notification, an audible alarm might also sound. By default, this alarm is enabled. To see if a disk has failed, enter this CLI command from the system prompt:
show raid diagram
For drive rebuilds, if a drive is removed and then reinserted, the alarm continues to be triggered until the rebuild is complete. Rebuilding a disk drive can take 4 to 6 hours. This alarm applies only to the SteelHead Interceptor RAID Series 3000, 5000, and 6000.
Licensing
Enables an alarm when the selected licensing conditions are met:
•  Appliance Unlicensed - This alarm triggers if the SteelHead Interceptor has no BASE or MSPEC license installed for its currently configured model.
Note: Two additional alarms are displayed—Autolicense Critical Event and Autolicense Informational Event. Though these alarms are displayed, these alarms apply only to SteelHeads. These alarms have no impact on the SteelHead Interceptor.
•  License(s) Expired - This alarm triggers if one or more features have at least one license installed, but all of them are expired.
•  License(s) Expiring - This alarm triggers if the license for one or more features is going to expire within two weeks.
Link Duplex
Enables an alarm and sends an email notification when an interface was not configured for half-duplex negotiation but has negotiated half-duplex mode. Half-duplex significantly limits the optimization service results.
By default, this alarm is enabled. The alarm displays which interface is triggering the Link Duplex alarm.
Each interface is individually listed and reported.
Link I/O Errors
Enables an alarm and sends an email notification when the link error rate exceeds 0.1 percent while either sending or receiving packets. This threshold is based on the observation that even a small link error rate reduces TCP throughput significantly. A properly configured LAN connection experiences very few errors.
The alarm clears when the rate drops below 0.05 percent.
You can change the default alarm thresholds by entering the alarm error-threshold CLI command at the system prompt. For details, see the Riverbed Command-Line Interface Reference Manual.
By default, this alarm is enabled. The alarm displays which interface is triggering the Link I/O Errors alarm.
Each interface is individually listed and reported.
Link State
Enables an alarm if the system has detected a link that is down.
Each interface is individually listed and reported.
Link State Propagation
Enables an alarm if the SteelHead Interceptor has detected a change in link state and propagated the change to the dynamic routing table.
•  Link State Propagation on All Enabled Links - Link state change propagated on all enabled links
•  Link State Propagation on Specific Links - Link state change propagated on specific links
The SteelHead Interceptor monitors the link state of devices in its path, including routers, switches, interfaces, and in-path interfaces.
Load Balancing Alerts
Enables an alarm when the selected load balancing conditions are met:
•  Load Balance Service - If the load-balancing service is not properly configured.
•  Oversubscription Alert - If the total capacity of the remote SteelHead is much greater than the total capacity of the local SteelHead.
Note: When displayed, these alerts indicate the instances affected.
Local Cluster Alerts
Enables an alarm when the selected local cluster conditions are met:
•  Local SteelHead Disconnection Alert - If a local SteelHead is disconnected from the cluster.
•  Local SteelHead Interceptor Disconnection Alert - If a local SteelHead Interceptor is disconnected from the cluster.
•  SteelHead Admission Control Alert - If a local SteelHead is under admission control.
•  SteelHead Capacity Alert - If a local SteelHead is near to or has reached capacity.
•  SteelHead Permanent Capacity Adjustment Alert - If capacity reduction has been triggered for a local SteelHead.
•  Version Incompatibility Alert - If version incompatibility exists among cluster appliances.
Note: This alarm may also trigger if there are path selection configuration mismatches between the SteelHead and the SteelHead Interceptor.
–  Version Incompatibility SteelHead Alert - If version incompatibility exists among SteelHeads.
–  With SteelHead Interceptor 4.5.2 and later, this alert is also triggered if mixed 9350 and 9600 appliances are running in the same cluster. To correct this issue, use the CLI to configure the 9600 appliance to run in 9350 mode.
–  Version Incompatibility SteelHead Interceptor Alert - If version incompatibility exists among SteelHead Interceptors.
Memory Paging
Enables an alarm when extended memory paging activity is detected.
If 100 pages are swapped every couple of hours, the appliance is functioning properly. If thousands of pages are swapped every few minutes, contact Riverbed Technical Support at the follolwing link:

https://support.riverbed.com
This alarm is enabled by default.
Network Bypass
Enables an alarm when the system enters bypass mode.
Process Dump Creation Error
Enables an alarm and sends an email notification if the system detects an error while trying to create a process dump. This alarm indicates an abnormal condition where RiOS cannot collect the core file after three retries. It can be caused when the /var directory is reaching capacity or other conditions. When the alarm is raised, the directory is blacklisted.
By default, this alarm is enabled.
Suspected Scanner Traffic Alert
Triggers an alarm when a scanner is suspected.
Temperature
Triggers an alarm when the CPU temperature exceeds the rising threshold. When the CPU returns to the reset threshold, the rising alarm is cleared. The default value for the rising threshold temperature is 70ºC; the default reset threshold temperature is 67ºC.
•  Critical Temperature - Enables an alarm and sends an email notification if the CPU temperature exceeds the rising threshold. When the CPU returns to the reset threshold, the critical alarm is cleared. The default value for the rising threshold temperature is 70ºC; the default reset threshold temperature is 67ºC.
•  Warning Temperature - Enables an alarm and sends an email notification if the CPU temperature approaches the rising threshold. When the CPU returns to the reset threshold, the warning alarm is cleared.
–  Rising Threshold - Specify the rising threshold (ºC). When an alarm reaches the rising threshold, it is activated. The default value is 70ºC.
–  Reset Threshold - Specify the reset threshold (ºC). When an alarm reaches the lowest or reset threshold, it is reset. After an alarm is triggered, it is not triggered again until it has fallen below the reset threshold. The default value is 67ºC.
After the alarm triggers, it cannot trigger again until after the temperature falls below the reset threshold and then exceeds the rising threshold again
4. Click Save to save your settings permanently.
Configuring the Date and Time
You set the date and time in the Administration > System Settings: Date/Time page.
You can either set the system date and time by entering it manually or by assigning an NTP server to the SteelHead Interceptor. By default, the appliance uses the Riverbed-provided NTP server:
•  0.riverbed.pool.ntp.org
•  1.riverbed.pool.ntp.org
•  2.riverbed.pool.ntp.org
•  3.riverbed.pool.ntp.org
For more details, see Current NTP Status in the SteelHead Management Console User’s Guide.
This section includes the following topics:
•  Current NTP Server Status
•  NTP Authentication
•  NTP Servers
•  NTP Authentication Keys
•  NTP Key Information
To configure the date and time
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
Figure: Date/Time Page
2. Under Date and Time, complete the configuration as described in this table.
Control
Description
Time Zone
Select the time zone from the drop-down list. The default is US/Pacific.
Note: If you change the time zone, log messages retain the old time zone until you reboot the system.
Set Time Manually
Select this option to set the time manually.
•  Change Date - Specify the Change Date. Use the following format: yyyy/mm/dd
•  Change Time - Specify the Change Time. Use the following format: hh:mm:ss
Use NTP Time Synchronization
Select this option to use NTP time synchronization.
As a best practice, configure your own internal NTP servers; however, you can use the Riverbed-provided NTP server and public NTP servers. The hard coded IP address that is preconfigured into every SteelHead Interceptor is 208.70.196.25. This IP address and the public NTP servers are enabled by default and appear in the requested NTP server list.
3. Click Apply to apply the settings to the current configuration.
4. Click Save to save your settings permanently.
Current NTP Server Status
NTP server state information appears in these server tables:
•  Requested NTP server table - Displays all of the configured NTP server addresses.
•  Connected NTP server table - Displays all of the servers to which the SteelHead is actually connected.
When you request a connection to an NTP server in a public NTP server pool, the server IP address does not map to the actual NTP server to which the SteelHead Interceptor connects. For example, if you request *.riverbed.pool.ntp.org, querying the pool address does not return the IP address of the pool hostname, but instead returns the IP address of an NTP server within its pool. For example, when resolving 0.riverbed.pool.ntp.org returns the first NTP server, the connected NTP server table displays the IP address of this first NTP server.
This information appears after an NTP server name:
•  Authentication information; unauthenticated appears after the server name when it is not using authentication.
•  When RiOS has no NTP information about the current server, nothing appears.
NTP Authentication
NTP authentication verifies the identity of the NTP server sending timing information to the SteelHead Interceptor. RiOS 8.5 supports MD5-based Message-Digest Algorithm symmetric keys and Secure Hash Algorithm (SHA1) for NTP authentication. MD5 is a widely used cryptographic hash function that produces a 128-bit (16-byte) hash value. SHA1 is a set of related cryptographic hash functions. SHA1 is considered to be the successor to MD5.
NTP authentication is optional.
•  Configuring NTP authentication involves these steps that you can perform in any order:
•  Configure a key ID and a secret pair.
•  Configure the key type.
•  Configure the NTP server with the key ID.
NTP Servers
The default NTP configuration points to the Riverbed-provided NTP server IP address 208.70.196.25 and these public NTP servers:
•  0.riverbed.pool.ntp.org
•  1.riverbed.pool.ntp.org
•  2.riverbed.pool.ntp.org
•  3.riverbed.pool.ntp.org
Riverbed recommends synchronizing the SteelHead to an NTP server of your choice.
To add a new NTP server
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
2. Under Requested NTP Servers, complete the configuration as described in this table.
Control
Description
Add a New NTP Server
Displays the controls to add a new NTP server.
Hostname or IP Address
Specify the hostname or IP address for the NTP server.
Version
Select the NTP server version from the drop-down list: 3 or 4.
Enabled/Disabled
Select Enabled from the drop-down list to enable the connection to the NTP server. Select Disabled from the drop-down list to disable the connection to the NTP server.
Key ID
Specify the MD5 key identifier to use to authenticate the NTP server. The valid range is 1 to 65534. The key ID must be on the trusted keys list.
Add
Adds the NTP server to the server list.
Remove Selected
Select the check box next to the name and click Remove Selected.
NTP Authentication Keys
NTP authentication uses a key and a shared secret to verify the identity of the NTP server sending timing information to the SteelHead Interceptor. RiOS encrypts the shared secret text using MD5 or SHA1, and uses the authentication key to access the secret.
To add a new NTP authentication key
1. Choose Administration > System Settings: Date/Time to display the Date/Time page.
2. Under NTP Authentication Keys, complete the configuration as described in this table.
Control
Description
Add a New NTP Authentication Key
Displays the controls to add a new NTP authentication key. Both trusted and untrusted keys appear in the list.
Key ID
Specify the secret MD5 key identifier for the NTP peer or server. The valid range is 1 to 65534.
Key Type
Select the authentication key type: MD5 or SHA1.
Secret
Specify the shared secret. You must configure the same shared secret for both the NTP server and the NTP client.
The MD5 shared secret has the following characteristics:
•  Is limited to 16 alphanumeric characters or less, or exactly 40 hexadecimal characters.
•  Cannot include spaces or a pound (#) sign.
•  Cannot be empty.
•  Is case sensitive.
The SHA1 shared secret has the following characteristics:
•  Is limited to exactly 40 hexadecimal characters.
•  Cannot include spaces or a pound (#) sign
•  Cannot be empty.
•  Is case sensitive.
The secret appears in the key list as its MD5 or SHA1 hash value.
Add
Adds the authentication key to the list.
Remove Selected
Select the check box next to the name and click Remove Selected.
Note: After you apply your settings, you can verify whether changes have had the desired effect by reviewing related reports. When you have verified appropriate changes, you can write the active configuration that is stored in memory to the active configuration file (or click Save As to save as any file name you choose).
NTP Key Information
NTP keys appear in a list that includes the key ID, type, secret (displays as the MD5 or SHA1 hash value), and whether RiOS trusts the key for authentication.
You can only remove a key from the trust list using the CLI command ntp authentication trustedkeys. For details, see the Riverbed Command-Line Interface Reference Manual.
Configuring SNMP Basic Settings
You configure SNMP basic contact and trap receiver settings in the SNMP Basic page.
Traps are messages sent by an SNMP entity that indicate the occurrence of an event. The default system configuration does not include SNMP traps. The text of the Interceptor MIB is available through the Interceptor Management Console Support tab as described in .
Note: By default, SNMP is not enabled.
To set SNMP Basic parameters
1. Choose Administration > System Settings: SNMP Basic to display the SNMP Basic page.
Figure: SNMP Basic Page
2. Under SNMP Server Settings, complete the configuration as described in this table.
Control
Description
Enable SNMP Traps
Select to enable SNMP traps.
System Contact
Specify the username for the SNMP contact.
System Location
Specify the physical location of the SNMP system.
Read-Only Community String
Specify a password-like string to identify the read-only community: for example, public. This community string overrides any VACM settings.
3. Click Apply to apply your changes to the running configuration.
4. Click Save to save your settings permanently.
To add or remove a trap receiver
1. Under Trap Receivers, complete the configuration as described in this table.
Control
Description
Add a New Trap Receiver
Displays the controls to add a new trap receiver.
Receiver
Specify the destination IP address for the SNMP trap.
Destination Port
Specify the destination port.
Receiver Type
Select v1, v2c, or v3 (user-based security model) for SNMP version.
Community
For v1 or v2c trap receivers, specify the SNMP community name; for example, public or private v3 trap receivers need a remote user with an authentication protocol, a password, and a security level.
Remote User (v3 trap receivers only)
Specify the remote user.
Authentication
(Appears only when you select v3). Optionally, select either Supply a Password or Supply a Key to use while authenticating users.
Authentication Protocol
(Appears only when you select v3). Select the protocol from the drop-down list.
Password/Password Confirm
(Appears only when you select v3). Specify and confirm the password.
Security Level
(Appears only when you select v3). Select the security level from the drop-down list.
Enable Receiver
Select to enable the new trap receiver. Clear to disable the receiver.
Add
Adds the new trap receiver to the list.
Remove Selected
Select the check box next to the name and click Remove Selected.
2. Click Save to save your settings permanently.
To test an SNMP trap
1. Choose Administration > System Settings: SNMP Basic to display the SNMP Basic page.
2. Under SNMP Trap Test, click Run.
Configuring SNMPv3 Settings
You configure SNMPv3 settings in the SNMP v3 page.
SNMPv3 provides additional authentication and access control for message security. For example, you can verify the identity of the SNMP entity (manager or agent) sending the message.
Using SNMPv3 is more secure than SNMPv1 or SNMPv2; however, it requires more configuration steps to provide the additional security features.
Basic Steps
This process is comprised of the following set of procedures:
1. Create the SNMP-server users. Users can be authenticated using either a password or a key.
2. Configure SNMP-server views to define which part of the SNMP MIB tree will be visible.
3. Configure SNMP-server groups, which map users to views, allowing you to control who can view what SNMP information.
4. Configure the SNMP-server access policies that contain a set of rules defining access rights. Based on these rules, the entity decides how to process a given request.
To create users for SNMPv3
1. Choose Administration > System Settings: SNMP v3 to display the SNMP v3 page.
Figure: SNMP v3 Page
2. Under Users, complete the configuration as described in this table.
Control
Description
Add a New User
Displays the controls to add a new user.
User Name
Specify the username.
Authentication Protocol
Select an authentication method from the drop-down list:
•  MD5 - Specifies the Message-Digest 5 algorithm, a widely used cryptographic hash function with a 128-bit hash value. This is the default value.
•  SHA - Specifies the Secure Hash Algorithm, a set of related cryptographic hash functions. SHA is considered to be the successor to MD5.
Authentication
Optionally, select either Supply a Password or Supply a Key to use for authenticating users.
MD5 Key
(Appears only if you select Supply a Key). Specify the MD5 key.
Password/Password Confirm
(Appears only if you select Supply a Password). Specify a password. The password must have a minimum of eight characters. Confirm the password in the Password Confirm text box.
Use Privacy Option
Select the check box to enable privacy option.
•  Privacy Protocol - Select AES or DES from the drop-down menu.
•  Privacy - Select the password or key option from the drop-down menu. Depending on the option selected, you might need to specify an additional password or key value.
Add
Adds the user.
Remove Selected
Select the check box next to the name and click Remove Selected.
3. Click Add to apply your changes to the running configuration.
4. Click Save to save your settings permanently.
Configuring Authentication and Access Control
You configure SNMP authentication and access control in the SNMP ACLs page.
The features on this page apply to SNMPv1, SNMPv2c, and SNMPv3 unless noted otherwise:
•  Security Names - Identify an individual user (SNMPv1 or SNMPv2c only).
•  Groups - Identify a security-name, security model by a group, and referred to by a group-name.
•  Views - Create a custom view using the View Access Control Model (VACM) that controls who can access which MIB objects under agent management by including or excluding specific object identifiers (OIDs). For example, some users have access to critical read-write control data, while some users have access only to read-only data. For a list of OIDs, see SNMP Traps.
•  Security Models - A security model identifies the SNMP version associated with a user for the group in which the user resides.
•  Access Policies - Defines who gets access to which type of information. An access-policy is comprised of group-name, security-model, security-level, and read-view-name.
An access-policy is the configurable set of rules, based on which, the entity decides how to process a given request.
To set secure usernames
1. Choose Administration > System Settings: SNMP ACLs to display the SNMP ACLs page.
Figure: SNMP ACLs Page
2. Under Security Names, complete the configuration as described in this table.
Control
Description
Add a New Security Name
Displays the controls to add a security name.
Security Name
(SNMPv1 and SNMPv2c only) Specify a name to identify a requestor allowed to issue gets and sets. The security name may make changes to the View Based Access Control Model (VACM) security name configuration.
Note: Traps for SNMPv1 and SNMPv2c are independent of the security name.
Community String
Specify the password-like community string to control access. Use a combination of uppercase, lowercase, and numerical characters to reduce the chance of unauthorized access to the SteelHead Interceptor.
Note: If you specify a read-only community string (located in the SNMP Basic page under SNMP Server Settings), it takes precedence over this community name and allows users to access the entire MIB tree from any source host. If this is not desired, delete the read-only community string.
Source IP Address and Mask Bits
Specify the host IP address and mask bits to which you permit access using the security name and community string.
Add
Adds the security name.
Remove Selected
Select the check box next to the name and click Remove Selected.
3. Click Save to save your settings permanently.
To set secure groups
1. Choose Administration > System Settings: SNMP ACLs to display the SNMP ACLs page.
Figure: SNMP ACLs Page - Groups
2. Under Groups, complete the configuration as described in this table.
Control
Description
Add a New Group
Displays the controls to add a new group
Group Name
Specify a group name.
Security Models and Name Pairs
Select a security model from the first drop-down list:
•  v1 - Select this list item to specify SNMPv1 as the security model, and then select a security name from the second drop-down list.
•  v2c - Select this item to specify SNMPv2 as the security model, and then select a security name from the second drop-down list
•  usm - Select this item to specify SNMPv3 (User-based Security Model), and then select a user from the second drop-down list.
To add another Security Model and Name pair, click the plus sign (+). To remove a Security Model and Name pair, click the minus sign (-).
Add
Adds the new groups to the list.
Remove Selected
Removes the selected groups from the list.
3. Click Save to save your settings permanently.
To set secure views
1. Choose Administration > System Settings: SNMP ACLs to display the SNMP ACLs page.
Figure: SNMP ACLs Page - Views
2. Under Views, complete the configuration as described in this table.
Control
Description
Add a New View
Displays the controls to add a new view.
View Name
Specify a descriptive view name to facilitate administration.
Includes
Specify the object identifiers (OIDs) to include in the view, separated by commas: for example, 1.3.6.1.4.1. By default, the view excludes all OIDs.
You can specify .iso or any subtree or subtree branch.
You can specify an OID number or use its string form: for example,
iso.org.dod.internet.private.enterprises.rbt.products.steelhead.system.model
Excludes
Specify the OIDs to exclude in the view, separated by commas. By default, the view excludes all OIDs.
Add
Adds the view.
Remove Selected
Select the check box next to the name and click Remove Selected.
3. Click Save to save your settings permanently.
To add an access policy
1. Choose Administration > System Settings: SNMP ACLs to display the SNMP ACLs page.
Figure: SNMP ACLs Page
2. Under Access Policies, complete the configuration as described in this table.
Control
Description
Add a New Access Policy
Displays the controls to add a new access policy.
Group Name
Select a group name from the drop-down list.
Security Level
Determines whether a single atomic message exchange is authenticated. Select one of the following from the drop-down list:
•  No Auth - Does not authenticate packets and does not use privacy. This is the default setting.
•  Auth - Authenticates packets but does not use privacy.
Note: A security level applies to a group, not to an individual user.
Read View
Select a view from the drop-down list.
Add
Adds the policy to the policy list.
Remove Selected
Select the check box next to the name and click Remove Selected.
3. Click Save to save your settings permanently.
Setting Up Email Notifications
You set email notification parameters for events and failures in the Email page.
By default, no email addresses are specified for event and failure notification.
To set event and failure email notification
1. Choose Administration > System Settings: Email to display the Email page.
Figure: Email Page
2. Complete the configuration as described in this table.
Control
Description
SMTP Server
Specify a valid SMTP server. External DNS and external access for SMTP traffic is required for this feature to function.
SMTP Port
Specify the port in the SMTP server.
Report Events via Email
Select this option to report events using email.
Specify a space-separated list of email addresses to which to send notification messages.
To complete SNMP settings, see Configuring SNMP Basic Settings.
Report Failures via Email
Select this option to report serious failures, such as system crashes, using email.
Specify a space-separated list of email addresses to which to send notification messages.
Override Default Sender’s Email
Select this option to specify a sender email address instead of the default “do-not-reply” sender email address.
Report Failures to Technical Support
Select this option to report serious failures, such as system crashes, to Riverbed Technical Support.
Riverbed recommends that you activate this feature so that problems are promptly corrected.
3. Click Apply to apply your settings to the running configuration.
4. Click Save to save your changes to the running configuration.
Configuring Log Settings
You set up local and remote logging options in the Logging page.
By default, the system rotates each log file every 24 hours or if the file size reaches one Gigabyte uncompressed. You can change this default setting to rotate every week or month and you can rotate the files based on file size.
The automatic rotation of system logs deletes your oldest log file, labeled as Archived log #10, pushes the current log to Archived log # 1, and starts a new current-day log file.
This section describes how to modify local logging and how to set remote logging for the SteelHead Interceptor. It includes the following sections:
•  Setting Up System Logging
•  Adding or Removing a Remote Log Server
•  Filtering Logs by Application or Process
Setting Up System Logging
You set up system logging for the system in the Logging page.
To set up system logging
1. Choose Administration > System Settings: Logging to display the Logging page.
Figure: Logging Page
2. To rotate the logs immediately, under Log Actions at the bottom of the page, click Rotate Logs.
After the logs are rotated, the following message appears:
“logs have been successfully rotated”
When you click Rotate Logs, your archived file #1 contains data for a partial day because you are writing a new log before the current 24-hour period is complete.
3. Under Logging Configuration, complete the configuration as described in this table.
Control
Description
Minimum Severity
Select the minimum severity level for the system log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list:
•  Emergency - Emergency, the system is unusable.
•  Alert - Action must be taken immediately.
•  Critical - Conditions that affect the functionality of the SteelHead.
•  Error - Conditions that probably affect the functionality of the SteelHead.
•  Warning - Conditions that could affect the functionality of the SteelHead, such as authentication failures.
•  Notice - Normal but significant conditions, such as a configuration change.
•  Info - Informational messages that provide general information about system operations.
Note: This control applies to the system log only. It does not apply to the user log.
Maximum Number of Log Files
Specify the maximum number of logs to store. The default value is 10.
Lines Per Log Page
Specify the number of lines per log page. The default value is 100.
Rotate Based On
Select one of the following rotation options:
•  Time - Select Day, Week, or Month from the drop-down list.
•  Disk Space - Specify how much disk space, in megabytes, the log uses before it rotates. The default value is 16 MB.
Note: The log file size is checked at ten-minute intervals. If there is an unusually large amount of logging activity, it is possible for a log file to grow larger than the set disk space limit in that period of time.
4. Click Apply to apply your changes to the running configuration.
5. Click Save to save your settings permanently.
Adding or Removing a Remote Log Server
You add or remove a remote log servers in the Logging page.
To add or remove a log server
1. Choose Administration > System Settings: Logging to display the Logging page.
Figure: Logging Page
2. Under Remote Log Servers, complete the configuration as described in this table.
Control
Description
Add a New Log Server
Displays the controls for configuring new log servers.
Server IP
Specify the server IP address.
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list:
•  Emergency - Emergency, the system is unusable.
•  Alert - Action must be taken immediately.
•  Critical - Conditions that affect the functionality of the SteelHead Interceptor.
•  Error - Conditions that probably affect the functionality of the SteelHead Interceptor.
•  Warning - Conditions that could affect the functionality of the SteelHead Interceptor, such as authentication failures.
•  Notice - Normal but significant conditions, such as a configuration change.
•  Info - Informational messages that provide general information about system operations.
Add
Adds the server to the list.
Remove Selected
Click the check box next to the name and click Remove Selected.
3. Click Save to save your settings permanently.
Filtering Logs by Application or Process
You can filter a log by one or more applications or one or more processes. This is particularly useful when capturing data at a lower severity level where a SteelHead Interceptor might not be able to sustain the flow of logging data the service is committing to disk.
To filter a log
1. Choose Administration > System Settings: Logging to display the Logging page.
Figure: Filtering a Log
2. Under Per-Process Logging, complete the configuration as described in this table.
Control
Description
Add a New Process Logging Filter
Displays the controls for adding a process-level logging filter.
Process
Select a process to include in the log from the drop-down list:
•  alarmd - Alarm Manager.
•  cmcfc - CMC Autoregistration Utility.
•  rgpd - CMC Connection Manager.
•  rgp - CMC Connector.
•  cli - Riverbed command-line interface.
•  mgmtd - Device control and management, which directs the entire device management system. It handles message passing between various management daemons, managing system configuration and general application of system configuration on the hardware underneath through the hardware abstraction layer daemon (hald).
•  hald - Hardware abstraction layer daemon, which handles access to the hardware.
•  pm - Process Manager, which handles launching of internal system daemons and keeps them up and running.
•  sched - Process Scheduler, which handles one-time scheduled events.
•  statsd - Statistics Collector, which handles queries and storage of system statistics.
•  wdt - Watchdog Timer, the motherboard watchdog daemon.
•  webasd - Web Application Process, which handles the web user interface.
Minimum Severity
Select the minimum severity level for the log messages. The log contains all messages with this severity level or higher. Select one of the following levels from the drop-down list:
•  Emergency - Emergency, the system is unusable.
•  Alert - Action must be taken immediately.
•  Critical - Conditions that affect the functionality of the SteelHead Interceptor.
•  Error - Conditions that probably affect the functionality of the SteelHead Interceptor.
•  Warning - Conditions that could affect the functionality of the SteelHead Interceptor, such authentication failures.
•  Notice - Normal but significant conditions, such as a configuration change.
•  Info - Informational messages that provide general information about system operations.
Add
Adds the filter to the list. The process now logs at the selected severity and higher level.
Remove Selected
Select the check box next to the name and click Remove Selected to remove the filter.
3. Click Save to save your settings permanently.
Viewing Permissions
You can display your system permissions and add or change your login password in the My Account page.
To display system permissions
1. Choose Administration > System Settings: My Account to display the My Account page.
Figure: My Account Page
2. Under Password, complete the configuration as described in this table.
Control
Description
Change Password
Allows you to add or change your log in password.
New Password/Confirm New Password
Specify a password in the text box. Retype the password in the Confirm New Password text box.
Old Password
(Appears when password policy is enabled and the Minimum Character Difference Between Passwords value is greater than 0). Nonadministrators must specify the old password.
Administrators are never required to enter an old password when changing an account password.
3. Click Apply to apply the settings to the current configuration.
The permissions list displays the roles and permissions assigned to your username. For details about setting user permissions, see Managing User Permissions.
The My Account page includes a way to clear user preferences if any user settings result in an unsafe state and the Interceptor Management Console cannot display the page.
User preferences are set for individual users and do not affect the appliance configuration.
4. Click Save to save your settings permanently.
To restore the user preferences for the current user
1. Choose Administration > System Settings: My Account to display the My Account page.
2. Under User Preferences, click Restore Defaults.
Managing Configuration Files
You can save, activate, and import configurations in the Configurations page.
Each SteelHead Interceptor has an active, running configuration and a written, saved configuration.
When you apply your settings in the SteelHead Interceptor, the values are applied to the active running configuration, but the values are not written to disk and saved permanently.
When you save your configuration settings, the values are written to disk and saved permanently. They take effect after you restart the RiOS services to which the configuration was pushed.
Each time you save your configuration settings, they are written to the current running configuration, and a backup is created. For example, if the running configuration is myconfig and you save it, myconfig is backed up to myconfig.bak and myconfig is overwritten with the current configuration settings.
The Configuration Manager is a utility that enables you to save configurations as backups or to activate configuration backups.
The Configuration Manager also includes an Import Configuration utility to support these common use cases:
•  Replacing a SteelHead Interceptor - If you are replacing one SteelHead Interceptor for another, you can import all of the network information (although not the licenses) and disconnect the old SteelHead before you switch configurations on the new SteelHead.
•  Configuration template for a large deployment - You can avoid entering the complete SteelHead Interceptor configuration for every appliance in a large deployment by setting up a template SteelHead Interceptor and importing template settings to the configuration list.
Some configuration settings require that you restart the optimization service for the settings to take effect. For details about restarting the optimization service, see Starting, Stopping, and Restarting the Service.
To manage configurations
1. Choose Administration > System Settings: Configurations to display the Configurations page.
Figure: Configurations Page
2. Under Current Configuration: <name>, complete the configuration as described in this table.
Control
Description
Current Configuration: <configuration name>
View Running Config - Displays the running configuration settings in a new browser window.
Save - Saves settings that have been applied to the running configuration.
Revert - Reverts your settings to the running configuration.
Save Current Configuration
Specify a new filename to save settings that have been applied to the running configuration as a new file, and then click Save As.
3. Under Configurations, complete the configuration as described in this table.
Control
Description
Import a New Configuration
Displays the controls to import a configuration from another appliance.
IP/Hostname
Specify the IP address or hostname of the SteelHead Interceptor from which you want to import the configuration.
Remote Admin Password
Specify the administrator password for the remote SteelHead Interceptor.
Remote Config Name
Specify the name of the configuration you want to import from the remote SteelHead Interceptor.
New Config Name
Specify a new, local configuration name.
Import Shared Data Only
Takes a subset of the configuration settings from the imported configuration and combines them with the current configuration to create a new configuration.
Import shared data is enabled by default.
Import
Select to start the import process.
Add
When the Import Shared Data Only check box is selected, activates the imported configuration and makes it the current configuration. This is the default.
When the Import Shared Data Only check box is not selected, adds the imported configuration to the Configuration list. It does not become the active configuration until you select it from the list and click Activate.
Remove Selected
Select the check box next to the name and click Remove Selected.
Change Active Configuration
Select the configuration to activate from the drop-down list.
4. Click Activate.
5. Restart the SteelHead Interceptor service. For details, see Starting, Stopping, and Restarting the Service.