Identity Broker Documentation Index
Command-Line Tool Reference Home

collect-support-data

Description
Examples
Arguments

Description

Collect and package system information useful in troubleshooting problems. The information is packaged as a zip archive that can be sent to a technical support representative.

Examples

Collects data about the server installed in the same server root from which the tool is invoked:
collect-support-data --bindDN uid=admin,dc=example,dc=com \
     --bindPassword password


Collects data about the specified server and writes the information to an encrypted archive. The encryption key will be based on a passphrase that is dynamically generated and written into the file 'collect-support-data.passphrase'. Specifying '--securityLevel maximum' indicates the tool will limit what is collected to avoid gathering personally identifiable information:
collect-support-data --hostname localhost --port 389 \
     --bindDN uid=admin,dc=example,dc=com --bindPassword password --no-prompt \
     --encrypt --passphraseFile collect-support-data.passphrase \
     --generatePassphrase --securityLevel maximum


Decrypts the specified encrypted collect-support-data archive using the passphrase contained in the file 'collect-support-data.passphrase':
collect-support-data \
     --decrypt support-data-ds-ldap1-20140102030405-zip-encrypted \
     --passphraseFile collect-support-data.passphrase

For examples and help with LDAP options see LDAP Option Help. For help with SASL authentication, see SASL Option Help

Arguments

-V
--version

Description Display Identity Broker version information

-H
--help

Description Display general usage information

--help-ldap

Description Display help for using LDAP options

--help-sasl

Description Display help for using SASL options

--help-debug

Description Display help for using debug options
Advanced Yes

-h {host}
--hostname {host}

Description Fully qualified host name or IP address of the local Identity Broker
Default Value localhost
Required No
Multi-Valued No

-p {port}
--port {port}

Description Identity Broker port number
Lower Bound 1
Upper Bound 65535
Default Value 389
Required No
Multi-Valued No

-D {bindDN}
--bindDN {bindDN}

Description DN used to bind to the server
Required No
Multi-Valued No

-w {bindPassword}
--bindPassword {bindPassword}

Description Password used to bind to the server
Required No
Multi-Valued No

-j {bindPasswordFile}
--bindPasswordFile {bindPasswordFile}

Description Bind password file
Required No
Multi-Valued No

-Z
--useSSL

Description Use SSL for secure communication with the server

-q
--useStartTLS

Description Use StartTLS to secure communication with the server

-X
--trustAll

Description Trust all server SSL certificates

-K {keyStorePath}
--keyStorePath {keyStorePath}

Description Certificate key store path
Required No
Multi-Valued No

-W {keyStorePassword}
--keyStorePassword {keyStorePassword}

Description Certificate key store PIN
Required No
Multi-Valued No

-u {keyStorePasswordFile}
--keyStorePasswordFile {keyStorePasswordFile}

Description Certificate key store PIN file
Required No
Multi-Valued No

-P {trustStorePath}
--trustStorePath {trustStorePath}

Description Certificate trust store path
Required No
Multi-Valued No

-N {nickname}
--certNickname {nickname}

Description Nickname of the certificate for SSL client authentication
Required No
Multi-Valued No

-o {name=value}
--saslOption {name=value}

Description SASL bind options
Required No
Multi-Valued Yes

--propertiesFilePath {propertiesFilePath}

Description Path to the file that contains default property values used for command-line arguments
Required No
Multi-Valued No

--noPropertiesFile

Description Specify that no properties file will be used to get default command-line argument values

--script-friendly

Description Use script-friendly mode

--noLdap

Description Specify that no effort should be made to collect any information over LDAP. This option should be used only as a last resort if the server is completely unresponsive or will not start

--pid {pid}

Description Specify the ID of an additional process from which information is to be collected. This option is useful for troubleshooting external server tools
Required No
Multi-Valued Yes

--sequential

Description Collect data sequentially as opposed to in parallel. This has the effect of reducing the initial memory footprint of this tool at a cost of taking longer to complete. Use this option if running this tool results in 'out of memory' errors

--reportCount {count}

Description Number of reports generated for commands that support sampling (for example, mpstat). A value of 0 (zero) indicates that no reports will be generated for these commands. If not specified, this option is 10 by default
Lower Bound 0
Required No
Multi-Valued No

--reportInterval {interval}

Description Number of seconds between reports for commands that support sampling (for example, mpstat). This option must have a value greater than 0 (zero). If not specified this option is 1 by default
Lower Bound 1
Required No
Multi-Valued No

--maxJstacks {number}

Description Number of jstack samples to collect. If not specified, this option is 10 by default
Lower Bound 0
Required No
Multi-Valued No

--collectExpensiveData

Description Collect data from expensive or long running processes. These processes are not executed by default because they may make the server unresponsive for a couple of minutes

--collectReplicationStateDump

Description Run the replication state dump task against the server and collect the output. This is not done by default because the resulting file may be several megabytes in size. LDAP connection is required to collect this data

--comment {comment}

Description Specify additional information about the collected data set. This comment will be added to the generated archive as a README file
Required No
Multi-Valued No

--includeBinaryFiles

Description Specify that binary files should be included in the archive collection

--securityLevel maximum

Description By default this tool takes many precautions to avoid collecting sensitive information, including only gathering information from a specific list of files and removing sensitive data regardless of where it appears. Log file snippets, stack traces, and server monitoring data can include a small amount of personally identifiable information in the form of LDAP DNs and search filters. By specifying a value of 'maximum' for this property, this tool will take steps to remove this information from the collected data. This should only be used when necessary, as it reduces the information available in the archive and can increase the time to find the source of support issues
Required No
Multi-Valued No

--encrypt

Description Indicates that the resulting support data archive should be encrypted. If the '--passphraseFile' argument is not used to specify the passphrase used to generate the encryption key then the tool will interactively prompt for the passphrase. Note that when providing an encrypted collect-support-data archive to support personnel, it is strongly recommended that the encrypted archive and the encryption passphrase be conveyed over separate channels to help prevent an unauthorized third-party from obtaining both required elements

--passphraseFile {path}

Description The path to a file containing the passphrase to use to generate the key when encrypting or decrypting a collect support data archive. If either the '--encrypt' or '--decrypt' argument is provided, then this argument may be used to specify the passphrase to use to generate the encryption key, and if this argument is not provided then the tool will interactively prompt for the passphrase
Required No
Multi-Valued No

--generatePassphrase

Description Indicates that the tool should automatically generate the passphrase used to generate the encryption key and write it to the file specified by the '--passphraseFile' argument. This argument may only be used if both the '--encrypt' and '--passphraseFile' arguments are also provided

--decrypt {path}

Description Decrypt an encrypted collect-support-data archive contained in the specified file. If the '--passphraseFile' argument is not used to specify the passphrase used when encrypting the archive then the tool will interactively prompt for the passphrase
Required No
Multi-Valued No

-n
--no-prompt

Description Use non-interactive mode. If data in the command is missing, you will not be prompted and the tool will fail