What is the support.tar.z file that is requested by CA Technical Support? How is it generated and what information does it gather?

Document ID : KB000027023
Last Modified Date : 14/02/2018
Show Technical Document Details

Introduction:

CA Access Control (AC) Technical Support may ask for a support.tar.Z file.

This file is used for documentation and analysis.

This document describes the different methods to create the support.tar.z file in detail and which information is collected.

Environment:

 

CA Access Control on Unix (all releases)

Instructions:

Generating a support.tar.Z file

The support.tar.Z is generated by running the support.sh shell script.

The default location for this file is under your Access Control lbin directory (/opt/CA/eTrustAccessControl/lbin).

You may run this script interactively or non-interactively.

If you wish to run it non-interactively you must supply one of the following additional switches.

Options
The following options are available

-db - Include seosdb in support tar file but not the eTrust audit logs
-log - Include eTrust audit logs in support tar file but not the seosdb
-all - Include eTrust audit logs and seosdb (-db and -log)
-none - Do not include seosdb or eTrust audit logs

Important:

If you choose to include your database AC will be brought down for a few moments while the files are being copied and then brought up again.

If you do not include the database then AC does not need to be brought down. This is often a consideration where shutdown of software can be done only at specific schedules or maintenance periods.

Example:

/opt/CA/eTrustAccessControl/lbin/support.sh -all
Gathering version info of eTrust binaries, this may take a minute
eTrust seversion v5.30-0702 (1149) - Display Module's Version
Copyright 2003 Computer Associates International, Inc.
Running Under: SUN Solaris
Compressing support file, this may take a moment
Support file complete, please send the file /opt/CA/eTrustAccessControl/support.tar.Z
Ca support personnel. The file is located in the /opt/CA/eTrustAccessControl directory.

If you run it interactively you will be asked whether you want to include your database (seosdb) or your Access Control logs. These prompts are answered with a ' y ' (Yes) or ' n ' (No) and pressing Enter

Output:

The support.tar.Z file once generated is put in the root of your Access Control directory (/opt/CA/eTrustAccessControl).

Contents of the support.tar.Z file

When you un-tar and uncompress the support.tar.Z file you will get the following files and directories extracted. You may also extract two more files after this first step: seosdb.tar and log.tar

# zcat support.tar.Z | tar -xf -
# tar -xf seosdb.tar
# tar -xf log.tar
# ls -R -1
.:
groupdb.la - Lookaside Database for Groups
hostdb.la - Lookaside Database for Hosts
log.tar - A TAR of the Access Control log directory
seos.ini - Access Control settings file
seosdb - The extracted Access Control database files
seosdb.tar - A TAR of the Access Control seosdb directory
servdb.la - Lookaside Database for Services
support.tar.Z - The original support.tar.Z file
tmpetc - Access Control etc directory files
tmplog - The extracted Access Control log file
userdb.la - Lookaside Database for Users
var - Operating System files from /var
versions.txt - A text file containing versions of key Access Control binaries

seosdb is the complete local security database that Access Control uses ("The Rules" or "The Security Policy"). From these files the rules can extracted to a text file ( dbmgr utility) or viewed ( selang utility).

./seosdb:
sdb_doc
seos_cdf.000
seos_cdf.001
seos_cdf.dat
seos_cdf.fre
seos_ids.dat
seos_odf.000
seos_odf.001
seos_odf.002
seos_odf.dat
seos_odf.fre
seos_pdf.000
seos_pdf.001
seos_pdf.dat
seos_pdf.fre
seos_pvf.000
seos_pvf.dat
seos_pvf.fre

Files from the Access Control etc directory (/opt/CA/eTrustAccessControl/etc)

./tmpetc:

audit.cfg - This file provides filtering for the audit data on a host.

nfsdevs.init - The file contains the NFS defaults for major device numbers for every platform. This may vary from system to system. To find the numbers for your system, use a small program with the UNIX getmajor() function. Then edit the nfsdevs.init file to contain the numbers you find.

osver - The version of the Operating System

sereport.cfg - This file contains the tokens used to generate the reports with the sereport utility

serevu.cfg - serevu actions config file, used by the Access Control serevu utility

trcfilter.init - The file that contains the filter data that is used to filter the Access Control trace messages.

Files from the Access Control log directory ( /opt/CA/eTrustAccessControl/log )

./tmplog:

seos.audit - The Access Control audit file

seos.error - If Access Control has a problem starting this file is written to

seos_debug - The destination file when additional debug is needed for the SEOS_syscall module . The seos.ini tokens debug_zone and debug_level are modified with non-default values so this additional information is generated. These tokens are modified at the direction of Technical Support.

seos_debug.bak - When the file seos_debug reaches the file size specified in the seos.ini token error_size then the seos_debug is renamed to seos_debug.bak and a new seos_debug file is written.

seosd.trace - The Access Control trace file.

Operating System Directories from /var

./var:
adm
log

Operating System messages file

./var/adm:
messages

Operating System system log file

./var/log:
syslog