IBM Tivoli Netcool/OMNIbus Version 8.1

Process agent command-line options

When running the process agent with the nco_pad command, you can specify a number of command-line options for additional configuration.

The command-line options for the $NCHOME/omnibus/bin/nco_pad command are described in the following table. UNIX and Linux-specific command-line options, which are not supported on Windows, are flagged in the table.

Table 1. Process agent daemon nco_pad command-line options
Command-line option Description

For UNIX operating system
For Linux operating system
-admingroup string

Specifies the name of the UNIX user group that has administrator privileges. Members of this group can access the process control system. The default group name is ncoadmin.

Note: The -admingroup option is applicable only to the UNIX authentication mode.

-apicheck

If specified, Sybase API checking is enabled.

-authenticate string

Specifies the authentication mode to use to verify the credentials of a user or remote process agent daemon.

Note: When in FIPS 140-2 mode, only the PAM option can be specified for authentication.
On UNIX, the values are:
  • UNIX: This is the default authentication mode, which means that the Posix getpwnam or getspnam function is used to verify user credentials on UNIX platforms. Depending on system setup, passwords are verified by using the /etc/password file, the /etc/shadow shadow password file, NIS, or NIS+. If the process agent is running as a non-root user, ensure that this user has read-access to the /etc/shadow. Check with your system administrator to determine the best way to obtain this access.
  • PAM: If PAM is specified as the authentication mode, Pluggable Authentication Modules are used to verify user credentials. The service name used by the gateway when the PAM interface is initialized is netcool. PAM authentication is available on Linux, Solaris, and HP-UX 11 platforms only.
  • KERBEROS: If KERBEROS is specified as the authentication mode, Kerberos IV authentication is used to verify user credentials. This is available only on Solaris systems with a Kerberos IV authentication server installed.
  • HPTCB: If HPTCB is specified as the authentication mode, the HP-UX password protection system is used. This is available only on HP trusted (secure) systems.
  • none: Authentication is not attempted. The process agent daemon prompt accepts any login credentials. Use this option only for testing purposes. Do not use it on a production environment.
On Windows, the values are:
  • WINDOWS: This is the default authentication mode, where the process agent authenticates against the Windows account.
  • none: Authentication is not attempted. The process agent daemon prompt accepts any login credentials. Use this option only for testing purposes. Do not use it on a production environment.

-configfile string

Use this file name, relative to $NCHOME/omnibus, as the configuration file, rather than the default file $NCHOME/omnibus/etc/nco_pa.conf.

-connections integer

Sets the maximum number of connections that are available for running external actions. The default is 30.

-cryptalgorithm string

Specifies the cryptographic algorithm to use for decrypting passwords that were encrypted with the nco_aes_crypt utility and then stored in the process agent configuration file. Set the string value as follows:

  • When in FIPS 140–2 mode, use AES_FIPS.
  • When in non-FIPS 140–2 mode, you can use either AES_FIPS or AES. Use AES only if you need to maintain compatibility with passwords that were encrypted using the tools provided in versions earlier than Tivoli Netcool/OMNIbus V7.2.1.

The value that you specify must be identical to that used when you ran the nco_aes_crypt command with the -c setting, to encrypt the passwords in the routing definition section of the file.

Use the -cryptalgorithm command-line option in conjunction with the -keyfile option.

-debug integer

Enables debugging. The integer value specifies the amount of debug information written to the log. Available levels are 1 (Debug), 2 (Information), 3 (Warning), 4 (Error), and 5 (Fatal). The default is 3.

When running at debug level 1, the process agent logs information about processes it is about to start. This information includes the path to the program, each of the command-line arguments, and the effective user ID of the process. If applicable, the log also includes the current working directory, and additionally for UNIX, the effective group ID, and the umask (in octal) of the process.

When running at debug level 2, the log contains a message showing which user account the process agent is running under.

-DNS string

Specifies a value to override the host name in DNS environments. This must be the same as the entry in the configuration file.

-help

Displays help information about the process agent and exits.

-keyfile string

Specifies the path and name of the file that contains the key to be used for decrypting the encrypted passwords that are stored in the process agent configuration file.

The key file that you specify must be identical to that used when you ran the nco_aes_crypt utility with the -k setting, to encrypt the passwords in the routing definition section of the file.

Use the -keyfile command-line option in conjunction with the -cryptalgorithm option to decrypt passwords.

For UNIX operating system
For Linux operating system
-killprocessgroup

If specified, when the process agent daemon stops a process, it also sends a signal to kill any processes in the same operating system process group.

-logfile string

Specifies an alternative log file. On UNIX, the log can be redirected to stderr and stdout. On Windows, the log is always written to a file.

The default log file is:

$NCHOME/omnibus/log/pa_name.log

Where pa_name is the name of the process agent specified with the -name option.

-logsize integer

Specifies the maximum log file size in KB. The default is 1024 KB, and the minimum size is 16 KB.

-msgpoolsize integer

Specifies the number of messages that are available to the process control agent.

-name string

Specifies the name of the server for this process agent. If not specified, the default process agent name is NCO_PA.

-newlog

This option is obsolete.

The process agent always overwrites the previous log file.

-noautostart

If specified, the process agent does not start any services automatically, even if they are set to start automatically in the nco_pa.conf file.

-noconfig

If specified, the process agent does not read the nco_pa.conf configuration file. This forces process control to start with no configuration information.

For UNIX operating system
For Linux operating system
-nodaemon

By default, process control forks into the background to run as a daemon process. When -nodaemon is specified, the process runs in the foreground.

-password string

Specifies the password that is used to log into other process agents.

For UNIX operating system
For Linux operating system
-pidfile string

Specifies the path, relative to $NCHOME/omnibus, to the file in which the process control daemon PID is stored. Each process agent daemon must have its own PID file. The default is $NCHOME/omnibus/var/pa_name.pid, where pa_name represents the name of the process agent. Provided all process agents are given unique names, there should be no need to change this setting. This makes it possible to run more than one process agent daemon on the same computer.

Tip: On Windows, there is no restriction on the number of process agents that can run as Windows services on the same host.

For UNIX operating system
For Linux operating system
-pidmsgpool integer

Specifies the size of the signal-handling message pool.

For UNIX operating system
For Linux operating system
-redirectfile string

Specifies a file to which the stderr and stdout messages of processes started by the process agent are directed. This is useful for troubleshooting purposes.

Tip: On Windows, a similar result can be achieved by running the process agent from the command line. Each child process will have its own console window in which the processing output is displayed. Alternatively, if the process agent is running as a Windows service, open the Services window, and specify the following settings in the Properties window for the service: from the Log On tab, select Local System account and then select Allow service to interact with desktop.

-retrytime integer

Specifies the number of seconds that a process started by process control must run to be considered a successful start. The default retrytime is 5.

The process agent attempts to restart a process if the process exits. If the process exits after retrytime seconds, the process agent attempts to restart the process immediately. If the process exits before retrytime seconds, the process agent attempts to restart the process at the exponential rate of 2, 4, 8, 16, 32, ..., 256 seconds. The process agent resets the timing interval after eight attempts to start the process.

If the process fails to run for more than retrytime seconds, the RetryCount (specified in the process definition) for that process is also decremented. If the process runs successfully for at least retrytime seconds, the RetryCount is set back to its original value. If the RetryCount is 0, there is no limit to the number of restart attempts.

-roguetimeout integer

Specifies the time in seconds to wait for the process to shut down. The default is 30 seconds and the minimum is 5 seconds.

-secure

If -secure is specified, all clients need to authenticate themselves with a valid user name and password, which are specified with the -user and -password command-line options.

In non-FIPS 140–2 mode, login information is automatically encrypted in transmission when the process agent connects to another process agent. In FIPS 140–2 mode, login information is passed as plain text, and SSL must be used if you require encryption during transmission.

-stacksize integer

Specifies the size of the thread stack.

For UNIX operating system
For Linux operating system
-ticketdir string

Directory for Kerberos tickets if -authenticate is set to KERBEROS.

-traceevtq

Enables tracing of event queue activity.

-tracemsgq

Enables tracing of message queue activity.

-tracemtx

Enables the tracing of mutex locks.

-tracenet

Enables net library tracing.

-user string

Specifies the user name that is used to log into another process agent.

If the -user option is not specified, the user name that is used to make the connection is the user running the command.

This option must be specified if connecting to a process agent that is running in secure mode (using the -secure option).

This user name and its associated password (which you specify using -password) are used if no login credentials are specified in the routing section of the process control configuration file.

-version

Displays version information about the process agent and exits.
Parent topic: Manually starting process agents
Related reference:
Property value encryption

Library | Support |