000032872 - How to Generate Token Statistics Report from the Command Line for RSA Authentication Manager 8.1

Document created by RSA Customer Support Employee on Jun 14, 2016Last modified by RSA Customer Support Employee on Apr 21, 2017
Version 2Show Document
  • View in full screen mode

Article Content

Article Number000032872
Applies ToRSA Product Set : SecurID
RSA Product/Service Type : RSA Authentication Manager
RSA Version/Condition: 8.1 Service Pack 1
Platform : SUSE Enterprise Linux
O/S Version : 11 Service Pack 3
Product Description : SecurID Appliance
IssueCustomer has a requirement to generate token statistics at the command line.
ResolutionFollows the provide steps at the command line to generate a token statistics report that includes Unassigned tokens, Unexpired tokens, Unassigned and disabled tokens & Unassigned and enabled tokens.
  1. Logon to the SecurID Appliance either with an SSH session or at the local console with the rsaadmin account
  2. Navigate to the /opt/rsa/am/utils folder as the rsaadmin user
  3. Retrieve the password for the rsa_dba user using the following command: /opt/rsa/am/utils/rsautil manage-secrets -a get com.rsa.db.dba.password -u <OC_Admin_Name> -p <OC_Admin_Password>
NOTE: the appropriate method would be to create a read-only user for database access. Remember to replace <OC_Admin_Name> and <OC_Admin_Password> with the appropriate Operations Console administrative account details.

  1. Create a text file in the /opt/rsa/am/utils folder with an appropriate name, for example; count_tokens.sql
  2. Copy the SQL statement into the text file and save the change

select 'Total tokens ............................. : ' || count(id) from am_token;
select 'Assigned tokens .......................... : ' || count(id) from am_token where principal_id is not null;
select 'Available tokens ......................... : ' || count(id) from am_token where token_shutdown_date > current_date and  principal_id is null;
select 'Expired tokens ........................... : ' || count(id) from am_token where token_shutdown_date < current_date;
select 'Expiring tokens within 90 days ........... : ' || count(id) from am_token where (token_shutdown_date > current_date) and (token_shutdown_date < current_date + interval '90 day');
select 'Enabled tokens ........................... : ' || count (id) from am_token where is_enabled = 'true' and principal_id is not null;
select 'Assigned and disabled tokens ............. : ' || count (id) from am_token where is_enabled = 'false' and principal_id is not null;
select 'Tokens Enabled for Emergency Online Access : ' || count (id) from am_token where is_token_lost='true';
select 'Unassigned tokens : ' || count(id) from am_token where principal_id is null;
select 'Unexpired tokens  : ' || count(id) from am_token where token_shutdown_date > current_date;
select 'Unassigned and disabled tokens ............. : ' || count (id) from am_token where is_enabled = 'false' and principal_id is null;
select 'Unassigned and enabled tokens ............. : ' || count (id) from am_token where is_enabled = 'true' and principal_id is null;


  1. In the /opt/rsa/am/utils folder use the following command to generate a CSV output file using SQL script called count_tokens.sql: /opt/rsa/am/pgsql/bin/psql -h localhost -p 7050 -d db -U rsa_dba -A -F , -X -t -f count_tokens.sql -o count_tokens.csv  ..when prompted enter the password obtained from step 3
  2. Review the file count_tokens.csv 
NotesThe SQL statements in the file count_tokens.sql are counting the am_token table rows under certain conditions to obtain results.

Attachments

    Outcomes