nfdiag

nfdiag [-h] [-u] [-v] [-f FILE] [-l KBYTES] [-e EXTRAINFO] [-q]
       [--home-directories "DIR1:DIR2:DIR3"] [-a]

Obtains information about the module and the host on which it is installed. This diagnostic utility can save information to either a ZIP file or a text file.

Under normal operating conditions, you do not need to run nfdiag. Run this utility only if requested to do so by Support.

On nShield 5s, use hsmdiagnose.

Option Description

Option	Description
`-a`, `--check-all`	Checks for nShield logs in all user home directories.
`-e EXTRAINFO`, `--extrainfo EXTRAINFO`	Path to the file that contains additional information to include in the `nfdiag.zip` file.
`-f FILE`, `--file FILE`	Output file name. Default: `nfdiag.zip`
`--home-directories "DIR1:DIR2:DIR3"`	Absolute paths of nShield logs directories of any users with per-user logs.
`-l KBYTES`, `--logsize KBYTES`	Maximum logfile size in bytes.
`-q`, `--quiet`	Suppresses verbose output.
Help options
`-h`, `--help`	Displays help for `nfdiag`.
`-u`, `--usage`	Displays a brief usage summary for `nfdiag`.
`-v`, `--version`	Displays the version number of the Security World Software that deploys `nfdiag`.

-a, --check-all

Checks for nShield logs in all user home directories.

-e EXTRAINFO, --extrainfo EXTRAINFO

Path to the file that contains additional information to include in the nfdiag.zip file.

-f FILE, --file FILE

Output file name.
Default: nfdiag.zip

--home-directories "DIR1:DIR2:DIR3"

Absolute paths of nShield logs directories of any users with per-user logs.

-l KBYTES, --logsize KBYTES

Maximum logfile size in bytes.

-q, --quiet

Suppresses verbose output.

Help options

-h, --help

Displays help for nfdiag.

-u, --usage

Displays a brief usage summary for nfdiag.

-v, --version

Displays the version number of the Security World Software that deploys nfdiag.

Include additional files for Support in the zip output of nfdiag

If you want to supply additional diagnostic files when you submit the nfdiag output to Entrust, run:

nfdiag -e|--extrainfo <your-plaintext-file>

By default, nfdiag runs in verbose mode, providing feedback on each command that it executes and which log files are available. If the system is unable to execute a command, the verbose output from nfdiag shows where commands are stalling or waiting to time out.

At any time while nfdiag is running, you can type Ctrl-C to cancel its current commands and re-run it.

Content of the text output of nfdiag

nfdiag generates a plain text output file and displays its file name. It does NOT capture any passphrases in the output file.

If the file opt/nfast/log/logfile (Linux) or %NFAST_HOME%\log\logfile (Windows) exists, nfdiag automatically includes this file in its output. If this file does not exist, nfdiag warns you that it could not process this file. This warning does not affect the validity of the generated output file.

When complete, this output file contains the following:

Details about the client machine
Details about any environment variables
Output from the following command-line utilities:
- enquiry
- stattree
- ncversions
- nfkminfo
The contents of the following log files (if they are available):
- hardserver.log
- keysafe.log
- cmdadp.log
- ncsnmpd.log