NetWorker: How to use the nsrpolicy command

Summary: This article provides information about using the NetWorker nsrpolicy command to perform NetWorker administration tasks.

This article applies to This article does not apply to This article is not tied to any specific product. Not all product versions are identified in this article.
Check out other resources

Instructions

The nsrpolicy command is an administrative NetWorker command that is used to manage and monitor NetWorker policies. Many of the same functions are performed from the NetWorker Management (NMC) and Web UI (NWUI); however, nsrpolicy provides administrators command-line capabilities.

 

nsrpolicy must be run under one of the following conditions:

  • You are running the command from an elevated prompt. Either Administrator Command/PowerShell prompt on Windows, or root/sudo shell on Linux.
  • You are running the command from an unelevated prompt, but have issued a NetWorker authentication token: nsrlogin -u USERNAME
NOTE: nsrlogin issues a time-based authentication token for NetWorker administration, using NetWorker user credentials. If you are using nsrlogin, it is important to close the session with nsrlogout when activities have concluded. This prevents stale tokens from interfering with subsequent commands.

General Usage Overview:

nsrpolicy
       policy
           create | delete | display | update | list
       workflow
           create | delete | display | update | list
       action
          create | delete | display | update | list
       group
           create | delete | display | update
       start
           Must have: -p [policy] -w [workflow]
           Other options (NetWorker 9.2 and above for -c option):  -c { <client_name1:[save_set_path_1;save_set_path_2],client_name2...>   -s [NetWorker server] -D [debug level] -h
       stop
            Must have:  Either -j [jobid] or -p [policy] -w [workflow]
            Other options: -s [NetWorker server] -D [debug level] -h
       monitor
            Must have:  -p [policy]
            Other options:   -w [workflow] -c [client] -g [group] -d [details] -n [non-tabular] -j [jobid] -s [NetWorker server] -D [debug level] -h
       input-file
             Must have:  -f [file name]
             Other options:   [--stop_on_error -S <0/1; default:0 (Do not stop)>]      [--stop_on_error -S <0/1; default:0 (Do not stop)>]  -D [debug level] -h
      restart
             Must have:  Either -j [jobid] or -p [policy] -w [workflow]
             Other options: -s [NetWorker server] -D [debug level] -h
       migrate
             Must have what is to be migrated: group | schedule_clone | nas_device | vmware_policy
             Other options:  -s [NetWorker server] -D [debug level] -h
       help

Examples:

List objects in the datazone:

nsrpolicy [object] list

Objects: policy, workflow, action

nsrpolicy policy list
nsrpolicy workflow list -p "VMware Protection"
nsrpolicy action list -p "VMware Protection" -w "Full VM"

Display the properties of an action:
nsrpolicy action display -p [policy] -w [workflow] -A [action]

nsrpolicy action display -p "VMware Protection" -w "Full VM" -A backup

Display the properties of a group:
nsrpolicy group display -g [group]

nsrpolicy group display -g "VMware Protection - Full VM"

Disable or enable an action:
nsrpolicy action update [action type backup subtype] -p [policy] -w [workflow] -A [action] -e [no/yes]

nsrpolicy action update backup traditional -p "Client Protection" -w "Traditional Client" -A backup -e no
nsrpolicy action update backup traditional -p "Client Protection" -w "Traditional Client" -A backup -e yes

To change the schedule associated with an action:
nsrpolicy action update [action type backup subtype] -p [policy] -w [workflow] -A [action] -t [schedule]

nsrpolicy action update backup traditional -p "Client Protection" -w "Traditional Client" -A backup -t full,incr,incr,incr,incr,incr,incr

Add a client to a group using an input file (a client instance must already exist):
Create an input file with the text:
group update client -g [group] --add_clnt_list [client]:[saveset]

[root@nsr ~]# cat AddTraditionalClient.txt
group update client -g "Client Protection - Traditional Client" --add_clnt_list win-client03.amer.lan:All

nsrpolicy input-file -f  "[path to input file]"

[root@nsr ~]# nsrpolicy input-file -f /root/AddTraditionalClient.txt
121415:nsrpolicy: Command from file: group update client -g "Client Protection - Traditional Client" --add_clnt_list win-client03.amer.lan:All
133584:nsrpolicy: Group 'Client Protection - Traditional Client' was successfully updated

Create a new workflow with nondefault values for comment, start-time, and group:
nsrpolicy workflow create -p [policy] -w [workflow] -c [comment] -g [group] -S [start time]

nsrpolicy workflow create -p "Client Protection" -w "Traditional Client - Linux"  -c "Linux Clients" -g "Linux - Clients" -S "10:00"

Create a new action with nondefault values for the target pool and success threshold:
nsrpolicy action create [action type backup subtype] -p [policy] -w [workflow] -A [action] -o [target pool] -u [success threshold]

nsrpolicy action create backup traditional -p "Client Protection" -w "Traditional Client - Linux" -A backup -o "Data Domain Default" -u success

Start a workflow (you cannot start an action in this way. You must start the entire workflow).
nsrpolicy start -p [policy] -w [workflow] 

nsrpolicy start -p "Client Protection" -w "Traditional Client - Linux"

Stop a workflow:
nsrpolicy stop -p [policy] -w [workflow]

nsrpolicy stop -p "Client Protection" -w "Traditional Client - Linux"
Alternatively, you can use jobkill: 
[root@nsr ~]# nsrpolicy start -p "Client Protection" -w "Traditional Client - Linux"
144091:nsrpolicy: Workflow 'Client Protection/Traditional Client - Linux' started and has job id 1248743
[root@nsr ~]#
[root@nsr ~]# jobkill -j 1248743
Terminating job 1248743

Start one client in a workflow:
nsrpolicy start -p [policy] -w [workflow] -c "[client]:[saveset] 

nsrpolicy start -p "Client Protection" -w "Traditional Client - Linux" -c "rhel-client03.amer.lan:All"

Monitor the most recent run of the workflows in a policy:
nsrpolicy monitor -p [policy] -dn

nsrpolicy monitor -p "Client Protection" -dn
Alternatively, you can use the nsrwatch command to monitor sessions.

Detailed job output for a specific recent job:
nsrpolicy monitor -j [job id]

nsrpolicy monitor -j 290473
Alternatively, you can use jobquery:
jobquery
print type: backup action job

To start a workflow in debug mode, nsrpolicy is not as effective as the nsrworkflow command because 'nsrpolicy start' does not log debug output to the /nsr/logs/policy folder which nsrworkflow will to the .raw file.
nsrworkflow -D[Debug Level] -p [policy] -w [workflow] -A "[action]"

nsrworkflow -D9 -p "Client Protection" -w "Traditional Client - Linux"

For more information about NetWorker debug levels, see: NetWorker: Debug information levels

NOTE: nsrworkflow debug only debugs the NetWorker server-side messages. It does not add debug to operations performed on the client/system performing the backup.

Example of enabling save -D3 backups on a NetWorker client, using the nsradmin command-line utility:

[root@nsr ~]#  nsradmin
NetWorker administration program.
Use the "help" command for help, "visual" for full-screen mode.
nsradmin> . type : NSR Client; name : rhel-client03.amer.lan
Current query set
nsradmin> update backup command : save -D3
              backup command: save -D3;
Update? y
updated resource id 48.0.46.11.0.0.0.0.231.177.13.90.10.60.28.121(13)

In the above example, when the workflow for the client is started, the save process is started on the client with debug enabled (-D3) in this instance.
To debug specific backup functions, see: NetWorker: How to Debug Backup Operations

Logging:

All policy and workflow backups are logged to the NetWorker logs directory:

Linux: /nsr/logs/policy/POLICY_NAME
Windows (Default): C:\Program Files\EMC NetWorker\nsr\logs\policy\POLICY_NAME

 

General server messages are logged in the daemon.raw:

Linux: /nsr/logs/daemon.raw
Windows (Default): C:\Program Files\EMC NetWorker\nsr\logs\daemon.raw

NetWorker: How to use nsr_render_log to render .raw log files

NOTE: NetWorker policy logs follow the 'jobsdb retention' period (default 72 hours). Logs passed the retention period are removed from the system during expiration tasks.

Script Examples:

NOTE: The following examples are intended only as exactly that, examples. They serve to demonstrate nsrpolicy capabilities beyond single-line usage and how one may administrate their NetWorker server from CLI. Do not implement/use scripts in your environment without testing or understanding the functions. NetWorker support does not offer or provide any scripting solutions or script support.

Linux:

Example 1:  List all the policies and their workflows. This shell script runs a loop through the list of policies in the NetWorker configuration and runs the command "nsrpolicy workflow list" against each one, so that it outputs a list of workflow names for each policy.

#!/usr/bin/sh
IFS=$'\n'
fullpolicylist=(`nsrpolicy policy list`)

for lp in "${fullpolicylist[@]}"
do
echo " "
echo "POLICY: $lp"
echo "Workflows"
nsrpolicy workflow list -p "$lp"
done

Example 2:  List all the policies and their workflows and actions and the destination pool. This shell script runs three loops to get the list of policies, workflows, and actions. The names of each are outputted and the destination storage node parameter of the action.

#!/usr/bin/env bash
set -euo pipefail

# Read policies into an array (one per line)
mapfile -t fullpolicylist < <(nsrpolicy policy list)

for lp in "${fullpolicylist[@]}"; do
  echo "------------------"
  echo "POLICY: $lp"

  # Read workflows for this policy
  mapfile -t wflist < <(nsrpolicy workflow list -p "$lp")

  for w in "${wflist[@]}"; do
    echo
    echo "WORKFLOW: $w"

    # Read actions for this workflow
    mapfile -t alist < <(nsrpolicy action list -p "$lp" -w "$w")

    for a in "${alist[@]}"; do
      echo "ACTION: $a"

      # Pull DestinationPool value
      destpool=$(
        nsrpolicy action display -p "$lp" -w "$w" -A "$a" \
          | awk -F': ' '/DestinationPool/ {print $2; exit}'
      )

      echo "Destination Pool: ${destpool:-<none>}"
    done
  done
done


Windows PowerShell:

Example 1: List of workflows. Lists the policies and their workflows by looping through the policy list and running the "nsrpolicy workflow list" command for each policy.

$listp = nsrpolicy policy list
foreach  ($i in $listp)
{
write-host "-----"
write-host "POLICY: $i"
write-host "WORKFLOWS: "
nsrpolicy workflow list -p "$i"
}

Example 2:  List of actions. Three loops are created. A loop to list the policies, and then a loop to list all workflows for each policy and then a loop to list all actions for each workflow.

$listp = nsrpolicy policy list
foreach  ($p in $listp)
{
write-host "-----"
write-host "POLICY: $p"
write-host "WORKFLOWS: "
   $wlist = nsrpolicy workflow list -p $p
   foreach ($w in $wlist)
   {
   write-host "$w"
   
   write-host "ACTIONS:"
   $alist = nsrpolicy action list -p "$p" -w "$w"
   foreach  ($a in $alist)
     {
      write-host "$a"
     }
   }
}

Affected Products

NetWorker

Products

NetWorker, NetWorker Series
Article Properties
Article Number: 000010289
Article Type: How To
Last Modified: 30 Jan 2026
Version:  4
Find answers to your questions from other Dell users
Support Services
Check if your device is covered by Support Services.