Essential CLI Procedures
Though sparse in appearance, Asset Manager's command-line interface (CLI) is a powerful tool with many of the same capabilities as Asset Manager's GUI. It also provides some functionality not yet available in the GUI. This section introduces the basic CLI syntax and provides the procedures you are most likely to use.
After logging into the CLI as an admin user, you can do the following:
Download Log Bundles for Support
Enable & Disable Data Retention Policy
Connect & Disconnect the Portal, Command Centers and Scouts
Identify the Installed Version
Install Self-Signed Certificates
Export the System Configuration
Use Special Characters in Names
Manage a Zone-level Avoid List
Download Log Bundles for Support
Download Asset Manager's current configuration and a running list of all system activity for troubleshooting.
At the command-line prompt, type: support diagnostics [spool] [db] user@host:path/to/file.zi
The [spool] and [db] keywords are optional.
OS Auditing
At the command-line prompt, type:system audit enable, twice to enable operating system auditing.
system audit enable system audit enable
By running the command twice, you will produce complete audit output and avoid a known error of audit output lines missing.
Enable NetFlow Capture
At the command-line prompt, type: support service packetcapture start to enable NetFlow capture
Retrieve the System UUID
The hardware-id command is useful as it displays the information you'll need to provide Support to generate a license.
At the command-line prompt, type system hardware-id
Install & Activate a License
The certificate Asset Manager
command allows you to activate a license or view the activation date of your current license. Licenses, however, are more frequently activated using the browser interface.
If a command requires a file upload, you have two choices. You can put the file on an SSH server or you can use an SFTP tool such as PSFTP or FileZilla to copy the file to Asset Manager first.
-
If the file is on an SSH server, you can refer to it with the syntax: userid@sshserver:/path/to/file.
For example if the file is on a server named "xenon" and you have an account on xenon with the name "alice" and the file is in your home directory and named "license.p12", you can use "alice@xenon:/home/alice/license.p12".
certificate Asset Manager install alice@xenon:/home/alice/license.p12
-
If the file is not on an SSH server, then use SFTP and your Asset Manager credentials to copy the file to Asset Manager's /tmp directory using the syntax: certificate connections install /tmp/license.p12
-
If you have a term license, at the command-line prompt type: certificate Asset Manager install <Username@IPaddress:/file_location/license_filename> and then press Enter.
certificate Asset Manager install admin@10.246.246.159:/Desktop/license.p12
Enable & Disable Data Retention Policy
-
For status: At the command prompt type: system device-persistence-policy
-
To enable: At the command prompt type: system device-persistence-policy enable
-
To disable: At the command prompt type: system device-persistence-policy disable
Connect & Disconnect the Portal, Command Centers and Scouts
Portal, Command Center, Scout
At the command prompt type connections list to review the list of Scout and Command Center system names.
Command Center
connections connect portal portal_name_or_ip portal cc_lat cc_long [ cc_label [user@host:path/to/cc_icon/file.png ] ]
connections connect scout scout_name_or_ip
connections deletesystem name or IP
Scout
connections connect command-center cc_name_or_ip { command-center | scout } (where final parameter is the connection initiator)
connections deletesystem name or IP
Portal
When you connect a command center and portal, supply location information for the Command Center and optionally enter a label and icon (avatar).
connections connect command-centercc_name_or_ip { portal | command-center }
(where the final parameter is the connection initiator)
connections delete system name or IP
Upgrade Asset Manager
To upgrade to a new version of Asset Manager, or to upgrade your Scouts, use the System Upgrade command, the syntax of which is user@host:path/to/local/file
-
At the command prompt type: system upgrade <user@host:path/to/local/file>
-
Open the file you recieved to complete the upgrade.
Identify the Installed Version
The system version connections command is useful when working with Support to Identify your release.
Install Self-Signed Certificates
If using your own certificates, use the certificate ssl install command.
At the command prompt type:certificate ssl install <friendlyName admin@IPaddress>:<FileLocation>/copyCert.pem
Identify the System ID
Used to retrieve the full name of a Scout, which is useful if you don't remember the full name, or to view the IP address of your system.
At the command prompt type: system interface list and then press the Tab key.
Enable & Disable BGP
Use the following commands to enable, disable and delete BGP:
-
collector bgp <collector name> enabled [ true | false ]
-
collector bgp <collector name> peer new <ipaddr> [ enable | disable ] <password> <remote AS>
-
collector bgp <collector name> peer delete <ipaddr>
Certificate Commands
Use the following commands to View the Subject, Issuer, Start date, End date, CRL and OCSP URIs and serial numbers for the installed CA and server certificates using these commands:
-
certificate crl view
-
certificate ca view
-
certificate server view
-
certificate ocsp respondercert view
-
authorization pki user view userid
Exporting Support Diagnostics
To run the /api/rest/management/system/diagnostic/export API, use thecommand: support diagnostics file
This command will return a zip file containing:
-
system configuration (same as configuration export command)
-
contents of /var/log
-
system "specs" file (name, uuid, Asset Manager version, os version, interface config)
Add a Superuser
Only a superuser can add or remove another user's superuser status. Multiple superusers are allowed. The last one cannot be deleted.
At the command prompt type: user superuser <userid> [ true | false ]
Export the System Configuration
The system configuration export command exports all configuration data to a remote file. To export the configuration and save the file remotely, at the command prompt type: system configuration export username@hostname:<path to file>
Import a System Configuration
The system configuration import command imports configuration data from a file you've stored locally. To import configuration from the local system, at the command prompt type: system configuration import <path to file>
Use Special Characters in Names
Most symbols can be entered without any special quoting. If you want to include spaces or double quotes as part of a name, however, care must be taken. To use double quotes, enclose the entire string in double quotes and put a backslash in front of each double quote you want to be part of the name:
-
admin@cc> collector new "before\"after" Zone1 cc:eth0
-
admin@cc> collector list
-
admin@cc> collector new with\ space Zone1 cc:eth0
-
admin@cc> collector new "two words" Zone1 cc:eth0
-
admin@cc> collector list
User names cannot have special characters.
Enforce Password Rules
To enforce password rules, at the command prompt type: system password-controls enable
Manage a Zone-level Avoid List
To manage a zone-level Avoid List, use the following commands:
-
zone discoveryspaces <zonename> avoid [ + | - | = ] command-line <cidr> [ <cidr> ...
-
zone discoveryspaces <zonename> avoid [ + | - | = ] remote <user@host:path/to/file>
Use + for adding, - for deleting, and = for replacing