IBM Support

Security Network Protection Command Line Interface (CLI) troubleshooting commands

Question & Answer


Question

What are the available Security Network Protection (XGS) CLI commands to assist with troubleshooting?

Answer

 
IBM Security Network Protection Command Line Interface Troubleshooting Commands (00:04:05)
This video discusses commands commonly used in the Command Line Interface (CLI) for XGS troubleshooting.
 

The Security Network Protection (XGS) has removed root access for appliance security. In place of root access, IBM has developed a predefined set of the module commands to allow console and SSH CLI access. The modules available are broken up into a hierarchical structure with commands specific to each module. The prompt changes to display the module you are in and displays a list of the available commands.

Notes:
  • At any point, type help to display a list of the available commands.
  • The tab key can be used to finish commands (if you wanted to enter support, you can type su then tab key to complete support).
Example:




Below are the typical commands that are used to troubleshooting the XGS:

rescue - Assists with unlocking/resetting admin accounts. (found under the Management command)
  1. Go LMI > Manage > SSH Public Key Management to add other admin users.
  2. SSH into XGS CLI with the added admin user and send rescue command to unlock admin account.
  3. System event GLGAU9010W is generated and logged.

analysis - Work with packet analysis features.
  • debug: Temporarily set debug level. (Usage: debug LEVEL).
  • dpi: Temporarily enable/disable Deep Packet Inspection DPI. (Usage: dpi [on|off]).
logs - Work with log files.
  • less: View and search a log file. (Usage: less [ <log-file-name> ]).

  • 1: system
    2: webserver
    3: analysis
    4: updates
  • Tail: Tail a log file. (Usage: tail [ -n <NUM_LINES> ] [-F] [ <log-file-name> ]. Data is appended to output as the file grows when -F is specified. When not specified, the default value for NUM_LINES is 10.).
    1: system
    2: webserver
    3: analysis
    4: updates

services - Work with certain system services.
  • restart: List services that can be restarted.
    Select the service to restart: (Usage: enter in the number of the service you would like to restart, 1-5).

  • 1: Packet Processing
    2: Packet Capture
    3: Local Management Interface
    4: License and Update
    5: SiteProtector Communication

stats - Work with product statistics/status.
  • show: Show product statistics/status. (Usage: enter in the number of the statistics/status you would like to see, 1-12).

  • 1: Show all available status
    2: CPU Usage
    3: Memory Usage
    4: Storage Usage
    5: Packet Processing
    6: Protection Interfaces
    7: Inbound SSL
    8: Outbound SSL
    9: Login Expiration
    10: NTP Time Drift
    11: Last Policy Modification Time
    12: Number of reboots

snapshots - Work with policy snapshot files.
  • apply - Apply a policy snapshot file to the system.
  • create - Create a snapshot of current policy files.
  • delete - Delete a policy snapshot file.
  • download - Download a policy snapshot file to a USB flash drive.
  • get_comment - View the comment that is associated with a policy snapshot file.
  • list - List the policy snapshot files.
  • set_comment - Replace the comment associated with a policy snapshot file.
  • upload - Upload a policy snapshot file from a USB flash drive.

    Note: For assistance to creating Snapshots in the LMI, see Technote 1669579: Creating snapshots and options on Security Network Protection sensors.
support - Work with support information files.
  • create - Create a support information file.
  • delete - Delete a support information file.
  • download - Download a support information file to a USB flash drive.
  • get_comment - View the comment that is associated with a support information file.
  • list - List the support information files.
  • set_comment - Replace the comment that is associated with a support information file.

tools - Work with network diagnostic tools.
  • Capture - Perform a packet capture
        • delete - Delete a packet capture file
        • deleteall - delete all packet capture files
        • download - download a packet capture file to USB
        • downloadall - download all packet capture files to USB
        • limits - list global packet capture limits
        • list- list packet capture files
        • minterface - work with packet capture on management interfaces
        • pinterface - work with Packet Capture on protection interfaces

          Note: For assistance to creating packet capture, see Technote 1883213: Capturing network traffic on Security Network Protection sensors.
  • Nslookup - Query name servers; type: nslookup <host> .
  • Ping - Send an ICMP echo request to network host; type: ping <ip address>; CRTL+C to end the ping request.
  • Telnet - Test connectivity to a port on a host; type: telnet [-1 USER] HOST [PORT].
  • Traceroute - Trace the route to a host; type: traceroute [-6] <host> [ <size> ] man.

For additional assistance, see: IBM Knowledge Center - Command-line interface and IBM Security Network Protection XGS – Troubleshooting the XGS appliance.

If you feel that there is a command or change to an existing command that would improve this function, make a request through the IBM Request for Enhancement (RFE) Community website. Your request is reviewed by the development team.
 

[{"Business Unit":{"code":"BU008","label":"Security"},"Product":{"code":"SSHLHV","label":"IBM Security Network Protection"},"Component":"Command Line Interface (CLI)","Platform":[{"code":"PF009","label":"Firmware"}],"Version":"All Versions","Edition":"","Line of Business":{"code":"LOB24","label":"Security Software"}},{"Line of Business":{"code":"LOB24","label":"Security Software"},"Business Unit":{"code":"BU059","label":"IBM Software w\/o TPS"},"Product":{"code":"SSFSVP","label":"IBM QRadar Network Security"},"ARM Category":[{"code":"a8m500000008YPiAAM","label":"ATS-Infrasec->Network XGS->UI"}],"Platform":[{"code":"PF025","label":"Platform Independent"}],"Version":"All Version(s)"}]

Document Information

Modified date:
08 February 2021

UID

swg21984900