Commands

Overview

The FlowPro commands provide access to numerous maintenance utilities, including password changes and other configuration options. Device management utilities are also included in the command list along with many routines to access information required for technical support.

Click on an entry in the Command list table to see the usage of that command.

Command list

Command	Sub-command
check	replist
clear	domainlist log
disable	apm defender domainlist domainreputationlist erspan flowpro HTTPMonitoring trackProcessMetrics
edit	domainlist license plixer.ini
enable	apm defender domainlist domainreputationlist erspan flowpro HTTPMonitoring trackProcessMetrics
service	flowpro
set	activeDomainResendSeconds collector hostname password
show	configuration domainlist erspan features interfaces license log status
snoop	interface ipaddress
system	restart shutdown

Command usage

check

Check different settings and configurations on the FlowPro appliance.

check replist

Usage: check replist

Description: Check the ability for FlowPro to reach nba.plixer.com to download the reputation lists every ten minutes. If this appliance does not have access to the internet, contact Plixer’s Support for help.

Note

This feature requires the Defender licensing.

clear

Clean up or remove data from a system. Use with caution.

clear domainlist

Usage: clear domainlist <domain_list>

Description: Remove a domainlist from the system. Use with caution. Use the show domainlist command to see a list of active domainlists.

Note

This feature requires the Defender licensing.

clear log

Usage: clear log <log_file>

Description: Remove data from a specific log file. Use with caution. To get a list of active logs, use the show log command.

Note: You can not remove data from the cli.log file.

EXAMPLE: FLOWPRO> clear log dns1yaf.log

disable

Disable Settings.

disable apm

Usage: disable apm <interface> <apmMode>

Description: Disable either Latency, VOIP or both monitoring on an interface. That interface must be active. Valid apmModes are:

voip
latency
both

Use the show configuration command to get a list of currently enabled interfaces.

Note

This feature requires the APM licensing.

disable defender

Usage: disable defender <interface>

Description: Disable DNS monitoring on an interface. That interface must be active. Use the show configuration command to get a list of currently enabled interfaces.

Note

This feature requires the Defender licensing.

disable domainlist

Usage: disable domainlist <domain_list>

Description: Disable a custom domain reputation list. The domain list disabled will not be removed and can be re-enabled with the enable domainlist command.

Note

This feature requires the Defender licensing.

disable domainreputationlist

Usage: disable domainreputationlist

Description: Disable the check against domain reputation lists configured on the system. To see available domain lists, use the show domainlist command.

Note

This feature requires the Defender licensing.

disable erspan

Usage: disable erspan <interface>

Description: Disable the ERSPAN configured on a monitoring interface.

disable flowpro

Usage: disable flowpro <interface>

Description: Disable traffic monitoring on an interface. Use the show configuration command to get a list of currently enabled interfaces.

disable HTTPMonitoring

Usage: disable HTTPMonitoring

Description: This process keeps track of all domains hit with HTTP. The list of currently active domains is saved for the amount of seconds set by the set activeDomainResendSeconds command.

HTTP monitoring will be on the same interfaces that are configured in the enable defender command.

Note

This feature requires the Defender licensing.

disable trackProcessMetrics

Usage: disable trackProcessMetrics

Description: Disable FlowPro process metrics.

edit

Edit the configuration files used by FlowPro.

edit domainlist

Usage: edit domainlist <domain_list>

Description: Edit a custom domain reputation list. The name of the domain list given on the command line will create a new list of that name if none exists already.
The custom domain reputation list created must contain one domain per line and each domain must contain a two layer domain. Domains that are not at least 2 layers will be ignored.

Note

This feature requires the Defender licensing.

edit license

Usage: edit license

Description: Opens the plixer.ini file where the license key is stored. The plixer.ini file is where configurations for FlowPro are stored. After editing the plixer.ini file, FlowPro will restart services to pull in any new changes made.

edit plixer.ini

Usage: edit plixer.ini

Description: Opens the plixer.ini file for edit. The plixer.ini file is where configurations for traffic monitoring are stored. After editing the plixer.ini file, FlowPro will restart services to pull in any new changes made.

enable

Enable monitoring options. All settings can be set inside the configuration file using ‘edit plixer.ini’.

enable apm

Usage: enable apm <interface> <apmMode>

Description: Enable either Latency, VOIP or both monitoring on an interface. That interface must be active. Valid apmModes are:

voip
latency
both

Use the show interfaces command to get a list of available monitoring interfaces.

Note

This feature requires the APM licensing.

enable defender

Usage: enable defender <interface>

Description: Enable DNS monitoring on an interface. That interface must be active. Use the show interfaces command to get a list of available monitoring interfaces.

Note

This feature requires the Defender licensing.

enable domainlist

Usage: enable domainlist <domain_list>

Description: Enable a custom domain reputation list. In addition to the known compromised domain list provided by Plixer, you can create your own list.

To create a new list, use the ‘edit domainlist <domain_list_name>’ command.

Note

This feature requires the Defender licensing.

enable domainreputationlist

Usage: enable domainreputationlist

Description: Enable FlowPro to download an updated list of known compromised domains. This list will be downloaded from nba.plixer.com every ten minutes. Use the check replist command to check connection to the list.

Note

This feature requires the Defender licensing.

enable erspan

Usage: enable erspan <interface> <ipaddress/cidr> <gateway> <peerIPaddress>

Description: Configure a monitor interface to receive traffic sent from an ERSPAN/GRE tunnel. This configuration supports all types of GRE tunnels.

All of the following parameters are required:

• interface
  
• ipaddress/cidr
  
• gateway
  
• peerIPaddress
  

<interface> is which interface to use to monitor the ERSPAN/GRE tunnel traffic. The interface used must be one of the monitor interfaces listed when the command show interfaces is used.

<ipaddress/cidr> is the IP address dedicated to the ERSPAN/GRE tunnel. This IP must be routable from the monitoring interface to the device configured to send ERSPAN/GRE. Both an IP address and a cidr are required and must be unique to this interface. Do not use the IP address of the management interface of the FlowPro appliance.

<gateway> is used by the monitor interface and is needed to create a route to keep the outgoing traffic from the ERSPAN/GRE tunnel localized to the monitor interface.

<peerIPaddress> is the external address of the switch configured for ERSPAN/GRE. If the device configured is VMware, the IP address of the host should be used.

Command Example:

enable erspan mon1 10.30.15.50/16 10.30.1.1 10.30.1.203

Go to the ERSPAN configuration for instructions on configuring the ERSPAN/GRE device configuration.

enable flowpro

Usage: enable flowpro <interface>

Description: Enable traffic monitoring on an interface. That interface must be active. Use the show interfaces command to get a list of available monitoring interfaces.

enable HTTPMonitoring

Usage: enable HTTPMonitoring

Description: This process keeps track of all domains hit with HTTP. The list of currently active domains is saved for the amount of seconds set by the set activeDomainResendSeconds command.

HTTP monitoring will be on the same interfaces that are configured in the enable defender command.

Note

This feature requires the Defender licensing.

enable trackProcessMetrics

Usage: enable trackProcessMetrics

Description: Send process information to your collector about the FlowPro processes. Information about cpu and memory usage will be sent to the collector.

service

service flowpro

Usage: service flowpro <start|stop|restart>

Description: Control the FlowPro service daemon.

set

Change various settings for the FlowPro appliance.

set activeDomainResendSeconds

Usage: set activeDomainResendSeconds <seconds>

Description: Set the amount of seconds to resend the active domain list to your collector. The active domain list is a list of domains seen by the defender http module since the last time the list was sent from the FlowPro. To enable the HTTP monitoring, run the enable HTTPMonitoring command. Seconds can be set to a whole number between 300 (5 minutes) and 86400 (24 hours).

Note

This feature requires the Defender licensing.

set collector

Usage: set collector <ip> <port>

Description: Configure the collector and port number for the FlowPro to send flows to. The collector’s IP and port are required for this setting. The collector must be configured to listen on the port the FlowPro is sending to or flows will not be collected.

set hostname

Usage: set hostname <hostname>

Description: Change the hostname of the FlowPro appliance. The ‘hostname’ parameter is required. A reboot is required for this change to take effect.

set password

Usage: set password

Description: Change the password for the ‘flowpro’ operating system user.

show

Check information or settings from FlowPro.

show configuration

Usage: show configuration

Description: Shows FlowPro’s current configuration options and values.

show domainlist

Usage: show domainlist

Description: Shows all custom domainlists configured on the system. To edit the custom domain list, run the edit domainlist command.

Note

This feature requires the Defender licensing.

show erspan

Usage: show erspan

Description: Shows FlowPro’s current ERSPAN configuration information. Only one ERSPAN tunnel per interface can be configured at a time.

show features

Usage: show features

Description: Shows FlowPro’s current licensed features.

show interfaces

Usage: show interfaces

Description: Shows interfaces available to be configured for monitoring mirrored traffic.

show license

Usage: show license

Description: Shows current license information.

show log

Usage: show log <log_file>

Description: Shows the current log entries for the given log. ‘show log’ without naming a <log_file> will print out available logs for viewing.

show status

Usage: show status

Description: Shows status of FlowPro processes.

snoop

The snoop command can be used to verify that packets are being received by or sent from the FlowPro for a certain IP address or interface. This command runs tcpdump with a filter of either an interface or ip address.

snoop interface

Usage: snoop interface <INTERFACE>

Description: Runs tcpdump filtering on a specific interface. Use the show interfaces command to see a list of available interfaces. To exit the snoop command, hit CTRL+C.

snoop ipaddress

Usage: snoop ipaddress <IPADDRESS>

Description: Runs tcpdump with a filter of an ip address. To exit the snoop command, hit CTRL+C.

system

The system command is used to change state of the FlowPro operating system.

system restart

Usage: system restart

Description: Restart the operating system.

system shutdown

Usage: system shutdown

Description: Shutdown the operating system.