Commands

Overview

The Plixer FlowPro command set provides numerous configuration and maintenance utilities required for device management and technical support purposes.

Click on a command in the table to see the usage instructions.

Command Usage

check

Verify different settings and configurations on the Plixer FlowPro appliance.

check replist

Usage: check replist

Description: Check the ability for FlowPro to reach nba.plixer.com to download the reputation lists every ten minutes. If this appliance does not have access to the internet, contact Plixer Technical Support for help.

Note

This feature requires the Plixer FlowPro Defender license.

clear

Clean up or remove data from a system. Use with caution.

clear domainlist

Usage: clear domainlist <domain_list>

Description: Remove a domain list from the system. Use with caution. Use the show domainlist command to list all active domain lists.

Note

This feature requires the Plixer FlowPro Defender license.

clear log

Usage: clear log <log_file>

Description: Remove data from a specific log file. Use with caution. Use the show log command to display a list of active logs.

Note: You cannot clear data from the cli.log file.

EXAMPLE: FLOWPRO> clear log dns1yaf.log

disable

Disable Settings.

disable apm

Usage: disable apm <interface> <apmMode>

Description: Disable either monitoring of Latency, VOIP or both on an interface. The specified interface must be active. Valid <apmMode> options are:

voip
latency
both

Use the show configuration command to display a list of currently enabled interfaces.

Note

This feature requires the Plixer FlowPro APM license.

disable defender

Usage: disable defender <interface>

Description: Disable DNS monitoring on an interface. The specified interface must be active. Use the show configuration command to display a list of currently enabled interfaces.

Note

This feature requires the Plixer FlowPro Defender license.

disable domainlist

Usage: disable domainlist <domain_list>

Description: Disable a custom domain reputation list. The disabled domain list will not be removed and can be re-enabled using the enable domainlist command.

Note

This feature requires the Plixer FlowPro Defender license.

disable domainReputationList

Usage: disable domainReputationList

Description: Disable checking against the domain reputation lists configured on the system. Use the show domainlist command to display the available domain lists.

Note

This feature requires the Plixer FlowPro Defender license.

disable erspan

Usage: disable erspan <interface>

Description: Disable the ERSPAN configured on a monitoring interface.

disable flowpro

Usage: disable flowpro <interface>

Description: Disable traffic monitoring on an interface. Use the show configuration command to display the list of enabled interfaces.

disable HTTPMonitoring

Usage: disable HTTPMonitoring

Description: This process keeps track of all domains contacted with HTTP. The list of currently active domains is saved for the number of seconds set by the set activeDomainResendSeconds command.

HTTP monitoring applies to the same interfaces that are configured using the enable defender command.

Note

This feature requires the Plixer FlowPro Defender license.

disable trackProcessMetrics

Usage: disable trackProcessMetrics

Description: Disable Plixer FlowPro process metrics.

edit

Edit the Plixer FlowPro configuration files.

edit domainlist

Usage: edit domainlist <domain_list>

Description: Edit a custom domain reputation list. The name specified in <domain_list> will create a new list with that name if none exists already.
The custom domain reputation list created must contain one domain per line and each domain must contain a two or three layer domain (2LD/3LD). Domains names that do not contain 2 or 3 layers will be ignored.

Note

This feature requires the Plixer FlowPro Defender license.

edit license

Usage: edit license

Description: Opens the plixer.ini file where the license key is stored. The plixer.ini file also stores the Plixer FlowPro configuration information. After editing the plixer.ini file, Plixer FlowPro will restart services to load the changes made.

edit plixer.ini

Usage: edit plixer.ini

Description: Opens the plixer.ini file for edit. The plixer.ini file stores the Plixer FlowPro configuration information. After editing the plixer.ini file, Plixer FlowPro will restart services to load the changes made.

enable

Enable monitoring options. All settings can be edited in the configuration file using ‘edit plixer.ini’.

enable apm

Usage: enable apm <interface> <apmMode>

Description: Enable the monitoring of Latency, VOIP or both on an interface. The specified interface must be active. Valid <apmModes> options are:

voip
latency
both

Use the show interfaces command to display a list of available monitoring interfaces.

Note

This feature requires the Plixer FlowPro APM license.

enable defender

Usage: enable defender <interface>

Description: Enable DNS monitoring on an interface. The specified interface must be active. Use the show interfaces command to display a list of available monitoring interfaces.

Note

This feature requires the Plixer FlowPro Defender license.

enable domainlist

Usage: enable domainlist <domain_list>

Description: Enable a custom domain reputation list. Custom user-defined reputation lists can be created to supplement the known compromised domain list provided by Plixer.

Use the ‘edit domainlist <domain_list_name>’ command to create a new list.

Note

This feature requires the Plixer FlowPro Defender license.

enable domainReputationList

Usage: enable domainReputationList

Description: Enable Plixer FlowPro to download an updated list of known compromised domains. This list will be downloaded from nba.plixer.com every ten minutes. Use the check replist command to verify acccess to the list.

Note

This feature requires the Plixer FlowPro Defender license.

enable erspan

Usage: enable erspan <interface> <ipaddress/cidr> <gateway> <peerIPaddress>

Description: Configure a monitor interface to receive traffic from an ERSPAN/GRE tunnel. This configuration supports all types of GRE tunnels.

All of the following parameters are required:

  • interface
  • ipaddress/cidr
  • gateway
  • peerIPaddress

<interface>: interface used to monitor the ERSPAN/GRE tunnel traffic. This interface must be one of the monitoring interfaces displayed by the command show interfaces.

<ipaddress/cidr>: IP address dedicated to the ERSPAN/GRE tunnel. This IP must be routable from the monitoring interface to the network device configured to send ERSPAN/GRE. Both the IP address and CIDR are required, which must be unique to this interface. Do not use the IP address of the management interface of the FlowPro appliance.

<gateway>: used by the monitoring interface to create a route to keep the outgoing traffic from the ERSPAN/GRE tunnel localized to the monitoring interface.

<peerIPaddress>: external address of the network device configured to send ERSPAN/GRE. If the device is a VMware VDS, enter the IP address of the VMware host.

Command Example:

enable erspan mon1 10.30.15.50/16 10.30.1.1 10.30.1.203

Go to the ERSPAN configuration section for instructions on how to configure the ERSPAN/GRE device.

enable flowpro

Usage: enable flowpro <interface>

Description: Enable traffic monitoring on an interface. The interface must be active. Use the show interfaces command to display a list of available monitoring interfaces.

enable HTTPMonitoring

Usage: enable HTTPMonitoring

Description: This process keeps track of all domains accessed with HTTP. The list of currently active domains is saved for the number of seconds set by the set activeDomainResendSeconds command.

HTTP monitoring will be on the same interfaces that are configured using the enable defender command.

Note

This feature requires the Plixer FlowPro Defender license.

enable trackProcessMetrics

Usage: enable trackProcessMetrics

Description: Send process information to your collector about the FlowPro processes. Information about CPU and memory usage will be sent to the collector.

service

service flowpro

Usage: service flowpro <start|stop|restart>

Description: Control the Plixer FlowPro service daemon.

set

Change various settings for the Plixer FlowPro appliance.

set activeDomainResendSeconds

Usage: set activeDomainResendSeconds <seconds>

Description: Set the number of seconds to resend the active domain list to your collector. The active domain list is the list of domains seen by the Plixer FlowPro Defender HTTP module since the last time the list was sent. Run the enable HTTPMonitoring command To enable the HTTP monitoring. The <seconds> parameter must be set to a whole number between 300 (5 minutes) and 86400 (24 hours).

Note

This feature requires the Plixer FlowPro Defender license.

set collector

Usage: set collector <ip> <port>

Description: Configure the collector IP address and port number for the Plixer FlowPro to send flows to. The collector IP and port are required. The flows will not be collected by the collector if it is not configured to listen on that port number.

set hostname

Usage: set hostname <hostname>

Description: Change the hostname of the Plixer FlowPro appliance. The ‘hostname’ parameter is required. A reboot is required for this change to take effect.

set password

Usage: set password

Description: Change the password for the ‘flowpro’ operating system user.

show

Display Plixer FlowPro information or settings.

show configuration

Usage: show configuration

Description: Shows current Plixer FlowPro configuration settings.

show domainlist

Usage: show domainlist

Description: Shows all custom domain lists configured on the system. Run the edit domainlist command to edit the custom domain list.

Note

This feature requires the Plixer FlowPro Defender license.

show erspan

Usage: show erspan

Description: Shows current ERSPAN configuration information. Only one ERSPAN tunnel can be configured per interface.

show features

Usage: show features

Description: Shows licensed Plixer FlowPro features.

show interfaces

Usage: show interfaces

Description: Shows available interfaces that can be configured to monitor mirrored traffic.

show license

Usage: show license

Description: Shows current license information.

show log

Usage: show log <log_file>

Description: Shows the current entries for the given log. Entering ‘show log’ without naming a <log_file> will display the full list of available logs.

show machine_id

Usage: show machine_id

Description: Shows the machine id of the Plixer FlowPro appliance.

show status

Usage: show status

Description: Shows status of Plixer FlowPro processes.

snoop

The snoop command can be used to verify that packets are being received by or sent from the Plixer FlowPro for a certain IP address or interface. This command runs tcpdump with a filter of either an interface or ip address.

snoop interface

Usage: snoop interface <interface>

Description: Runs tcpdump filtered on a specific interface. Use the show interfaces command to see a list of available interfaces. Use CTRL+C to exit the snoop command.

snoop ipaddress

Usage: snoop ipaddress <ipaddress>

Description: Runs tcpdump filtered on an IP address. Use CTRL+C to exit the snoop command.

system

The system command is used to change state of the Plixer FlowPro operating system.

system restart

Usage: system restart

Description: Restart the operating system.

system shutdown

Usage: system shutdown

Description: Shutdown the operating system.