(advanced-cli)= # Interactive CLI The Scrutinizer interactive CLI utility provides access to system-level functions, such as admin operations, configuration/maintenance routines, and integration management. The interactive prompt (`SCRUTINIZER>`) is accessed by establishing an SSH session with the Scrutinizer server and running: ```cfg scrut_util ``` **On this page:** ````{grid} 4 :gutter: 1 ```{grid-item-card} Configuration & settings :link: cli-configuration-settings :link-type: ref ``` ```{grid-item-card} Data collection & processing :link: cli-data-collection :link-type: ref ``` ```{grid-item-card} Data management & maintenance :link: cli-data-management :link-type: ref ``` ```{grid-item-card} Importing & exporting data :link: cli-data-import-export :link-type: ref ``` ```{grid-item-card} Network & monitoring :link: cli-network-monitoring :link-type: ref ``` ```{grid-item-card} System management :link: cli-system-management :link-type: ref ``` ```{grid-item-card} Third-party integrations :link: cli-third-party :link-type: ref ``` ```{grid-item-card} User & security management :link: cli-user-security :link-type: ref ``` ```` :::{NOTE} Most **scrut_util** commands can also be executed using direct shell syntax, which allows them to be used in scripts to automate maintenance tasks. Run the following from the shell to view the equivalent syntax for the top-level interactive commands listed below: ```cfg scrut_util --help [COMMAND] ``` ::: (cli-configuration-settings)= ## Configuration & settings (cli-convert)= ### convert The `convert` command is used to convert different types of data and information. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg converttoaes ``` - Converts all encrypted information stored by Scrutinizer to use AES 256 encryption ::: (cli-disable)= ### disable The `disable` commands are used to disable specific functions/features in Scrutinizer. ```{note} These commands can alter Scrutinizer functionality and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg disable baseline ``` - Disables all baselines for the exporter with the specified `IP_ADDRESS` *Historical data associated with the exporter will not be deleted but will still expire following the configured [data retention settings](a-settings-history).* * - ```cfg disable elk http:// ``` - Disables ELK flows from Scrutinizer to the URL specified by `IP:PORT` * - ```cfg disable ipv6 ``` - Disables IPv6 for all interfaces in `sysctl.conf` * - ```cfg disable splunk http:// ``` - Disables Splunk flows from Scrutinizer to the URL specified by `IP:PORT` * - ```cfg disable ssh_root_login ``` - Prohibits the superuser root account from logging into a Linux shell directly from outside hosts *Instead of allowing remote root SSH login, it is recommended to instead log in as the `plixer` user and use `sudo` for maintenance tasks. This command will not affect root logins from a physical or virtual console.* * - ```cfg disable unresponsive ``` - Disables pinging of exporters that have been flagged as unresponsive * - ```cfg disable user ``` - Disables the specified `USERNAME` account with scrut_util access (e.g., for server maintenance) ::: (cli-enable)= ### enable The `enable` commands are used to enable/configure specific functions in Scrutinizer. ```{note} These commands can alter Scrutinizer functionality and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg enable baseline default ``` - Enables default baselines for the exporter with the specified `IP_ADDRESS` * - ```cfg enable baseline manual ``` - Enables a custom baseline with the following parameters for the exporter with the specified `IP_ADDRESS`: - `PRIMARY` - IPFIX element to be included in the baseline (e.g., sourceIPv4Address, applicationName, etc.) - `SECONDARY` - Optional secondary IPFIX element to be included in the baseline - `ELEMENT` - Corresponding numeric IPFIX element for the primary and secondary elements to be used to determine the baseline (e.g., packetDeltaCount, octetDeltaCount, etc.) - `AVG` | `COUNT` | `MIN` | `MAX` | `STD` | `SUM` - Selects between average (`AVG`), flow count (`COUNT`), minimum value (`MIN`), maximum value (`MAX`), standard deviation (`STD`), or sum (`SUM`) for measuring the specified `ELEMENT` - `dailyhr` | `busday` | `sameday` - Selects between daily (`dailyhr`), daily on business days (`busday`), or same day weekly (`sameday`) for baseline comparison *When baselining IP addresses, [IP groups](admin-definitions) should be defined for the address ranges and subnets to be included in the baseline. This will prevent addresses that may only talk once from triggering false positives.* * - ```cfg enable elk http:// ``` - Enables ELK flows from Scrutinizer to the URL specified by `IP:PORT` * - ```cfg enable ipv6 ``` - Enables IPv6 for all interfaces in `sysctl.conf` * - ```cfg enable splunk http:// ``` - Enables Splunk integration using the provided server and forwarder details * - ```cfg enable ssh_root_login ``` - Allows the superuser root account to log into a Linux shell directly from outside hosts *Instead of allowing root SSH login, it is recommended to instead log in as the `plixer` user and use `sudo` for maintenance tasks.* * - ```cfg enable user <1|2|3> ``` - Creates a new login account with the specified `USERNAME` and one of the following security levels: - `1` - Only commands that can stop data collection are disabled. - `2` - Commands that can remove integrations or stop data collection are disabled. - `3` - Only commands to collect information about Scrutinizer and the operating system are enabled. ::: (cli-set)= ### set The `set` commands are used to manage settings/behaviors related to authentication, networking, and general operation for the Scrutinizer server. ```{note} These commands can alter Scrutinizer functionality and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg set columnmoniker [ELEMENT_LIST] ``` - Replaces an information element's `OLD_NAME` with the specified `NEW_NAME` *If the optional `ELEMENT_LIST` of one or more elements (comma-delimited) is included, renaming will be limited to flow templates that also include those elements.* *This command should only be run under the direction of [Plixer Technical Support](resource-technical-support).* * - ```cfg set dns ``` - Allows use the user to enter one or more new DNS servers for hostname resolution *The operation will overwrite the system's previous DNS server list.* * - ```cfg set hostinfo ``` - Assigns the specified `FQHN` (fully qualified hostname) to the current Scrutinizer appliance and configures resolution for the provided `IP_ADDRESS` * - ```cfg set leds_threshold ``` - Resets the LED warning threshold to 10% of the total storage available on the appliance's data partition *When combined with the [Auto History Trimming](a-settings-history) settings, this function can help prevent Scrutinizer from using up all available storage.* * - ```cfg set myaddress set myaddress ``` - Assigns the specified `IPv4`/`IPv6_ADDRESS`, `CIDR`/`NETMASK`, and `GATEWAY` to the current appliance *After the provided IP information has been confirmed to be correct, the previous address of the same type will be overwritten.* *Because an SSH session will automatically be terminated after the new IP address is assigned, it is recommended to run this command from a console connection.* * - ```cfg set partitions ``` - Extends the specified `PARTITION` to expand OS diskspace for the current hardware or virtual (requires the `extend` flag) appliance *It is highly recommended to [create a backup](backups-full) before running this command.* * - ```cfg set password plixer set password webui ``` - Resets the password for the `plixer` OS user/account or the web interface account with the specified `USER_NAME` * - ```cfg set registercollector [secondary] ``` - Registers the Scrutinizer appliance with the specified `IP_ADDRESS` as a remote collector and, if the `SECONDARY` flag is included, as the [secondary reporter](ha-reporters) for the [distributed cluster](guides-distributed) *This command must be run from the distributed cluster's primary reporter/server.* * - ```cfg set salt ``` - Adds the specified `SALT` value to the current appliance's machine details for license key generation * - ```cfg set selfregister [reset] ``` - Reinitializes the server and, if the `reset` flag is included, resets all [appliance settings](deploy-setup) * - ```cfg set selfreporter ``` - Promotes the *secondary reporter* in a [distributed cluster](distributed-setup) to the *primary reporter* role *This command must be run on an appliance that was assigned the secondary reporter role (see `registercollector` above).* * - ```cfg set sshcollectorkeys ``` - Generates a new SSH key pair and distributes it to all registered appliances *The operation will also overwrite any previous key pairs, which will address any issues that require re-syncing of SSH access.* * - ```cfg set ssl [ecc] ``` - Reconfigures Scrutinizer's web server self-signed SSL certificate *If the `ecc` argument is included, a 256-bit Elliptical Curve (EC) public/private key pair will also be generated.* *For further details on Scrutinizer's default SSL settings and behavior, see the [SSL configuration guide](deploy-ssl).* * - ```cfg set timezone ``` - Sets the Scrutinizer appliance's time zone to the specified `TIMEZONE` *For a list of time zones, use the [show timezone](cli-show) command.* * - ```cfg set tuning ``` - Re-tunes the appliance by modifying certain Scrutinizer and OS settings in `sysctl.conf`, `postgresql.conf`, and `plixer.ini` as well as in the `plixer.exporters` and `plixer.serverprefs` tables. *This command should only be run under the direction of [Plixer Technical Support](resource-technical-support).* * - ```cfg set voip ``` - Toggles predefined VoIP port ranges `on` or `off` * - ```cfg set webui_timeout ``` - Sets the number of `SECONDS` before web app requests or queries to the web server and PostgreSQL time out * - ```cfg set yum_proxy ``` - Configures/overwrites proxy settings using the provided `HOST` address/hostname, `PORT`, and `USER` in the yum configuration file. ::: (cli-show)= ### show The `show` commands are used to view various details, settings, and other functional elements for the Scrutinizer server/environment. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg show datasize ``` - Displays a breakdown of database storage sizes by schema * - ```cfg show diskspace ``` - Displays storage allocation and utilization details * - ```cfg show dns ``` - Displays a list of all DNS servers used for hostname resolution * - ```cfg show exporters [FILTER] ``` - Displays a list of exporters sending data to collectors (using the specified `FILTER` if included) * - ```cfg show groups ``` - Displays a list of all current device/mapping groups * - ```cfg show interfaces [FILTER] ``` - Displays a list of interfaces sending data to collectors (using the specified `FILTER` if included) * - ```cfg show ipaddresses ``` - Displays all IP addresses assigned to the current Scrutinizer appliance * - ```cfg show metering [FILTER] ``` - Displays a list of interfaces by exporter and their metering direction (using the specified device IP address `FILTER` if included) * - ```cfg show partitions ``` - Displays partition information for the current Scrutinizer appliance * - ```cfg show task [FILTER] ``` - Displays a list of all tasks currently configured in Scrutinizer (using the specified task name `FILTER` if included) * - ```cfg show timezone ``` - Displays the timezone configured for the current Scrutinizer appliance * - ```cfg show tzlist [FILTER] ``` - Displays a list of timezones that can be configured for the Scrutinizer appliance (via the [set timezone](cli-set) command) * - ```cfg show unknowncolumns ``` - Displays a list of exporter information elements that are unrecognized by Scrutinizer *Contact [Plixer Technical Support](resource-technical-support) for any information elements that you need supported.* * - ```cfg show yum_prox ``` - Displays the current yum proxy settings *To edit these settings, use the [set yum_proxy](cli-set) command.* ::: (cli-data-collection)= ## Data collection & processing (cli-check)= ### check The `check` commands can be used to run a check/test against the resource, setting, or function specified by the option used. ```{note} The collector should be stopped before running any of the `history_index` commands. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg check activeif ``` - Checks for active flows based on interface details and returns the last timestamp and number of interfaces that received flows * - ```cfg check collectorclass ``` - Returns running state details for the specified collector `CLASS` or, if provided, the specified `SUBSYSTEM` of that class *This command is used by [Plixer Technical Support](resource-technical-support) for troubleshooting.* * - ```cfg check data_last_written ``` - Returns activity details for collected flow data written to the database * - ```cfg check dist_info ``` - Returns distributed cluster configuration details for the Scrutinizer server * - ```cfg check hdtest [TRIES] ``` - Tests hard drive performance by running a write-delete operation either 10 times (default) or, if provided, the number of times specified by the `TRIES` parameter and returns details for the amount of time taken * - ```cfg check heartbeat ``` - Test and returns information on internal communications with the specified resource type * - ```cfg check history_index ``` - Checks the history index and returns historical activity information for the 1m interval aggregation table * - ```cfg check history_index_empty_tables ``` - Checks the history index and returns a list of tables with zero rows (collector should be stopped first) *To delete empty tables, use the [delete](cli-delete) command instead.* * - ```cfg check history_index_orphans ``` - Checks the history index and returns a list of entries for which a table does not actually exist *To delete orphan entries, use the [delete](cli-delete) command instead.* * - ```cfg check history_index_table_orphans ``` - Checks the history index and returns a list of tables that do not have a history index entry (collector should be stopped first) *To delete orphan tables, use the [delete](cli-delete) command instead.* * - ```cfg check interfaces [all|cisco|sonicwall|huawei [HOST_IP]] ``` - Uses alternative methods to retrieve interface descriptions (SNMP for Huawei and NetFlow data for Cisco and SonicWall) on the specified `HOST_IP` *This operation leverages NetFlow data for Cisco and SonicWall devices. Checking Huawei devices relies on SNMP and referencing their vendor-specific MIBs instead.* * - ```cfg check license ``` - Returns license details for the Scrutinizer server * - ```cfg check machine_id ``` - Returns the current Machine ID of the Scrutinizer server * - ```cfg check machine_id_list ``` - Returns all previous, current, and possible Machine IDs for the Scrutinizer server * - ```cfg check rollcall ``` - Checks the current states of data roll-up time buckets and returns a list of states and record counts by bucket * - ```cfg check rollups ``` - Checks the current states of all data roll-ups and returns a list of roll-up counts by status * - ```cfg check route ``` - Checks the specified `DEVICE_IP` to determine if its routing data is accessible and returns the result * - ```cfg check simplercv ``` - Checks for UDP traffic on the specified `` *This command can be used to verify that flows are being received at the top of the stack (i.e., tcpdump -> collector).* * - ```cfg check snmp ``` - Attempts to get *SysObjectID* for all devices and returns the credential object if successful (or an error if the attempt failed) * - ```cfg check ssl ``` - Returns the current settings for SSL parameter *To enable/disable SSL or edit the configuration, use the [set ssl](cli-set) command.* * - ```cfg check stats_exporters ``` - Returns an exporter activity time log * - ```cfg check task ``` - Returns a list of execution times and error codes for the specified `TASK_ID` *For a list of all task IDs, use the [show task](cli-show) command.* * - ```cfg check tuning ``` - Checks the current system configuration and returns a list of settings that can be modified to improve performance ::: (cli-collect)= ### collect The `collect` commands are used to manually execute collection processes for data that can be used in various Scrutinizer functions. Many of these processes are run automatically at regular intervals. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg collect asa_acl ``` - Immediately polls Cisco ASA devices to collect ASA ACL information * - ```cfg collect baseline ``` - Collects baseline data and checks for alarms/events * - ```cfg collect dbsize ``` - Collects database size information * - ```cfg collect elk ``` - Collects data from Scrutinizer and forwards it to the ELK server with the specified `IP_ADDRESS` * - ```cfg collect optionsummary ``` - Initiates processing of flow option data collected by Scrutinizer * - ```cfg collect snmp ``` - Immediately polls SNMP devices to collect data used by Scrutinizer * - ```cfg collect splunk ``` - Collects data from Scrutinizer and forwards it to the Splunk with the specified `IP_ADDRESS` * - ```cfg collect supportfiles ``` - Collects various logs and configuration data that can be used by [Plixer Technical Support](resource-technical-support) for troubleshooting * - ```cfg collect topology ``` - Collects device data to help Scrutinizer understand the network's topological layout * - ```cfg collect useridentity ``` - Initiates processing of user identity data collected by Scrutinizer ::: (cli-data-management)= ## Data management & maintenance (cli-clean)= ### clean The `clean` commands are used to manually execute housekeeping processes that are automatically run at regular intervals. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg clean all ``` - Immediately executes all scheduled housekeeping tasks * - ```cfg clean baseline ``` - Resets all configured baselines to the default values *Historical data will not be deleted but will still expire following the configured [data retention settings](a-settings-history).* * - ```cfg clean database ``` - Purges all temporary database entries * - ```cfg clean ifinfo ``` - Purges *ifinfo* entries that do not have matching entries in *activeif* * - ```cfg clean old_logs ``` - Purges old log files that are set to the *backup* status * - ```cfg clean tmp ``` - Purges all temporary files created by the graphing engine ::: (cli-delete)= ### delete The `delete` commands are used to delete database entries or tables from the Scrutinizer system. ```{NOTE} - These commands will permanently delete data and should be used with caution. - The collector should be stopped before running any of the `history_index` commands. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg delete history_index_empty_tables ``` - Deletes all tables with zero rows from the history index * - ```cfg delete history_index_orphans ``` - Deletes all history index entries for which a table does not actually exist * - ```cfg delete history_table_orphans ``` - Deletes all tables that do not have a history index entry ::: (cli-expire)= ### expire The `expire` commands are used to delete expired historical data following the configured [data retention settings](a-settings-history). ```{note} These commands will permanently delete data and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg expire dnscache [all] ``` - Purges expired DNS cache data (based on the *Days of DNS Request Data* setting) or, if the `all` option is included, all DNS cache data * - ```cfg expire history [trim] ``` - Purges expired flow data (based on *Flow Historical X Avg* settings) and also deletes older data until the *Minimum Percent Free Disk Before Trimming* is reached if the `trim` option is included * - ```cfg expire inactiveflows ``` - Removes expired inactive interfaces (based on the *Inactive Expiration* [system preference setting](a-settings-prefs)) from interface views * - ```cfg expire templates ``` - Purges flow template metadata for templates that haven't been observed for 30 days ::: (cli-optimize)= ### optimize The `optimize` commands are used to manually execute optimization processes that are automatically run at regular intervals. ```{note} These commands will modify database tables in Scrutinizer and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg optimize common ``` - Optimizes tables that are commonly inserted and deleted to improve database performance * - ```cfg optimize database ``` - Optimizes only tables in the specified `DATABASE` ::: (cli-repair)= ### repair The `repair` commands are used to run various repair processes related to Scrutinizer functions and databases. ```{note} These commands will modify database tables in Scrutinizer and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg repair business_hour_saved_reports ``` - Converts saved reports with business hours that were created in older Scrutinizer versions (15.5 and below) to the latest format with the same business hours * - ```cfg repair history_tables ``` - Repairs history tables that have the wrong *col* type for `octetDeltaCount` *This command is not used for PostgreSQL installations.* * - ```cfg repair policy_priority_order ``` - Repairs irregularities in alarm policy IDs (e.g., duplication) * - ```cfg repair range_starts ``` - Repairs history tables without the start time used to identify the range of data they contain *This repair process may take some time to complete and should only be executed under the direction of [Plixer Technical Support](resource-technical-support).* ::: (cli-data-import-export)= ## Importing & exporting data (cli-export)= ### export The `export` commands are used to dump data from Scrutinizer for external use. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg export applications ``` - Exports all current application rules/definitions as a CSV file with the specified `PATH` and `FILENAME` * - ```cfg export ipgroups ``` - Exports all current IP group rules/definitions as a CSV file with the specified `PATH` and `FILENAME` * - ```cfg export langtemplate ``` - If `LANG_NAME` keys are defined, creates a CSV file with the English and `LANG_NAME` keys and saves it as `home/plixer/scrutinizer/files/pop_languages_LANGNAME_template.csv` ::: (cli-import)= ### import The `import` commands are used to import various types of data (labels, definitions, groupings, etc.) for use in Scrutinizer's functions. For further information, see [this guide on importing data](guides-importing). (cli-upload)= ### upload The `upload supportfiles` command is used to upload the log and configuration data package (after running the [collect supportfiles](cli-collect) command) for use by [Plixer Technical Support](resource-technical-support). :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg upload supportfiles ``` - Uploads the log and configuration data package for use by Plixer Technical Support ::: (cli-network-monitoring)= ## Network & monitoring (cli-remove)= ### remove The `remove address ipv6` command is used to delete the current IPv6 address assigned to the server. ```{note} - The IPv6 address can only be removed if there is an IPv4 address assigned. To edit IP address settings, use the [set myaddress](cli-set) command. - This command will alter Scrutinizer functionality and should be used with caution. ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg remove address ipv6 ``` - Deletes the current IPv6 address assigned to the server ::: (cli-snoop)= ### snoop The `snoop` commands are used to listen for traffic at the interface level. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg snoop interface ``` - Listens for traffic on the specified `INTERFACE` and `PORT` * - ```cfg snoop ipaddress ``` - Listens for traffic on the specified `IP_ADDRESS` and `PORT` ::: (cli-system-management)= ## System management (cli-services)= ### services The `services` command is used to `stop`, `start`, or `restart` all services. ```cfg services all ``` (services-systemctl)= #### Managing individual services To stop, start, or restart specific services, run one of the following from the shell instead: :::{list-table} :header-rows: 1 :widths: 40 60 * - Service - Function * - ```cfg sudo systemctl scrutinizer ``` - Start, stop, or restart all Scrutinizer services * - ```cfg sudo systemctl plixer_collector ``` - Start, stop, or restart all data collection and processing services * - ```cfg sudo systemctl plixer_webapp ``` - Start, stop, or restart all Scrutinizer UI and API-related services * - ```cfg sudo systemctl plixer_db ``` - Start, stop, or restart all database, connection pooling, and caching services * - ```cfg sudo systemctl replicator ``` - Start, stop, or restart all Replicator-related services when it is licensed to operate on the same machine as Scrutinizer ::: (cli-system)= ### system The `system` command is used to reboot or shut down the system. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg system ``` - Reboots or shuts down the system ::: (cli-version)= ### version The `version` command is used to show version information for Scrutinizer. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg version ``` - Shows version information for Scrutinizer ::: (cli-third-party)= ## Third-party integrations (cli-awssync)= ### awssync The `awssync` command can be used to sync IDs and descriptions from AWS when AWS flow log ingestion is enabled. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg awssync ``` - Syncs IDs and descriptions from AWS when AWS flow log ingestion is enabled ::: (cli-ciscoise)= ### ciscoise The `ciscoise` commands are used to manage Cisco Identity Services Engine (ISE) node integration in Scrutinizer. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg ciscoise add ``` - Adds a Cisco ISE node with the specified `IP_ADDRESS`, `TCP_PORT`, and `ISE_USER` (must have API access) to queue to acquire user identities for all active sessions *The `ISE_USER` password will also need to be entered after this command is run.* * - ```cfg ciscoise check ``` - Tests node polling and returns the results *This command can be used to verify that Scrutinizer is able to collect user identity information.* * - ```cfg ciscoise kick ``` - Kicks the `ISE_ID` off the ISE node at the specified `IP_ADDRESS` and optional `MAC_ADDRESS`, forcing re-authentication * - ```cfg ciscoise nodelist ``` - Returns a list of all Cisco ISE nodes currently configured * - ```cfg ciscoise poll ``` - Forces a poll of all Cisco ISE nodes and returns the results * - ```cfg ciscoise remove ``` - Removes the Cisco ISE node with the specified `IP_ADDRESS` from Scrutinizer * - ```cfg ciscoise update ``` - Updates the current configuration of the Cisco ISE node with the specified `IP_ADDRESS` to use the provided `TCP_PORT` and `ISE_USER` *The `ISE_USER` password will also need to be entered after this command is run.* ::: (cli-endace)= ### endace The `endace` commands are used to manage EndaceProbe for [Pivot2Packets (P2P) integration](third-endace). :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg endace add ``` - Enable integration with an EndaceProbe with the specified `IP_ADDRESS`, `PORT`, and Endace `USER:PASSWORD` *The default port used by an EndaceProbe is `443`.* * - ```cfg endace remove ``` - Remove the EndaceProbe with the specified `IP_ADDRESS` * - ```cfg endace update ``` - Update EndaceProbe integration settings with the specified `IP_ADDRESS`, `PORT`, and Endace `USER:PASSWORD` ::: ```{note} The above commands will only accept an IP address. Hostnames will not work. ``` ```{hint} - More than one EndaceProbe can be configured for P2P integration. All probes added will be available in a dropdown menu in the P2P search. - [Pivot2Vision integration](endace-pivots) can be configured to use a separate EndaceProbe (or probes) from the probe(s) added via the scrut_util CLI for P2P integration. ``` (cli-moloch)= ### moloch The `moloch` command is used to enable or disable integration for the Moloch probe using the specified `IP_ADDRESS` and `PORT`. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg moloch ``` - Enables or disables integration for the Moloch probe using the specified `IP_ADDRESS` and `PORT` ::: (cli-user-security)= ## User & security management (cli-rotate)= ### rotate The `rotate` commands are used to replace the keys and certificates used by Scrutinizer in its functions. ```{note} - These commands will alter Scrutinizer functionality and should be used with caution. - `rotatecerts` can only be run using direct shell/script syntax and not from the `SCRUTINIZER>` prompt (as shown below). ``` :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg rotatekeys ``` - Creates a new encryption key and re-encrypts all encrypted fields in the database * - ```cfg scrut_util --rotatecerts [--days ] [--reset] [--verbose] ``` - Regenerates all certificates on all nodes (including any Plixer ML Engine deployments) with an optional expiration date in the specified number of `DAYS` *If the `--reset` flag is included, the CA certificate on the primary reporter and the web server certificate will also be regenerated.* ::: (cli-unlock)= ### unlock The `unlock` command is used to unlock a locked `USER` account (due to [failed login attempts](a-settings-security)). If no authentication method is specified (`ldap`, `radius`, or `tacacs`) the account defaults to local authentication. :::{list-table} :header-rows: 1 :widths: 40 60 * - Command - Description * - ```cfg unlock [ldap|radius|tacacs] ``` - Unlocks a locked `USER` account (due to failed login attempts) :::