Command list

The following are the available top level commands:

Note

Each top level command may have several extended commands.

aws

Function

Manages AWS flow log integration with Plixer Scrutinizer

Syntax

  • aws sync - Synchronizes IDs and descriptions from AWS

check

Function

Returns information on the specified resource, setting, or fucntion

Syntax

  • check activeif - Checks for active flows

  • check collectorclass <class> <subsystem> - Logs the Collector’s running state

  • check data_last_written - Checks the activity of collected flow data written to the database

  • check database [db_name] [db_pass] - Checks the specified database for errors

  • check dist_info - Displays information on distributed Plixer Scrutinizer servers

  • check hdtest - Tests the performance of the hard drive

  • check heartbeat <database|api> - Checks heartbeat functions

  • check history_index - Checks the table activity every minute

  • check history_index_empty_tables - Lists empty tables

  • check history_index_orpans - Checks for tables that do not exist

  • check history_table_orphans - Lists tables without history_index entries

  • check interfaces [all|cisco|hauwei|sonicwall] [host_ip] - Uses alternative methods to retrieve interface descriptions

  • check license - Displays license details of the Plixer Scrutinizer server

  • check machine_id - Displays the current Machine ID of the Plixer Scrutinizer Server

  • check machine_id_list - Displays the historical, current, and possible Machine IDs of the Plixer Scrutinizer Server

  • check objects - Verifies that xcheck_hosts have corresponding rows in objects

  • check password rootdb - Verifies that the database root password matches the password in plixer.ini

  • check rollcall - Analyzes rollcall and the state of rollups per time bucket

  • check rollups - Lists rollups and their current state

  • check route [ip] - Checks the device specified to determine if Plixer Scrutinizer can access its routing data

  • check serverpref [serverpref] - Displays the current value of the specified serverpref

  • check simplercv [udp_port] - Checks if the specified UDP port receives UDP traffic

  • check snmp - Returns the SysObjectID for all devices

  • check ssl - Lists the current settings configured for SSL parameters

  • check stats_exporters - Lists statistical details related to time and Exporter activity

  • check task [id] - Checks the execution times and error codes for the specified task ID

  • check tuning - Checks for current system settings that can be modified to improve performance

  • check version - Checks to see if a newer version of Plixer Scrutinizer is available

ciscoise

Function

Manages CiscoISE Node integration with Plixer Scrutinizer

Syntax

  • ciscoise add [ise_ip] [ise_tcp_port] [ise_user] - Adds a CiscoISE Node to the queue to acquire user identity on all active sessions

  • ciscoise check - Tests polling and displays the results

  • ciscoise kick [ise_id] [mac_address] [user_ip] - Forcibly logs the specified user off the ISE Node and requires re-authentication

  • ciscoise nodelist - Lists all currently configured CiscoISE nodes

  • ciscoise poll - Executes a manual poll and displays the results

  • ciscoise remove [ise_ip] - Removes a CiscoISE Node from Plixer Scrutinizer

  • ciscoise test - Tests polling and displays the results

  • ciscoise update [ise_ip] [ise_tcp_port] [ise_user] - Updates current settings for the specified ISE Node

clean

Warning

These commands will purge data from Plixer Scrutinizer and should be used with caution.

Function

Executes Plixer Scrutinizer housekeeping tasks outside of their regularly scheduled run times

Syntax

  • clean all - Executes all Plixer Scrutinizer housekeeping processes that are configured to run at scheduled times

  • clean database - Deletes all temporary database entries

  • clean ifinfo - Deletes all entries in the ifinfo db table that do not have an entry in the activeif db table

  • clean old_logs - Deletes old log files that are set to the backup status

  • clean pcap - Deletes all pcap files from the Plixer Scrutinizer server

  • clean pcap [pcapfile] - Deletes the specified pcap file from the Plixer Scrutinizer server

  • clean tmp - Deletes all temporary files created by the graphing engine

collect

Function

Collects data that can be utilized by Plixer Scrutinizer on demand

Syntax

  • collect asa_acl - Collects ASA ACL information from Cisco ASA Devices

  • collect dbsize - Collects database size information

  • collect optionsummary - Processes flow option data collected by Plixer Scrutinizer

  • collect pcap [in_sec] [host] - Collects a packet capture on the interfaces of the Plixer Scrutinizer server

  • collect snmp - Collects SNMP data that is used during Plixer Scrutinizer’s operations

  • collect supportfiles - Collects various log files and server configuration data used by Plixer Technical Support for troubleshooting

  • collect topology - Polls SNMP-enabled devices (including non-Exporters) to collect data related to network topology

  • collect useridentity - Processes user identity data collected by Plixer Scrutinizer

convert

Warning

These commands will alter the database tables in Plixer Scrutinizer and should be used with caution.

Function

Converts all encrypted information stored in Plixer Scrutinizer to use AES 256 encryption

Syntax

  • converttoaes - Converts all encrypted information stored in Plixer Scrutinizer to use AES 256 encryption

delete

Warning

These commands will purge data from Plixer Scrutinizer and should be used with caution.

Function

Deletes database tables and/or database table entries

Syntax

  • delete history_index_empty_tables - Deletes empty tables

  • delete history_index_orphans - Deletes tables that do not exist

  • delete history_table_orphans - Deletes tables without history_index entries

  • delete orphans - Deletes all known orphan Alarms and Events

disable

Warning

These commands will alter Plixer Scrutinizer functionality and should be used with caution.

Function

Disables a specific Plixer Scrutinizer function or service

Syntax

  • disable ipv6 - Disables IPv6 in sysctl.conf for all interfaces

  • disable user [username] - Disables an account with scrut_util access on the Plixer Scrutinizer server

  • disable unresponsive - Disables pinging for unresponsive Exporters

  • disable hypervtools - Disables Hyper-V Integration Tools for a virtual appliance running on Hyper-V

  • disable vmwaretools - Disables vmwaretools for a virtual appliance running on VMware

enable

Warning

These commands will alter Plixer Scrutinizer functionality and should be used with caution.

Function

Enables a specific Plixer Scrutinizer function or service

Syntax

  • enable dbpool [pool_port] - Enables database connection pooling for PostgreSQL

  • enable ipv6 - Enables ipv6 in sysctl.conf for all interfaces

  • enable perl_support - Installs additional Perl packages to support custom scripting

  • enable user [username] [security_level] - Creates an account that has access to scrut_util with one of the following security levels:

    • 1 - Commands that stop data collection are disabled.

    • 2 - Commands remove/disable integrations and stop data collection are disabled.

    • 3 - Only commands to collect information about Plixer Scrutinizer and the operating system are enabled.

  • enable hypervtools - Enables Hyper-V Integration Tools for a virtual appliance running on Hyper-V

  • enable vmwaretools - Enables vmwaretools for a virtual appliance running on VMware

endace

Function

Manages EndaceProbe integration

Syntax

  • endace add [host_ip] [port] [endace_user] [endace_pass]

  • endace remove [host_ip]

  • endace update [host_ip] [port] [endace_user] [endace_pass]

For additional details on these commands, see this guide

expire

Warning

These commands will purge data from Plixer Scrutinizer and should be used with caution.

Function

Deletes expired historical data (based on the configured history retention settings)

Syntax

  • expire alarms - Purges expired Alarm history from the threatsoverview and fa_transports_violations tables based on 1 Min Avg flow history retention setting

  • expire bulletinboards - Purges expired Alarm bulletin board Events

  • expire dnscache - Purges expired DNS cache data

  • expire history <trim> - Purges expired flow data; if the trim argument is passed, purges older flow data to free up disk space

  • expire ifinfo - Purges old and outdated interface information

  • expire ifinactiveflows - Purges inactive interfaces (based on the Inactive Expiration setting) from interface views

  • expire orphans - Purges expired orphan Events

  • expire templates - Purges flow template metadata for templates that have not been observed for 30 days

export

Function

Exports data from Plixer Scrutinizer for external use

Syntax

  • export langtemplate [lang_name] - Exports the definition template for the specified language

  • export peaks_csv [file] [interval] [dir] [date_range] [group_id] - Exports a CSV file listing interfaces and peak values based on the criteria specified

import

Function

Runs various import commands to bring external sources of data into Plixer Scrutinizer

Syntax

  • import aclfile - Imports ACL information from the specified file

  • import applications [path/file] <reset> - Imports application rules from a CSV file

  • import asns [path/file] [delimiter] - Imports custom autonomous system number (ASN) definitions from a CSV file

  • import csv_to_gps [csv_file] [group_name/group_id] <create_new> [file_format] - Imports geographic location information of devices from a CSV file and uploads them to an existing Google map

  • import csv_to_membership [csv_file] [grouptype] [file_format] - Imports group definitions from a CSV file

  • import hostfile - Imports a custom hosts.txt file that contains a list of IP Addresses and hostnames

  • import ipgroups [path/file] <reset> - Imports ipgroup rules from a CSV file

moloch

Function

Manages integration with Moloch probes

Syntax

  • moloch <on|off> [moloch_ip] [moloch_port]

optimize

Warning

These commands will modify Plixer Scrutinizer database tables and should be used with caution.

Function

Runs various optimization processes

Syntax

  • optimize common - Optimizes tables that are commonly inserted and deleted

  • optimize database [db_name] [db_pass] - Optimizes the tables in the database specified

remove

Warning

These commands will alter Plixer Scrutinizer’s functions and should be used with caution.

Function

Removes a configured setting from the system

Syntax

  • remove address ipv6 - Removes any configured IPv6 address (requires an IPv4 address to be set first)

repair

Function

Runs various database checks and repair processes

Syntax

  • repair business_hour_saved_reports - Converts older saved reports with business hours specified to the newer format

  • repair database [db_name] [db_pass] - Repairs errors in the database specified

  • repair history_tables - Repairs history tables that have the wrong col type for octetdeltacount

  • repair policy_priority_order - Repairs duplicate policy IDs

  • repair range_starts - Repairs history tables that may not have a start time to help identify the range of data within them; should only be used when instructed by a Plixer Technical Support engineer

rotate

Warning

These commands will alter Plixer Scrutinizer’s functions and should be used with caution.

Function

Rotates Plixer Scrutinizer’s keys and certificates

Syntax

  • rotatekeys - Creates a new encryption key and re-encrypts all encrypted fields in the database

  • rotatecerts - Creates new database certificates used for authentication

services

Warning

These commands will alter Plixer Scrutinizer’s functions and should be used with caution.

Function

Manages Plixer Scrutinizer services

Syntax

  • services <service|all> <start|stop|restart> - Starts, stops, or restarts the specified service or all services

set

Function

Modifies certain behaviors related to authentication and general operation

Syntax

  • set columnmoniker [old_element] [new_element] [element_list] - Renames an information element

  • set dns - Modifies the system file to manage the list of DNS servers

  • set hostinfo [ip_address] [fqhn] - Sets the local machine name to the fully qualified host name provided

  • set httpd [port] - Changes the web port of non-SSL installs for the Plixer Scrutinizer WebUI

  • set myaddress [ip_address] [netmask] [gateway] - Changes the IPv4 address of the current Plixer Scrutinizer server

  • set myaddress [ipv6_address/cidr] [gateway] - Changes the IPv6 address of the current Plixer Scrutinizer server

  • set ntp - Modifies system file to manage the list of NTP servers

  • set partitions [partition_name] <extend> - Expands the operating system disk space for hardware and virtual appliances

  • set password plixer - Resets the CentOS plixer user’s password

  • set password webui [user] - Modifies the WebUI password for the specified user

  • set permissions - Resets file and directory permissions

  • set registercollector [collector_ip] [secondary] - Manually registers a Collector for use in a distributed environment

  • set reportmenu - Manually recreates the Reports menu

  • set salt [salt] - Sets a salt value to allow the users to mask certain machine characteristics from any license key generated

  • set selfregister <reset> - Manually registers the current Plixer Scrutinizer server to identify itself for both standalone and distributed functionality

  • set selfreporter - Promotes the current Plixer Scrutinizer server to the primary Reporter role in a distributed environment

  • set sshcollectorkeys - Generates a new SSH key pair, and distribute it to all active, registered machines

  • set serverpref <serverpref> <value> - Changes the value of the serverpref setting

  • set ssl <on|off> [ecc] - Enables or disables SSL support in Plixer Scrutinizer

  • set timezone [timezone] - Sets the server’s timezone

  • set tuning - Modifies certain Plixer Scrutinizer and OS settings in the plixer.exporters and plixer.serverprefs tables and the sysctl.conf, postgresql.conf, and plixer.ini

  • set voip <on|off> - Toggles the predefinition of VoIP port ranges on or off

  • set webui_timeout [seconds] - Resets the timeout for the web interface

  • set yum_proxy [host] [port] [user] - Removes any previously configured proxy servers

show

Function

Shows various details about the Plixer Scrutinizer server

Syntax

  • show alarms [filter] - Displays a list of Alarms sorted by timestamp (newest first)

  • show diskspace - Displays available storage

  • show dns - Displays a list of DNS servers currently used to resolve hostnames

  • show exporters [filter] - Displays a list of Exporters that are currently sending data to Plixer Scrutinizer based on the supplied filter

  • show extalarms [filter] - Displays a list of Alarms with extended JSON data sorted by timestamp (newest first)

  • show groups - Displays a list of device groups currently configured on the Plixer Scrutinizer server

  • show interfaces [filter] - Displays a list of interfaces that are currently sending data to Plixer Scrutinizer based on the supplied filter

  • show ipaddresses - Displays the current IP addresses on the Plixer Scrutinizer server

  • show metering [filter] - Displays a list of matching Exporter IP addresses and how each is metered (i.e. ingress and/or egress)

  • show ntp - Displays a list of NTP servers currently used to synchronize time

  • show partitions - Displays a list of partitions on the current Plixer Scrutinizer appliance

  • show pcaplist - Displays a list of all created pcap files and their sizes

  • show serverpref [filter] - Displays all serverpref elements matching the supplied filter and their current values

  • show task [name] - Displays a list of tasks currently configured in Plixer Scrutinizer

  • show timezone - Displays the current timezone of the Plixer Scrutinizer server

  • show tzlist [filter] - Displays a list of timezones matching the supplied filter

  • show unknowncolumns - Displays a list of Exporter information elements

  • show yum_proxy - Displays the currently configured yum proxy

Note

If the results returned by show are too long, type q to quit and return to the SCRUTINIZER> prompt.

snoop

Function

Listens for traffic at the interface level

Syntax

  • snoop interfaces [interface_name] - listens for interface traffic from the specified interface

  • snoop ipaddresses [ip_address] - lists for interface traffic from the specified IP address

system

Function

Performs system-level functions for Plixer Scrutinizer

Syntax

  • system <restart|shutdown> - Reboots or shuts down the system

unlock

Function

Unlocks accounts that have exceeded the configured maximum number of failed login attempts

Syntax

  • unlock [username] [auth_method] - Unlocks a locked account using the specified authorization protocol

upload

Function

Uploads files to assist with troubleshooting issues

Syntax

  • upload pcap [capturefile>] - Uploads the specified capture file collected by the collect pcap command

  • upload supportfiles - Uploads support files for troubleshooting purposes

version

Function

Displays the current version of Plixer Scrutinizer

Syntax

  • version - Shows the system’s current version information