Page tree
Skip to end of metadata
Go to start of metadata

Though spare in appearance, Asset Manager's command-line interface (CLI) is a powerful tool with many of the same capabilities as Asset Manager's GUI.  It also provides some functionality not yet available in the GUI. This section introduces the basic CLI syntax and provides the procedures you are most likely to use. 

Downloading Log Bundles for Support

Downloads Asset Manager's current configuration and a running list of all system activity for troubleshooting.

support diagnostics [spool] [db] user@host:path/to/
(spool and db keywords are optional)

OS Auditing

In CLI, enable auditing by entering system audit enable twice

By running the command twice, you will produce complete audit output and avoid a known error in which some lines of audit output are missing. 

Enabling NetFlow Capture

To enable NetFlow capture from the command-line interface:

  1. Log in to the CLI.
  2. At the command-line prompt, enter support service packetcapture start.
  3. Exit the CLI.

Retrieving Your System's  UUID

The hardware-id command is useful as it displays the information you'll need to supply Support to generate a license.  You can also access your UUID via the GUI.

  1. Log in to the CLI.
  2. At the command-line prompt, enter system hardware-id
    The hardware ID displays.

Installing and Activating a License

The certificate license command in the Asset Manager CLI enables you to activate a license or find out the activation date of your current license. Licenses, however, are more frequently activated via the browser interface.

If a command requires a file upload, you have two choices. You can put the file on an SSH server or you can use an SFTP tool like PSFTP or FileZilla to copy the file to Asset Manager first.  

If the file is on an SSH server, then you can refer to it with this syntax: userid@sshserver:/path/to/file. For example if the file is on a server named "xenon" and you have an account on xenon with the name "alice" and the file is in your home directory and named "license.p12", you can use "alice@xenon:/home/alice/license.p12".

certificate Lumeta install alice@xenon:/home/alice/license.p12  

If the file is not on an SSH server, then use SFTP and your Lumeta credentials to copy the file to Asset Manager's /tmp directory. Then you would use this syntax:

certificate connections install /tmp/license.p12
  1. Log in to the CLI.
  2. If you have a term license,  type certificate license install <loginname@IPaddress:/directory/license_filename> at the command prompt and press Enter (e.g, certificate Asset Manager install junebug@
  3. The license installs and you are returned to the command prompt.
  4. Copy-paste the UUID to an email message and send it to our support team at In response, Support will send you a message containing your license key.
  5. Put the license file you receive from Support in a location that can be accessed by SSH. 

The following illustrates the syntax to install an Lumeta license via the CLI. 

  1. Provide the location of your license file.  In the following screen capture, admin is the username, connections-command-center:Desktop/ is the location of the license file, and license.p12 is the filename of the license. For example:
    1. certificate license install admin@
  2. Type yes when prompted to continue. 
    The license file loads and a confirmation message displays.

Enable/Disable Data Retention Policy

  • At the CLI command-line prompt, enter system device-persistence-policy for the status.
  • At the CLI command-line prompt, enter system device-persistence-policy enable to turn it on.
  • At the CLI command-line prompt, enter system device-persistence-policy disable to turn it off

Connecting & Disconnecting the Portal, Command Centers and Scouts

At the
CLI command-line prompt , enter connections list to review the list of Scout and Command Center system names.

connections connect portaportal_name_or_ip portal cc_lat cc_long cc_label [user@host:path/to/cc_icon/file.png ] ]
connections connect scout scout_name_or_ip
connections delete
 system name or IP

connections connect command-center cc_name_or_ip { command-center | scout } (where final parameter is the connection initiator)
connections delete system name or IP

When you connect a command center and portal, supply location information for the Command Center and optionally enter a label and icon (avatar).

connections connect command-center cc_name_or_ip { portalcommand-center }
 (where the final parameter is the connection initiator)
connections delete
 system name or IP

Upgrading via CLI

To upgrade to a new version of Lumeta, or to upgrade your Scouts, use the System Upgrade command, the syntax of which is user@host:path/to/local/file

      • At the CLI command-line prompt, enter system upgrade <user@host:path/to/local/file>
      • At the CLI command-line prompt, enter system upgrade admin@
        Open the file you receive to execute the upgrade.

Identifying Your Installed Version

 The system version connections command is especially useful when working with Support to Identify your release. 

Installing Self-Signed Certificates

If a company uses its own certificates, they'll need to make use of the certificate ssl install command:
certificate ssl install friendlyName admin@

Identifying Your System ID

To retrieve the full name of a Scout, which is useful if you don't remember the full name, or want to see the IP address of your system, enter . . .

  1. system interface list
  2. Press the Tab key.
    The system name and interface ID displays.

Enable/Disable BGP

  1. collector bgp <collector name> enabled [ true | false ] 
  2. collector bgp <collector name> peer new <ipaddr> [ enable | disable ] <password> <remote AS> 
  3. collector bgp <collector name> peer delete <ipaddr>

Certificate Commands

View the Subject, Issuer, Start date, End date, CRL and OCSP URIs and serial numbers for the installed CA and server certificates using these commands:

  1. certificate crl view
  2. certificate ca view
  3. certificate server view
  4. certificate ocsp respondercert view
  5. authorization pki user view userid

Exporting Support Diagnostics

To run the /api/rest/management/system/diagnostic/export API, use the CLI command: support diagnostics file

This command will return a zip file containing:

  • system configuration (same as configuration export command)
  • contents of /var/log
  • system "specs" file (name, uuid, Lumeta version, os version, interface config)

Adding a Superuser

Only a superuser can add or remove another user's superuser status. Multiple superusers are allowed. The last one cannot be deleted.

user superuser <userid> [ true | false ]

Exporting the System Configuration

This command (system configuration export) exports all configuration data to a remote file. To export the configuration and save the file remotely, run:
system configuration export username@hostname:<path to file>

Importing a System Configuration

This command (system configuration import) imports configuration data from a file you've stored locally. To import configuration from the local system, run:
system configuration import <path to file>

Using Special Characters in Names

Most symbols can be entered without any special quoting. If you want to include spaces or double quotes as part of a name, however, care must be taken. To use double quotes, enclose the entire string in double quotes and put a backslash in front of each double quote you wish to be part of the name:

  • admin@cc> collector new "before\"after" Zone1 cc:eth0
  •  admin@cc> collector list
  •  before"after
To use spaces, you have two choices. Either use a backslash before each space, or enclose the entire name in double quotes:
  • admin@cc> collector new with\ space Zone1 cc:eth0
  • admin@cc> collector new "two words" Zone1 cc:eth0
  • admin@cc> collector list
  • two words
  • with space
The above is true for passwords, zone names, and organization names and, with the exception of user names, anywhere you enter a free-form string. User names cannot have special characters.

Enforce Password Rules

To enforce password rules,

  1. Log in to the CLI.
  2. Run the command "system password-controls enable"
  3. Exit the CLI.

Managing a Zone-level Avoid List

"zone discoveryspaces <zonename> avoid [ + | - | = ] command-line <cidr> [ <cidr>...]"
"zone discoveryspaces <zonename> avoid [ + | - | = ] remote <user@host:path/to/file>"

+ for adding
- for deleting
= for replacing

  • No labels