Page tree
Skip to end of metadata
Go to start of metadata

Though spare in appearance, Lumeta's command-line interface (CLI) is a powerful tool with many of the same capabilities as Lumeta's GUI.  It also provides some functionality that is not yet available in Lumeta's GUI. This section introduces the basic CLI syntax and provides the procedures you are most likely to use. 

Downloading Log Bundles for Support

Downloads Lumeta's current configuration and a running list of all Lumeta system activity for use in troubleshooting.

support diagnostics [spool] [db] user@host:path/to/file.zip
(spool and db keywords are optional)

OS Auditing

In CLI, enable auditing by entering system audit enable twice

By running the command twice, you will produce complete audit output and avoid a known error in which some lines of audit output are missing. 

Enabling Netflow Capture

To enable NetFlow capture from the Lumeta command-line interface:

  1. Log in to the CLI.
  2. At the command-line prompt, enter support service packetcapture start.
  3. Exit the CLI.

Retrieving Your System's  UUID

The hardware-id command is useful as it displays the information you'll need to supply Lumeta Support to generate a license.  You can also access your UUID via the
Lumeta GUI.

  1. Log in to the CLI.
  2. At the command-line prompt, enter system hardware-id
    The hardware ID displays.

Installing and Activating a License

The certificate Lumeta command in the Lumeta CLI enables you to activate a license or find out the activation date of your current license. Licenses, however, are more frequently activated via the Lumeta browser interface.

If a command requires a file upload, you have two choices. You can put the file on an SSH server or you can use an SFTP tool like psftp or FileZilla to copy the file to Lumeta first.  

If the file is on an SSH server, then you can refer to it with this syntax: userid@sshserver:/path/to/file. For example if the file is on a server called xenon and you have an account on xenon with the name alice and the file is in your home directory and called license.p12, you can use "alice@xenon:/home/alice/license.p12".

certificate Lumeta install alice@xenon:/home/alice/license.p12  

If the file is not on an SSH server, then use SFTP and your Lumeta credentials to copy the file to Lumeta's /tmp directory. Then you would use this syntax:

certificate Lumeta install /tmp/license.p12
  1. Log in to the CLI.
  2. If you have a term license,  type certificate lumeta install <loginname@IPaddress:/directory/license_filename> at the command prompt and press Enter (e.g, certificate Lumeta install junebug@10.246.246.159:/users/junebug/Downloads/license.p12.)
  3. The license installs and you are returned to the command prompt.
  4. Copy-paste the UUID to an email message and send it to one of our support teams:
    1. If you have a free-trial copy of lumeta, send your UUID to trial_support@lumeta.com.
    2. Otherwise, send your UUID to support@lumeta.com.
      In response, Lumeta Support will send you a message containing your license key.
  5. Put the license file you receive from Lumeta in a location that can be accessed by SSH. 

The following illustrates the syntax to install an Lumeta license via the CLI. 

  1. Provide the location of your license file.  In the following screen capture, admin is the username, Lumeta-command-center:Desktop/ is the location of the license file, and license.p12 is the filename of the license. For example:
    1. certificate lumeta install admin@10.9.0.240:Desktop/license.p12
  2. Type yes when prompted to continue. 
    The license file loads and a confirmation message displays.

Enable/Disable Data Retention Policy

  • At the CLI command-line prompt, enter system device-persistence-policy for the status.
  • At the CLI command-line prompt, enter system device-persistence-policy enable to turn it on.
  • At the CLI command-line prompt, enter system device-persistence-policy disable to turn it off

Connecting & Disconnecting the Portal, Command Centers and Scouts

ON CC, SCOUT OR PORTAL
At the
CLI command-line prompt , enter lumeta list to review the list of Scout and Command Center system names.

ON CC:
lumeta connect portaportal_name_or_ip portal cc_lat cc_long cc_label [user@host:path/to/cc_icon/file.png ] ]
lumeta connect scout scout_name_or_ip
lumeta delete
 system name or IP


ON SCOUT:
lumeta connect command-center cc_name_or_ip { command-center | scout } (where final parameter is the connection initiator)
lumeta delete system name or IP


ON PORTAL:
When you connect a command center and portal, supply location information for the Command Center and optionally enter a label and icon (avatar).

lumeta connect command-center cc_name_or_ip { portalcommand-center }
 (where the final parameter is the connection initiator)
lumeta delete
 system name or IP

Upgrading via CLI

To upgrade to a new version of Lumeta, or to upgrade your Scouts, use the System Upgrade command, the syntax of which is user@host:path/to/local/file

      • At the CLI command-line prompt, enter system upgrade <user@host:path/to/local/file>
      • At the CLI command-line prompt, enter system upgrade admin@10.9.0.240:Desktop/upgrade5443.tgz
        Open the file you receive to execute the upgrade.

Identifying Your Installed Version

 The system version Lumeta command is especially useful when working with Support to Identify your release. 

Installing Self-Signed Certificates

If a company uses its own certificates, they'll need to make use of the certificate ssl install command:
certificate ssl install friendlyName admin@10.9.0.240:Desktop/copyCert.pem


Identifying Your System ID

To retrieve the full name of a Scout such as spectre32Scout:eth1, which is useful if you don't remember the full name, or want to see the IP address of your system, enter . . .

  1. system interface list
  2. Press the Tab key.
    The system name and interface ID displays.

Enable/Disable BGP


  1. collector bgp <collector name> enabled [ true | false ] 
  2. collector bgp <collector name> peer new <ipaddr> [ enable | disable ] <password> <remote AS> 
  3. collector bgp <collector name> peer delete <ipaddr>

Certificate Commands

View the Subject, Issuer, Start date, End date, CRL and OCSP URIs and serial numbers for the installed CA and server certificates using these commands:

  1. certificate crl view
  2. certificate ca view
  3. certificate server view
  4. certificate ocsp respondercert view
  5. authorization pki user view userid

Exporting Support Diagnostics

To run the /api/rest/management/system/diagnostic/export API, use the CLI command: support diagnostics file

This command will return a zip file containing:

  • system configuration (same as configuration export command)
  • contents of /var/log
  • system "specs" file (name, uuid, Lumeta version, os version, interface config)

Adding a Superuser

Only a superuser can add or remove another user's superuser status. Multiple superusers are allowed. The last one cannot be deleted.

user superuser <userid> [ true | false ]

Exporting the System Configuration

This command (system configuration export) exports all configuration data to a remote file. To export the configuration and save the file remotely, run:
system configuration export username@hostname:<path to file>

Importing a System Configuration

This command (system configuration import) imports configuration data from a file you've stored locally. To import configuration from the local system, run:
system configuration import <path to file>

Using Special Characters in Names

Most symbols can be entered without any special quoting. If you want to include spaces or double quotes as part of a name, however, care must be taken. To use double quotes, enclose the entire string in double quotes and put a backslash in front of each double quote you wish to be part of the name:

  • admin@cc> collector new "before\"after" Zone1 cc:eth0
  •  admin@cc> collector list
  •  before"after
To use spaces, you have two choices. Either use a backslash before each space, or enclose the entire name in double quotes:
  • admin@cc> collector new with\ space Zone1 cc:eth0
  • admin@cc> collector new "two words" Zone1 cc:eth0
  • admin@cc> collector list
  • two words
  • with space
The above is true for passwords, zone names, and organization names and, with the exception of user names, anywhere you enter a free-form string. User names cannot have special characters.

Enforce Password Rules

To enforce password rules,

  1. Log in to the CLI.
  2. Run the command "system password-controls enable"
  3. Exit the CLI.

Managing a Zone-level Avoid List

"zone discoveryspaces <zonename> avoid [ + | - | = ] command-line <cidr> [ <cidr>...]"
"zone discoveryspaces <zonename> avoid [ + | - | = ] remote <user@host:path/to/file>"

+ for adding
- for deleting
= for replacing



  • No labels