Using the command console
If you are a Global Administrator, you can perform certain Security Console operations using the command console. You can see real-time diagnostics and a behind-the-scenes view of the application when you use this tool.
You can type help to see a list of all available commands and their descriptions. For more detailed information, see Available commands.
Accessing the command console
Global Administrators have access to the Security Console to perform administrative functions. For a list of commands, see Available commands.
Accessing the command console in Windows
- Click the Administration tab in the Security Console Web interface. The Security Console displays the Administration page.
- Click the link to Run console commands, which is displayed with the Troubleshooting item. The command console page appears with a box for entering commands.
- Enter a command.
- Click Execute.
Accessing the command console in Linux
To use the Security Console Web interface in Linux:
- Start a console screen session if one is not already in progress. If the host is remote, use SSH to log on first.
- Type commands and click ENTER.
If you are running the Security Console on an Appliance, you can perform all operations using the Appliance’s LCD or via the Security Console Web interface.
For more information on using the Appliance LCD, see the installation and quick-start guide, which you can download from the Support page of Help.
Available commands
A list of available commands follows. Text in square brackets contain optional parameters, as explained in the action descriptions. Text in arrow brackets contain variables.
Command | Action |
---|---|
activate <license-key> | Activate the application with a license key. |
database diagnostics | Check the database for inconsistencies, such as partially deleted sites or missing synopsis data, which can affect counts of assets, sites, asset groups, scans, or nodes as displayed in the Web interface. |
[show] diag[nostics] | Display diagnostic information about the Security Console. |
exit | Stop the Security Console service. |
garbagecollect | Start the garbage collector, a Java application that frees up drive space no longer used to store data objects. |
get property [ | View the value assigned to a parameter associated with the Scan Engine. Example: |
heap dump | “Dump” or list all the data and memory addresses “piled up” by the Java garbage collector. The dump file is saved as heap.hprof in the nsc directory. |
help | Display all available commands. |
license request from-email-address [mail-relay-server] | E-mail a request for a new license. The email-address parameter is your address as the requestor. The optional |
log rotate | Compress and save the nsc.log file and then create a new log. |
ping | Ping the specified host using an ICNMP ECHO request, ICP ACK packet, and TCP SYN packet. The default TCP port is 80. |
quit | Stop the Security Console service. |
restart | Stop the Security Console service and then start it again. |
log list | List all logging configuration properties. |
log set [<name>] <value> | Set a logging configuration property to a specified value. Omit the |
log reset [<name>] | Reset a logging configuration property to its default value. Omit the |
[show] | Display the currently scheduled jobs for scans, auto-update retriever, temporal risk score updater, and log rotation. |
show host | Display information about the Security Console host, including its name, address, hardware configuration, and Java Virtual Machine (JVM) version. The command also returns a summary of disk space used by the installation with respect to the database, scans, reports, and backups. |
show licenses | Display information about all licenses currently in use. Multiple licenses may operate at once. |
show locked accounts | List all user accounts locked out by the Security Console. The application can lock out a user who attempts too many logons with an incorrect password. |
show mem | List statistics about memory use. |
[send] support [from-email-address] [mail-relay-server] | Send logs generated by the Security Console and Scan Engine(s) for troubleshooting support. By default, the application sends the request to a log server via HTTPS. Alternatively, you can e-mail the request by specifying a sender's e-mail address or outbound mail relay server. You also can type a brief message with the e-mail request. When you execute the command, the Security Console displays a scrolling list of log data, including scheduled scans, auto-updates, and diagnostics. |
[show] threads | Display the list of active threads in use. |
traceroute host-address | Determine the IP address route between your local host and the host name or IP address that you specify in the command. When you execute this command, the Security Console displays a list of IP addresses for all “stops” or devices on the given route. |
unlock account | Unlock the user account named in the command. |
update engines | Send pending updates to all defined Scan Engines. |