Views:

A list of available CLI commands for managing the Virtual Network Sensor.

Connect to your hosted virtual machine or cloud environment and open the Virtual Network Sensor. To sign on, type admin for the user name and then type the password you specified in the TrendAI Vision One™ console. If your password does not work, try the default password Trend@I.
To view a list of tasks you can perform and enable administrative commands, run the enable command. Enabling administrative commands changes the command prompt from > to #.
To view basic information of the Virtual Network Sensor, such as network settings and service status, run the show command. For a list of available commands, type show ?.
The following tables list out the basic and administrative commands you can use to manage the Virtual Network Sensor.
  • Make sure you disable the Scroll Lock key on your keyboard when using HyperTerminal.
  • Arguments with angle brackets (< >) are required. Arguments with square brackets ([ ]) are optional.

Basic Commands

Command Syntax Description
enable
enable
Enable administrative commands
For details, see Administrative Commands.
exit
exit
Exit the CLI
help
help
Display the CLI syntax
show
show ?
Show a list of available commands
show hostname
 Show host name information
show interface <interface>
Show network interface information
<interface>: Name of NIC interface (for example, eth0)
show network management
Show network configuration
If the network is configured incorrectly, you can use the configure network primary ipv4.static command to reconfigure the settings.
show ntp
Show NTP information
show proxy
Show proxy information
show sshd
Show SSH status (enabled or disabled)
show system
Show the Company ID and disk information
If the head of the command line is #, execute the exit command first.
If no Company ID is shown, contact your support provider to obtain a registration token.
show thirdpartylicense
Show 3rd-party license information
show time
Show time and date information
show traffic
Show real time data traffic
show vision-one
Show the TrendAI Vision One™ server address and last time data was sent
show endpoint-info-enricher
Show the configuration of the endpoint information enricher, which looks up hostnames and tracks sessions to supplement endpoint information
show ncie geneve
Show the Generic Network Virtualization Encapsulation (Geneve) settings
Run the enable command to enable and perform administrative commands.

Administrative Commands

Command Syntax Description
configure
configure hostname <hostname>
Configure the host name
<hostname>: Host name or FQDN
configure network primary ipv4.static <ip> <submask> <gateway> <dns1> [dns2]
Configure static IPv4 network settings for the primary network interface
<ip>: IPv4 address of the network interface
<submask>: Submask of IPv4
<gateway>: Gateway router address
<dns1>: Primary DNS server address
[dns2]: Secondary DNS server address (optional)
configure network primary ipv4.dhcp
Configure IPv4 network settings to DHCP
configure ntp <ntp_addr>
Configure the NTP server
<ntp_addr>: FQDN or IPv4 address of the NTP server
configure password
Configure the administrator account password
configure proxy delete
Delete proxy settings
Proxy settings are now configured in Network Inventory. For more information, see Configure Virtual Network Sensor connections.
configure proxy set http <addr>
Configure the proxy server for the Virtual Network Sensor
<addr>: Proxy server address
<ADDRESS>:<PORT>: Proxy server IP address and port
<USER>:<PASSWORD>@<ADDRESS>:<PORT>: Account credentials with the proxy server IP address and port
Proxy settings are now configured in Network Inventory. For more information, see Configure Virtual Network Sensor connections.
configure ssh enable
Enable the SSH server
configure ssh disable
Disable the SSH server
configure time <HH:MI:SS> [YYYY-MM-DD]
Configure the time and date for the Virtual Network Sensor
<HH:MI:SS>: Time in hour, minute, and second format
[YYYY-MM-DD]: (Optional) Date in year, month, and day format
configure verify dns
Verify DNS server configuration
[domain]: Domain used to verify DNS server (default: www.trendmicro.com)
configure interface <interface_name>
Enter the interface configuration mode to set up a network interface of the Virtual Network Sensor
<interface_name>: Name of the network interface (for example, eth0)
For details about the available commands in the interface configuration mode, see Interface Configuration Mode Commands.
configure endpoint-info-enricher hostname-lookup <1/0>
Enable or disable hostname lookup, which adds the endpoint hostname that is missing from traffic data. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher hostname-lookup dns <1/0>
Enable or disable hostname lookup via DNS. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher hostname-lookup netbios <1/0>
Enable or disable hostname lookup via NetBIOS. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher session-tracking <1/0>
Enable or disable session tracking, which tracks all packets in a session over certain protocols to reconstruct the full session for analysis. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher session-tracking dhcp <1/0>
Enable or disable DHCP session tracking. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher session-tracking dhcpv6 <1/0>
Enable or disable DHCPv6 session tracking. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher session-tracking kerberos <1/0>
Enable or disable Kerberos session tracking. Use 1 to enable or 0 to disable.
configure endpoint-info-enricher session-tracking radius <1/0>
Enable or disable RADIUS session tracking. Use 1 to enable or 0 to disable.
configure ncie geneve enable
Enable the Generic Network Virtualization Encapsulation (Geneve) settings
configure ncie geneve disable
Disable the Generic Network Virtualization Encapsulation (Geneve) settings
connect
connect
Test connection to TrendAI Vision One™
exit
exit
Exit administrative commands
help
help
Display the CLI syntax
log
log coredump export
Generate a URL to download kernel core dump logs
log export [date_list]
Collect Virtual Network Sensor debugging data for troubleshooting
[date_list]: The log for a specific date list
log list-level
Display the log level of each component
log reset-level
Reset all log levels
log set-level <level> <indexes>
Set specific components to specific log levels
<level>: Target level (debug, info, warn, error, fatal, disable)
<indexes>: Target indexes (found in list-level)
ping
ping <address>
Check the connection to a specific address
Execute ping trendmicro.com to check the external network connection. If the ping fails, check the IP settings and firewall settings.
reboot
reboot
Restart Virtual Network Sensor immediately
register
register [registration_token]
Register Virtual Network Sensor to TrendAI Vision One™
You can execute the register <registration_token> command if your Company ID is empty initially, or the register command if your Company ID is displayed.
shutdown
shutdown
Shut down Virtual Network Sensor immediately
switch-connection-method
switch-connection-method [connection_token]
Restore Virtual Network Sensor connection with TrendAI Vision One™
[connection_token]: The connection token generated in the TrendAI Vision One™ console. For more details, see Restore an unhealthy Virtual Network Sensor connection.
Only use the command to restore a disconnected or unhealthy status. The command fails to execute if the Virtual Network Sensor is able to connect to TrendAI Vision One™.
troubleshoot
troubleshoot
Enable troubleshooting mode
See the Troubleshoot Mode Commands table for a list of available commands.
Run the enable command and then the configure interface command to enter and perform network interface configuration commands.

Network Interface Configuration Mode Commands

Command
Syntax
Description
ip-encap
ip-encap enable <IPv4_address>
Enable Encapsulated Remote Mirroring on a network interface and assign an IPv4 address to the network interface
<IPv4_address>: IPv4 address to be assigned to the network interface
Encapsulated Remote Mirroring allows Virtual Network Sensor to receive network traffic through a supported network interface.
Encapsulated Remote Mirroring is supported on data ports only.
ip-encap disable
Disable Encapsulated Remote Mirroring on the network interface
mtu
mtu <int>
Configure the Maximum Transmission Unit (MTU) for a network interface
<int>: A positive integer greater than 0
Run the enable command and then the troubleshoot command to enter and perform troubleshooting commands.

Troubleshoot Mode Commands

Command
Syntax
Description
network-services
network-services
Access the diagnostics page for network services
See the Network Services Commands table for a list of available commands.
network-traffic
network-traffic
Enable network traffic dump feature
See the Network Traffic Dump Commands table for a list of available commands.
iptuples
iptuples
Lists truncated IP tuple information on the AWS environment
An IP tuple or 5-tuple consists of five fields in the packet; information such as the source IP address, source port, destination IP address, destination port, and transport protocol.

Network Services Commands

Command
Syntax
Description
list
list
Display a list of services with related information
test
test <service>
Perform a test for the specified network service
<service>: The index number of the service you wish to test. Use the list command to retrieve the index number. For example type test 1 to test the service indexed as 1 on the list.
To test all listed services, type test all.

Network Traffic Dump Commands

Command
Syntax
Description
capture
capture <interface_name>
Start capturing network traffic from the specified interface
<interface_name>: The name of the network interface you want to capture traffic from. Can use the following inputs:
  • eth0: Interface Port 0
  • eth1: Interface Port 1
  • any: Capture from all data ports
export
export
Regenerate a URL to export packet capture archive
clean
clean
Delete all recorded packet capture files