cli command reference guide - juniper networkstypeahostnamewhen prompted;donotinclude...
TRANSCRIPT
CLI Command Reference Guide
Modified: 2019-03-13
Copyright © 2019, Juniper Networks, Inc.
Juniper Networks, Inc.1133 Innovation WaySunnyvale, California 94089USA408-745-2000www.juniper.net
Juniper Networks, the Juniper Networks logo, Juniper, and Junos are registered trademarks of Juniper Networks, Inc. in the United Statesand other countries. All other trademarks, service marks, registered marks, or registered service marks are the property of their respectiveowners.
Juniper Networks assumes no responsibility for any inaccuracies in this document. Juniper Networks reserves the right to change, modify,transfer, or otherwise revise this publication without notice.
CLI Command Reference GuideCopyright © 2019 Juniper Networks, Inc. All rights reserved.
The information in this document is current as of the date on the title page.
YEAR 2000 NOTICE
Juniper Networks hardware and software products are Year 2000 compliant. Junos OS has no known time-related limitations through theyear 2038. However, the NTP application is known to have some difficulty in the year 2036.
ENDUSER LICENSE AGREEMENT
The Juniper Networks product that is the subject of this technical documentation consists of (or is intended for use with) Juniper Networkssoftware. Use of such software is subject to the terms and conditions of the End User License Agreement (“EULA”) posted athttps://support.juniper.net/support/eula/. By downloading, installing or using such software, you agree to the terms and conditions ofthat EULA.
Copyright © 2019, Juniper Networks, Inc.ii
Table of Contents
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation and Release Notes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Documentation Feedback . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Requesting Technical Support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Self-Help Online Tools and Resources . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Creating a Service Request with JTAC . . . . . . . . . . . . . . . . . . . . . . . . . . . . xv
Chapter 1 CLI Command Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
About This Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Organization . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Related Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Accessing the CLI . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Hardware Appliance CLI Access via Keyboard and Monitor . . . . . . . . . . . 19
Configuration Wizard Command Prompt Progressions . . . . . . . . . . . . . . . . . 20
Hardware, Software and Virtual Appliance Access via SSH . . . . . . . . . . 22
CLI Help and Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
SPECIAL CHARACTER REQUIREMENT . . . . . . . . . . . . . . . . . . . . . . . . . . 24
CLI Modes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
All-in-One CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Basic Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
CM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Core Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Server Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
Collector Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
All-in-One CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
iiiCopyright © 2019, Juniper Networks, Inc.
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
set honeypot (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
set traffic-monitoring (for JATP700 Appliances only) (collector
mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
set traffic-filter (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
set protocols (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
set proxy (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
set ip interface (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
set system-alert (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Configuration Wizard for the All-in-One Server . . . . . . . . . . . . . . . . . . . . . . . . 51
Core/CM Server CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
Basic Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 52
CM Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Core Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Server Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
CoreCM CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
set (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
set system-alert (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Copyright © 2019, Juniper Networks, Inc.iv
CLI Command Reference Guide
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 67
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Configuration Wizard for the CoreCM Server . . . . . . . . . . . . . . . . . . . . . . . . . . 74
Mac OS X Engine CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 75
Basic Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Core Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Server Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 76
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 77
Mac OS X Detection Engine CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . 77
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
histroy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
show (core mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Configuration Wizard Command Prompt Responses . . . . . . . . . . . . . . . . . . . 93
Traffic Collector CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Basic Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Collector Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 95
Diagnosis Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
Server Mode Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 96
vCopyright © 2019, Juniper Networks, Inc.
Table of Contents
Traffic Collector CLI Commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
set proxy (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
set honeypot (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
set (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
set protocols (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
set (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
set appliance-type (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
set traffic-filter (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector
mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
show (server mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Configuration Wizard Command Prompt Progressions . . . . . . . . . . . . . . . . . 116
Glossary of Terms . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 118
Copyright © 2019, Juniper Networks, Inc.vi
CLI Command Reference Guide
List of Tables
About the Documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
Table 1: Notice Icons . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Table 2: Text and Syntax Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Chapter 1 CLI Command Reference Guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Table 3: Table 4-1 Typographical Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18
Table 4: Table 1-1 Keyboard Shortcuts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
Table 5: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 28
Table 6: cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 7: collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 29
Table 8: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Table 9: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 30
Table 10: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Table 11: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31
Table 12: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
Table 13: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 14: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33
Table 15: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Table 16: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
Table 17: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table 18: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 35
Table 19: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 36
Table 20: set honeypot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Table 21: set traffic-monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
Table 22: set traffic-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Table 23: set protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
Table 24: set proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
Table 25: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40
Table 26: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 27: set ip interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41
Table 28: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Table 29: set system-alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Table 30: setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 44
Table 31: show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 45
Table 32: show (collector mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 46
Table 33: show (diagnosis mode) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
Table 34: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
Table 35: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 36: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 49
Table 37: updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
Table 38: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 50
viiCopyright © 2019, Juniper Networks, Inc.
Table 39: Configuration Wizard for All-in-One Server . . . . . . . . . . . . . . . . . . . . . . . 51
Table 40: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Table 41: cm . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 55
Table 42: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Table 43: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 56
Table 44: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Table 45: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 57
Table 46: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 47: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 58
Table 48: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 49: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 59
Table 50: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Table 51: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
Table 52: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 61
Table 53: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 54: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 55: set system-alert . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 62
Table 56: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
Table 57: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 64
Table 58: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 65
Table 59: setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Table 60: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 66
Table 61: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 68
Table 62: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 71
Table 63: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Table 64: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 72
Table 65: updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 66: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 73
Table 67: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Table 68: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 78
Table 69: core . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Table 70: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 79
Table 71: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Table 72: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 80
Table 73: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 81
Table 74: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Table 75: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 82
Table 76: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Table 77: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 83
Table 78: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Table 79: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 84
Table 80: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 85
Table 81: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 82: setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 87
Table 83: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 88
Table 84: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
Table 85: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Table 86: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 91
Table 87: updateimage . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 92
Copyright © 2019, Juniper Networks, Inc.viii
CLI Command Reference Guide
Table 88: upgrade . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Table 89: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 93
Table 90: capture-start . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 97
Table 91: collector . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Table 92: copy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 98
Table 93: diagnosis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Table 94: exit . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 99
Table 95: gssreport . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 96: help . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 100
Table 97: history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 101
Table 98: ifrestart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Table 99: ping . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 102
Table 100: reboot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 101: restart . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 102: server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 103
Table 103: set proxy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 104
Table 104: set honeypot . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 105
Table 105: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Table 106: set protocols . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 106
Table 107: set . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 107
Table 108: set appliance-type . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 108
Table 109: set traffic-filter . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 109
Table 110: set traffic-monitoring . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Table 111: setupcheck . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
Table 112: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
Table 113: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 112
Table 114: show . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 113
Table 115: shutdown . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Table 116: traceroute . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 115
Table 117: wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
Table 118: Configuration Wizard . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 116
ixCopyright © 2019, Juniper Networks, Inc.
List of Tables
Copyright © 2019, Juniper Networks, Inc.x
CLI Command Reference Guide
About the Documentation
• Documentation and Release Notes on page xi
• Documentation Conventions on page xi
• Documentation Feedback on page xiii
• Requesting Technical Support on page xiv
Documentation and Release Notes
To obtain the most current version of all Juniper Networks®
technical documentation,
see the product documentation page on the Juniper Networks website at
https://www.juniper.net/documentation/.
If the information in the latest release notes differs from the information in the
documentation, follow the product Release Notes.
Juniper Networks Books publishes books by Juniper Networks engineers and subject
matter experts. These books go beyond the technical documentation to explore the
nuances of network architecture, deployment, and administration. The current list can
be viewed at https://www.juniper.net/books.
Documentation Conventions
Table 1 on page xii defines notice icons used in this guide.
xiCopyright © 2019, Juniper Networks, Inc.
Table 1: Notice Icons
DescriptionMeaningIcon
Indicates important features or instructions.Informational note
Indicates a situation that might result in loss of data or hardware damage.Caution
Alerts you to the risk of personal injury or death.Warning
Alerts you to the risk of personal injury from a laser.Laser warning
Indicates helpful information.Tip
Alerts you to a recommended use or implementation.Best practice
Table 2 on page xii defines the text and syntax conventions used in this guide.
Table 2: Text and Syntax Conventions
ExamplesDescriptionConvention
To enter configuration mode, type theconfigure command:
user@host> configure
Represents text that you type.Bold text like this
user@host> show chassis alarms
No alarms currently active
Represents output that appears on theterminal screen.
Fixed-width text like this
• A policy term is a named structurethat defines match conditions andactions.
• Junos OS CLI User Guide
• RFC 1997,BGPCommunities Attribute
• Introduces or emphasizes importantnew terms.
• Identifies guide names.
• Identifies RFC and Internet draft titles.
Italic text like this
Configure the machine’s domain name:
[edit]root@# set system domain-namedomain-name
Represents variables (options for whichyou substitute a value) in commands orconfiguration statements.
Italic text like this
Copyright © 2019, Juniper Networks, Inc.xii
CLI Command Reference Guide
Table 2: Text and Syntax Conventions (continued)
ExamplesDescriptionConvention
• To configure a stub area, include thestub statement at the [edit protocolsospf area area-id] hierarchy level.
• The console port is labeledCONSOLE.
Represents names of configurationstatements, commands, files, anddirectories; configuration hierarchy levels;or labels on routing platformcomponents.
Text like this
stub <default-metricmetric>;Encloses optional keywords or variables.< > (angle brackets)
broadcast | multicast
(string1 | string2 | string3)
Indicates a choice between the mutuallyexclusive keywords or variables on eitherside of the symbol. The set of choices isoften enclosed in parentheses for clarity.
| (pipe symbol)
rsvp { # Required for dynamicMPLS onlyIndicates a comment specified on thesame line as the configuration statementto which it applies.
# (pound sign)
community namemembers [community-ids ]
Encloses a variable for which you cansubstitute one or more values.
[ ] (square brackets)
[edit]routing-options {static {route default {nexthop address;retain;
}}
}
Identifies a level in the configurationhierarchy.
Indention and braces ( { } )
Identifies a leaf statement at aconfiguration hierarchy level.
; (semicolon)
GUI Conventions
• In the Logical Interfaces box, selectAll Interfaces.
• To cancel the configuration, clickCancel.
Represents graphical user interface (GUI)items you click or select.
Bold text like this
In the configuration editor hierarchy,select Protocols>Ospf.
Separates levels in a hierarchy of menuselections.
> (bold right angle bracket)
Documentation Feedback
We encourage you to provide feedback so that we can improve our documentation. You
can use either of the following methods:
• Online feedback system—Click TechLibrary Feedback, on the lower right of any page
on the Juniper Networks TechLibrary site, and do one of the following:
xiiiCopyright © 2019, Juniper Networks, Inc.
About the Documentation
• Click the thumbs-up icon if the information on the page was helpful to you.
• Click the thumbs-down icon if the information on the page was not helpful to you
or if you have suggestions for improvement, and use the pop-up form to provide
feedback.
• E-mail—Send your comments to [email protected]. Include the document
or topic name, URL or page number, and software version (if applicable).
Requesting Technical Support
Technical product support is available through the Juniper Networks Technical Assistance
Center (JTAC). If you are a customer with an active J-Care or Partner Support Service
support contract, or are covered under warranty, and need post-sales technical support,
you can access our tools and resources online or open a case with JTAC.
• JTAC policies—For a complete understanding of our JTAC procedures and policies,
review the JTAC User Guide located at
https://www.juniper.net/us/en/local/pdf/resource-guides/7100059-en.pdf.
• Product warranties—For product warranty information, visit
https://www.juniper.net/support/warranty/.
• JTAC hours of operation—The JTAC centers have resources available 24 hours a day,
7 days a week, 365 days a year.
Self-Help Online Tools and Resources
For quick and easy problem resolution, Juniper Networks has designed an online
self-service portal called the Customer Support Center (CSC) that provides you with the
following features:
• Find CSC offerings: https://www.juniper.net/customers/support/
• Search for known bugs: https://prsearch.juniper.net/
• Find product documentation: https://www.juniper.net/documentation/
• Find solutions and answer questions using our Knowledge Base: https://kb.juniper.net/
• Download the latest versions of software and review release notes:
https://www.juniper.net/customers/csc/software/
• Search technical bulletins for relevant hardware and software notifications:
https://kb.juniper.net/InfoCenter/
Copyright © 2019, Juniper Networks, Inc.xiv
CLI Command Reference Guide
• Join and participate in the Juniper Networks Community Forum:
https://www.juniper.net/company/communities/
• Create a service request online: https://myjuniper.juniper.net
To verify service entitlement by product serial number, use our Serial Number Entitlement
(SNE) Tool: https://entitlementsearch.juniper.net/entitlementsearch/
Creating a Service Request with JTAC
You can create a service request with JTAC on the Web or by telephone.
• Visit https://myjuniper.juniper.net.
• Call 1-888-314-JTAC (1-888-314-5822 toll-free in the USA, Canada, and Mexico).
For international or direct-dial options in countries without toll-free numbers, see
https://support.juniper.net/support/requesting-support/.
xvCopyright © 2019, Juniper Networks, Inc.
About the Documentation
Copyright © 2019, Juniper Networks, Inc.xvi
CLI Command Reference Guide
CHAPTER 1
CLI Command Reference Guide
• Preface on page 17
• Introduction on page 19
• All-in-One CLI Commands on page 25
• Core/CM Server CLI Commands on page 52
• Mac OS X Engine CLI Commands on page 75
• Traffic Collector CLI Commands on page 95
• Glossary of Terms on page 118
Preface
This preface contains the following sections:
• About This Guide on page 17
• Organization on page 17
• Typographical Conventions on page 18
• Related Documentation on page 18
About This Guide
This guide describes the commands that make up the command-line interface (CLI) of
the Juniper ATP Appliance.
This guide is intended for system administrators responsible for deploying, operating,
and maintaining the Juniper ATP Appliance.
Organization
This guide is organized as follows:
• “Introduction” on page 19—Includes an overview of CLI usage, CLI Modes and
information about how to access the Juniper ATP Appliance Command Line Interface.
• “All-in-One CLI Commands” on page 25—Provides information about system commands
for updating the product boot images, setting configurations, and defining system-level
settings for Collector and Detection Engine interfaces and network deployment services.
17Copyright © 2019, Juniper Networks, Inc.
• “Core/CM Server CLI Commands” on page 52—Provides information about commands
available to the Core and Central Manager for all hardware appliance, software
appliance, and virtual appliance models, including the commands used to manage
Detection Engines and Juniper ATP Appliance system configuration.
• “Mac OS X Engine CLI Commands” on page 75—Provides information about Mac Mini
Mac OS X Detection Engine-specific commands for configuration and status monitoring.
• “Traffic Collector CLI Commands” on page 95—Provides information about the Juniper
ATP Appliance Traffic Collector commands available for identifying, monitoring, and
configuring distributed Collector hardware, software and virtual appliances.
• “Glossary of Terms” on page 118—Provides a set Juniper ATP Appliance-specific as well
as cybersecurity industry terms and definitions.
Typographical Conventions
This guide uses the following typographical conventions for special terms and instructions.
Table 3: Table 4-1 Typographical Conventions
ExampleMeaningConvention
Enter the following command:
server set dns
Click Download IVP to perform endpointinfection verification.
Coding examples and text to be entered atthe command prompt
A left-mouse button click.
courier font
Click
Double-click the report name to open inthe integrated SIEM application.
A double-click of the left mouse button.Double-click
Right-click on the icon to view itsproperties.
A right mouse button click.Right-click
interfaces set stp <on | off >Option for selection of required parameterand/or value.
< | > (text in angle brackets; itemsseparated by the pipe symbols)
show device alarm [cpu_util | paging]Optional parameters and values, withselection options separated by the pipesymbol.
[ ] (text in square brackets)
or
[ | ] (text in square brackets, itemsseparated by pipe symbols)
Related Documentation
The following is a list of additional Juniper ATP Appliance documentation:
Copyright © 2019, Juniper Networks, Inc.18
CLI Command Reference Guide
• Juniper ATP Appliance Release Notes— Describes the latest release of the Juniper ATP
Appliance software.
• Juniper ATP Appliance Quick Start Guides— Quick Starts describe how to install and
initially configure a Juniper ATP Appliance; refer to the Quick Start for your device or
model.
• Juniper ATP Appliance Operator’s Guide— The Operator’s Guide describes usage of
all aspect of the Juniper ATP Appliance All-in-One or distributed defense system.
• Juniper ATP Appliance CEF/SYSLOG Support for SIEM — This guide provides
information about Juniper ATP Appliance CEF and Syslog Logging for SIEM.
• Juniper ATP Appliance Safety and Regulatory Guide—Contains conformance and safety
information for Juniper ATP Appliances.
• Juniper ATP Appliance HTTP API Reference Guide— Provides Juniper ATP Appliance
HTTP API functions and information about usage.
Introduction
This chapter explains how to use the Juniper ATP Appliance command line interface
(CLI) to configure and administer a Juniper ATP Appliance.
This chapter contains the following sections:
• Accessing the CLI on page 19
• Configuration Wizard Command Prompt Progressions on page 20
• CLI Help and Keyboard Shortcuts on page 22
• CLI Modes on page 24
Accessing the CLI
Hardware Appliance CLI Access via Keyboard andMonitor
1. Connect the end of the keyboard cable to any of the USB ports on the back panel of
the appliance.
2. Connect the end of the video monitor cable to the VGA port on the back panel of the
appliance.
3. At the CLI prompt, enter your username and password. By default, the admin user
name is admin and the password is 1JATP234.
Be sure to change the default password for the admin account after initial setup; the
password must be at least 8 characters in length.
4. To launch the configuration wizard, enter the command wizard.
19Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
ConfigurationWizard Command Prompt Progressions
NOTE: Enter CTRL-C to exit the ConfigurationWizard at any time. If you exitwithout completing the configuration, you will be prompted again whetherto run the ConfigurationWizard.
Youmay also rerun the ConfigurationWizard at any time with the CLIcommandwizard.
Customer Responsefrom Collector
Customer Response from Coreor Mac Mini
Customer Response fromAll-in-One
Configuration Wizard Prompts
We strongly discouragethe use of DHCPaddressing because itchanges dynamically. Astatic IP address ispreferred.
Recommended:
Respond with no:
a. Enter an IP address
b. Enter a netmaskusing the form255.255.255.0.
c. Enter a gateway IPaddress.
d. Enter the DNS serverIP address
e. If yes, enter the IPaddress of thesecondary DNSserver.
f. Enter yes if you wantDNS lookups to use aspecific domain.
g. Enter spacedomain(s) separatedby spaces; forexample:example.comlan.com dom2.com
Enter yes to restart withthe new configurationsettings applied.
We strongly discourage the useof DHCP addressing because itchanges dynamically. A staticIP address is preferred.
Recommended:
Respond with no:
a. Enter an IP address
b. Enter a netmask using theform 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IPaddress
e. If yes, enter the IP addressof the secondary DNSserver.
f. Enter yes if you want DNSlookups to use a specificdomain.
g. Enter space domain(s)separated by spaces; forexample: example.comlan.com dom2.com
Enter yes to restart with thenew configuration settingsapplied.
We strongly discourage the useof DHCP addressing because itchanges dynamically. A staticIP address is preferred.
Recommended:
Respond with no:
a. Enter an IP address
b. Enter a netmask using theform 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IPaddress
e. If yes, enter the IP addressof the secondary DNSserver.
f. Enter yes if you want DNSlookups to use a specificdomain.
g. Enter space domain(s)separated by spaces; forexample: example.comlan.com dom2.com
Enter yes to restart with thenew configuration settingsapplied.
Use DHCP to obtain the IPaddress and DNS server addressfor the administrative interface(Yes/No)?
NOTE: Only if your DHCPresponse is no,enter thefollowing information whenprompted:
a. IP address
b. Netmask
c. Enter a gateway IP addressfor this management(administrative) interface:
d. Enter primary DNS server IPaddress.
e. Do you have a secondaryDNS Server (Yes/No).
f. Do you want to enter thesearch domains?
g. Enter the search domain(separate multiple searchdomains by space):
Restart the administrativeinterface (Yes/No)?
Copyright © 2019, Juniper Networks, Inc.20
CLI Command Reference Guide
Type a hostname whenprompted; do not includethe domain; for example:
juniperatp1
Type a hostname whenprompted; do not include thedomain; for example:
juniperatp1
Type a hostname whenprompted; do not include thedomain; for example:
juniperatp1
Enter a valid hostname (enter aunique name)
NOTE: Only alpha-numericcharacters and hyphens (in themiddle of the hostname) areallowed.
[Traffic Collectors do notsend or receive Coreanalysis engine CnCnetwork traffic, so noeth2 interface isneeded.]
Refer to “Configuring anAlternate Analysis EngineInterface” in the Juniper ATPAppliance Operator’s Guide formore information.
Enter yes to configure analternate eth2 interface.
Enter the IP address for theeth2 interface.
Enter the eth2 netmask.
Enter the gateway IP address.
Enter the primary DNS serverIP Address for thealternate-exhaust (eth2)interface.
Enter yes or no to confirm ordeny an eth2 secondary DNSserver.
Enter yes or no to indicatewhether you want to entersearch domain.
Refer to “Configuring anAlternate Analysis EngineInterface” in the Juniper ATPAppliance Operator’s Guide formore information.
Enter yes to configure analternate eth2 interface.
Enter the IP address for theeth2 interface.
Enter the eth2 netmask.
Enter the gateway IP address.
Enter the primary DNS serverIP Address for thealternate-exhaust (eth2)interface.
Enter yes or no to confirm ordeny an eth2 secondary DNSserver.
Enter yes or no to indicatewhether you want to entersearch domain.
[OPTIONAL] If the systemdetects a Secondary Core withan eth3 port, then the alternateCnC exhaust option is displayed:
Use alternate-exhaust for theanalysis engine exhaust traffic(Yes/No)?
Enter IP address for thealternate-exhaust (eth2)interface:
Enter netmask for thealternate-exhaust (eth2)interface: (example:255.255.0.0)
Enter gateway IP Address forthe alternate-exhaust (eth2)interface: (example:10.6.0.1)
Enter primary DNS server IPAddress for thealternateexhaust (eth2)interface: (example: 8.8.8.8)
Do you have a secondary DNSserver for the alternate-exhaust(eth2) interface?
Do you want to enter the searchdomains for thealternateexhaust (eth2)interface?
NOTE: A complete networkinterface restart can take morethan 60 seconds
Not applicable toCollector.
Enter yes to create a new SSLcertificate for the Juniper ATPAppliance Server Web UI.
If you decline the selfsignedcertificate by entering no, beprepared to install a certificateauthority (CA) certificate.
Enter yes to create a new SSLcertificate for the Juniper ATPAppliance Server Web UI.
If you decline the selfsignedcertificate by entering no, beprepared to install a certificateauthority (CA) certificate.
Regenerate the SSL self-signedcertificate (Yes/No)?
21Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Enter Yes; the systemwill auto-set IP 127.0.0.1as the All-in- One IPaddress.
Enter the Juniper ATPAppliance Collector HostName; this identifies theCollector in the Web UI.
Enter a deviceDescription
Enter a user-definedPassPhrase to be usedto authenticate the Coreto the Central Manager.
Enter Yes; the system willauto-set IP 127.0.0.1 as theAll-in- One IP address.
Enter the Juniper ATPAppliance Collector HostName; this identifies theCollector in the Web UI.
Enter a device Description
Enter a user-definedPassPhrase to be used toauthenticate the Core to theCentral Manager.
Enter Yes; the system willauto-set IP 127.0.0.1 as theAll-in- One IP address.
Enter the Juniper ATPAppliance Collector HostName; this identifies theCollector in the Web UI.
Enter a device Description
Enter a user-definedPassPhrase to be used toauthenticate the Core to theCentral Manager.
Enter the following serverattributes:
Is this a Central Manager device:
Device Name: (must be unique)
Device Description
Device Key PassPhrase
NOTE: Remember thispassphrase and use it for alldistributed devices!
Hardware, Software and Virtual Appliance Access via SSH
To access the Juniper ATP Appliance CLI over the management network:
1. Start a terminal window session and use the ssh command to access the appliance.
For example, if the IP address of the appliance is 10.1.1.2, enter the following command:
xssh [email protected]
2. When prompted, enter your password. By default, the admin user name is admin and
the password is 1JATP234.
3. To launch the configuration wizard, enter the command wizard.
# wizard
See “Configuration Wizard Command Prompt Progressions” on page 20 for steps.
CLI Help and Keyboard Shortcuts
To display Juniper ATP Appliance CLI help, type the command help to display CLI keys
and auto-completion usage.
For context-sensitive help, alternatively, enter a “?” to display either a list of possible
command completions with summaries, or the full syntax of the current command. A
subsequent repeat of this key, when a command has been resolved, will display a detailed
reference, as described below.
• Enter “?” at the prompt to display a list of the available commands in the current mode.
• Enter “?” after you type a command to display its available options and parameters.
• Enter “?” after a partially typed keyword to display command matches for
auto-completions
Copyright © 2019, Juniper Networks, Inc.22
CLI Command Reference Guide
You can enter commands in abbreviated form if you enter enough characters to uniquely
identify each keyword. For example, the show interface command can be abbreviated
as:
sh in
To identify a command’s minimum abbreviation, type a few characters then press Tab.
When you have entered enough characters, the keyword is completed.
The following table outlines the available CLI shortcuts.
Table 4: Table 1-1 Keyboard Shortcuts
DescriptionShortcutAction
Completes a partial command duringtyping if enough characters are typed touniquely identify it.
Enter, Tab or Space KeyAuto-Completion
Retrieve previous command from CLIhistory.
Retrieve next command from CLI history.
Clear the screen or Redisplay the currentcommand line.
Ctrl+P or ↑
Ctrl+N or ↓
Ctrl+L or Ctrl+R
Recall
Delete character.
Delete character before cursor(Backspace).
Delete all characters from cursor to endof line.
Delete all characters or words on line.
Ctrl+D
Ctrl+H
Ctrl+K
Ctrl+U or Ctrl+W
Delete
Move cursor to start of line.
Move cursor back a single character.
Move cursor to end of line.
Move cursor forward a single character.
Ctrl+A
Ctrl+B
Ctrl+E
Ctrl+F
Cursor move
Transpose character at the cursor withpreceding character.
Ctrl+TCharacter Transpose
Interrupt presentation of the CLI output.Ctrl+CInterrupt output
Substitute the last command line!!Replace
Substitute the Nth command line(absolute as per 'history' command)
!N
Substitute the command line entered Nlines before (relative)
!-N
23Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 4: Table 1-1 Keyboard Shortcuts (continued)
Exit current mode or exit the CLI session.exitExit mode or logout
SPECIAL CHARACTER REQUIREMENT
You must enclose non-alphabet characters in double quotes in CLI commands; for
example:
Juniper ATP Appliance(server)# set passphrase “kfe$nd#$^S”
CLI Modes
The CLI commands that you can enter depend on your user privileges and the CLI
command mode. User roles are “admin” and “debugging.” The following table describes
the CLI command mode.
Note that the prompt in each mode includes the host name of the Juniper ATP Appliance.
How to ExitDescriptionMode
Enter exit to log out of theCLI.
Monitor system operation and issue basic system commands. This is thedefault login mode. The following prompt is displayed:
JATP#
Basic Mode
Enter exit to leave cmmode.
Monitor system history and upgrades from the Core or vCore in cm(Central Manager) mode.
JATP_Hostname# cm
JATP_Hostname (cm)# ?
CM Mode
Enter exit to leave servermode.
To access Core configuration mode in the Core/CM, All-in- One, and MacMini, enter “core” in Basic mode. The prompt changes to indicate themode in parentheses:
JATP_Hostname# core
JATP_Hostname (core)# ?
Core ConfigurationMode
Enter exit to leave servermode.
Configure the Juniper ATP Appliance Collector (includes all commands).To access Collector configuration mode, enter “collector” in Basic mode.The prompt changes to indicate the mode in parentheses:
JATP_Hostname# collector
JATP_Hostname (collector)# ?
Collector ConfigurationMode
Enter exit to leavediagnosis mode.
Check Initial Setup, Diagnose, Monitor, Set GSS, and Configure the JuniperATP Appliance (includes all commands). To access Diagnosis mode,enter “diagnosis” in Basic mode. The prompt changes to indicate themode in parentheses:
JATP_Hostname# diagnosis
JATP_Hostname (diagnosis)# ?
Diagnosis PacketCapture, Monitoring,GSS Reporting andConfiguration Mode
Copyright © 2019, Juniper Networks, Inc.24
CLI Command Reference Guide
Enter exit to leave servermode.
Set up and monitor the system (includes all Basic commands plusserver-specific commands). To access Server configuration mode, enter“server” in Basic mode. The prompt changes to indicate the mode inparentheses:
JATP-Hostname# server
JATP-Hostname (server)# ?
Server ConfigurationMode
Enter exit to leave wizardmode.
Configure the system during installation and setup the managementnetwork and connected Juniper ATP Appliance components. To accesswizard configuration mode, enter “wizard” in Basic mode. The promptchanges to indicate the mode in parentheses:
JATP-Hostname# wizard
JATP-Hostname (wizard)# ?
Wizard ConfigurationMode
See Also All-in-One CLI Commands on page 25•
All-in-One CLI Commands
This chapter describes the administration commands for a Juniper ATP Appliance
All-in-One server appliance, software appliance or virtual appliance.
These commands are used to configure the Juniper ATP Appliance All-in-One appliance,
manage configurations, and set system-level settings for interfaces, network services,
and SIEM integration.
NOTE: Youmust enclose non-alphabet characters in double quotes in CLIcommands.
• Basic Mode Commands on page 25
• CM Commands on page 26
• Core Mode Commands on page 26
• Server Mode Commands on page 26
• Collector Mode Commands on page 27
• Diagnosis Mode Commands on page 27
• All-in-One CLI Commands on page 27
• Configuration Wizard for the All-in-One Server on page 51
Basic Mode Commands
Use general system commands to configure the appliance, view appliance history, enter
other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:
25Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
• cm on page 29
• core on page 30
• collector on page 29
• diagnosis on page 31
• exit on page 31
• help on page 33
• history on page 33
• server on page 36
• wizard on page 50
Refer to the sections in this guide to review CM Mode, Collector Mode, Core Mode,
Diagnosis Mode, Server Mode and Wizard mode commands per device-- All-in-One,
CoreCM, Traffic Collector and Mac OS X Detection Engine on a Mac Mini.
CMCommands
• exit on page 31
• help on page 33
• history on page 33
• upgrade on page 49
CoreMode Commands
• exit on page 31
• help on page 33
• history on page 33
• show (core mode) on page 46
• updateimage on page 50
Server Mode Commands
• exit on page 31
• help on page 33
• history on page 33
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• [Unresolved xref]
Copyright © 2019, Juniper Networks, Inc.26
CLI Command Reference Guide
• set appliance-type (server mode) on page 41
• set system-alert (server mode) on page 44
• set (server mode) on page 42
• shutdown on page 48
• shutdown on page 48
• traceroute on page 49
Collector Mode Commands
• exit on page 31
• help on page 33
• history on page 33
• set honeypot (collector mode) on page 37
• set traffic-monitoring (for JATP700 Appliances only) (collector mode) on page 37
• set traffic-filter (collector mode) on page 38
• set protocols (collector mode) on page 38
• set proxy (collector mode) on page 39
• show (collector mode) on page 45
Diagnosis Mode Commands
• capture-start on page 28
• copy on page 30
• exit on page 31
• gssreport on page 32
• help on page 33
• history on page 33
• set (diagnosis mode) on page 40
• setupcheck on page 44
• show (diagnosis mode) on page 47
All-in-One CLI Commands
• capture-start on page 28
• cm on page 29
• collector on page 29
• copy on page 30
• core on page 30
27Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
• diagnosis on page 31
• exit on page 31
• gssreport on page 32
• help on page 33
• history on page 33
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• server on page 36
• set honeypot (collector mode) on page 37
• set traffic-monitoring (for JATP700 Appliances only) (collector mode) on page 37
• set traffic-filter (collector mode) on page 38
• set protocols (collector mode) on page 38
• set proxy (collector mode) on page 39
• set (diagnosis mode) on page 40
• set appliance-type (server mode) on page 41
• set ip interface (server mode) on page 41
• set (server mode) on page 42
• set system-alert (server mode) on page 44
• setupcheck on page 44
• show (collector mode) on page 45
• show (collector mode) on page 46
• show (core mode) on page 46
• show (diagnosis mode) on page 47
• shutdown on page 48
• traceroute on page 49
• upgrade on page 49
• updateimage on page 50
• wizard on page 50
capture-start
Table 5: capture-start
Starts packet capture as a means for diagnosing and debugging network trafficand obtaining stats.
See Also:“diagnosis”onpage31 [mode]; “collector”onpage29[mode];“copy”on page 30
Description
All-in-One | CollectorProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.28
CLI Command Reference Guide
Table 5: capture-start (continued)
DiagnosisMode(s)
capture-startSyntax
<interface_name><IP address>Parameters
NoneSub-Commands
The following example starts a packet capture process on interface eth1 for aTraffic Collector with IP address 8.8.8.8:
hostname # diagnosis
hostname (diagnosis)# capture-start eth1 8.8.8.8
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just ahost that the capture filters on.
Example
cm
Table 6: cm
Enters cm (Central Manager) mode.
See Also: basic [mode];
Description
All-in-One | CoreProduct(s) CLI
BasicMode(s)
cmSyntax
NoneParameters
exit | help | history | upgradeSub-Commands
The following command example enters cm configuration mode:
hostname # cm
hostname (cm)#
Example
collector
Table 7: collector
Enters the Collector configuration mode.
See Also: “server” on page 36[mode]
Description
All-in-One | CollectorProduct(s) CLI
BasicMode(s)
29Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 7: collector (continued)
collectorSyntax
NoneParameters
“exit” on page 31;“help” on page 33;“history” on page 33;“set (server mode)” onpage 42;“show (collector mode)” on page 45
Sub-Commands
The following example enters collector configuration mode:
hostname # collector
hostname (collector)# ?
Example
copy
Table 8: copy
Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash)data to a remote location, providing the same authentication and level of securityas an SSH transfer.
The copy traceback command, upon Customer Support's request, copies thetraceback files out of the box to a remote location.
See Also: “diagnosis” on page 31[mode]; “capture-start” on page 28
Description
All-in-One | Collector | Core-CM |Mac OSX EngineProduct(s) CLI
DiagnosisMode(s)
copy capture <scp source_file_name username@destination_host:destination_folder>| traceback {<tab> | ALL} <string URI as user@hostname:path
Syntax
copy capture <scp remote filename_location>
copy traceback <ALL | filename>
copy traceback <tab> [tab displays all available crash filenames]
Parameters
NoneSub-Commands
The following example copies the file "Eth1.txt" from the local host to a remote host:
hostname (diagnosis)# copy capture Eth1.txt
[email protected]:/some/remote/directory
Example
core
Table 9: core
Enters core mode.
See Also: basic [mode];
Description
Copyright © 2019, Juniper Networks, Inc.30
CLI Command Reference Guide
Table 9: core (continued)
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
coreSyntax
NoneParameters
exit, help, history, show, updateimageSub-Commands
The following command example enters core configuration mode:
hostname # core
hostname (core)#
Example
diagnosis
Table 10: diagnosis
Enters the Diagnosis configuration and status check mode.
See Also: collector [mode], server [mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
diagnosisSyntax
NoneParameters
“capture-start” on page 28;“copy” on page 30;“exit” on page 31;“gssreport” onpage 32;“help” on page 33;“history” on page 33;“set (server mode)” onpage42;“setupcheck”onpage44;“show(diagnosismode)”onpage47;“shutdown”on page 48
Sub-Commands
The following example enters diagnosis configuration and status checkmode:
hostname # diagnosis
hostname (diagnosis)# ?
Example
exit
Table 11: exit
Ends the CLI session.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
31Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 11: exit (continued)
exitSyntax
NoneParameters
The following example ends a command mode or CLI session.
JATP# (diagnosis) exit
JATP#
JATP (core) exit
JATP# exit
Example
gssreport
Table 12: gssreport
Use the gssreport command to submit reports to Juniper Global Security Services(GSS), and to display the status of the current GSS report.
See Also:“gssreport” on page 32 ; “diagnosis” on page 31[mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
diagnosisMode(s)
gssreport status | submitSyntax
status - displays the status of the current GSS report.
submit - submits a report to Juniper ATP Appliance GSS.
Parameters
NoneSub-Commands
The following examples display the status of a GSS report submission:
hostname # diagnosishostname (diagnosis)# gssreport submitSuccessfully started GSS report
hostname (diagnosis)# gssreport statusGSS is currently enabledLast 5-minute GSS report at 2015-07-28 10:34:24.414322:successfully submittedLast hourly GSS report at 2015-07-28 10:34:24.468259:successfully submittedLast daily GSS report at 2015-07-28 10:34:28.225512:successfully submitted
Example
Copyright © 2019, Juniper Networks, Inc.32
CLI Command Reference Guide
help
Table 13: help
Displays information about the CLI help system.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
helpSyntax
NoneParameters
The following example shows some of the output of the help command.
CONTEXT SENSITIVE HELP[?] - Display context sensitive help. This is either a list of possible commandcompletions with summaries, or the full syntax of the current command. Asubsequent repeat of this key, when a command has been resolved, will displaya detailed reference.
AUTO-COMPLETIONThe following keys both perform auto-completion for the current command line.If the command prefix is not unique then the bell will ring and a subsequentrepeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command.If there isasyntaxerror thenoffendingpartof thecommand linewill behighlightedand explained.
[tab] - Auto-completes[space] - Auto-completes, or if the command is already resolved inserts a space.
If “<cr>” is shown, that means that what you have entered so far is a completecommand, and youmay press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:JATP (server)# show f?firewall Show the firewall configuration settingsinterfaceJATP (server)# show firewall?all Show the current iptables settingswhitelist Show the iptables whitelist settingsshow firewall whitelist?<cr>show firewall whitelist
Example
history
Table 14: history
Displays the current CLI session command line history.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
historySyntax
33Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 14: history (continued)
NoneParameters
The following examples returns command line history for the current CLI session.
JATP# (core) history
Example
ifrestart
Table 15: ifrestart
Restarts the interface driver and services using the interface.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
ifrestart eth0 | eth1Syntax
Restarts the management network administra interface.eth0
Restarts the monitoring network interface.eth1
Parameters
The following example restarts the eth0 interface for the management network.
<FireEye_name># ifrestart eth0
Example
ping
Table 16: ping
Sends ICMP (Internet Control Message Protocol) echo request packets to a specified hostname or IP address to verify that the destination is reachable over the network.
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
ping [-c count] [-h hops] [string]Syntax
Copyright © 2019, Juniper Networks, Inc.34
CLI Command Reference Guide
Table 16: ping (continued)
Number of echo requests to send. By default, pings ar continuously until you pressCtrl+C.
-ccount
Number of next hops between pings (default is 1).-hhops
IP address, hostname or interface name used to ping device addressstring
Parameters
The following example sends three echo requests to the device with the IP Address10.10.10.1
<FireEye_name># ping -c 3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314ms64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277ms64 bytes from v: icmp_req=3 ttl=64 time=0.274m
--- 10.10.10.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1999msrtt min/avg/max/mdev = 0.274/0.288/0.314/0.022ms
Example
reboot
Table 17: reboot
Reboots the Juniper ATP Appliance.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
rebootSyntax
NoneParameters
The following example reboots the system.
hostname# reboot
Example
restart
Table 18: restart
Restarts Juniper ATP Appliance services.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
restart [all | behaviorengine | cm | collector | core | correlationengine | database |ntpserver | sshserver | staticengine | webserver]
Syntax
35Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 18: restart (continued)
Restarts all Juniper ATP Appliance services.all
Restarts the Behavioral Analysis Enginebehaviorengine
Restarts the Central Manager Web UI service.cm
Restarts the Collector service.collector
Restarts the Core Detection Engine.core
Restarts the Correlation Engine.correlationengine
Restarts the Database.database
Restarts the NTP server.ntpserver
Restarts the SSH server.sshserver
Restarts the Static Analysis Engine.staticengine
Restarts the web server.webserver
Parameters
The following example restarts the Central manager service.
JATP# restart cm
Example
server
Table 19: server
Enters the server configuration mode.
See Also: “collector” on page 29
Description
All-in-One | Collector | Core/CM |MacMini Mac OS XProduct(s) CLI
BasicMode(s)
serverSyntax
“exit” on page 31; “help” on page 33; “history” on page 33; “ifrestart” on page 34;“ping” on page 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)”on page 42; “upgrade” on page 49
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VMdirectly will lose the whitelist state as rules cannot be saved in that case.
Sub-Commands
The following example enters server configuration mode:
hostname # serverhostname (server) # ?
Example
Copyright © 2019, Juniper Networks, Inc.36
CLI Command Reference Guide
set honeypot (collector mode)
Table 20: set honeypot
Enables and disables the SSH-Honeypot feature for a Traffic Collector.
A honeypot can be deployed within a customer network to detect network activitygenerated by malware attempting to infect or attack other machines in a local areanetwork. These attempted SSH logins can be used to supplement detection oflateral spread.
There are two parameters that can be set for a honeypot:
• Enable/disable a honeypot
• Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressableinterface
See Also: show honeypot command in “show (collector mode)” on page 45
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
(collector)# set honeypot ssh-honeypot enable dhcp
(collector)# set honeypot ssh-honeypot enable address (IP address) netmask(subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable
Syntax
The following example enables the SMB parser for lateral detections:
(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask255.255.0.0 gateway 1.2.3.1
NOTE: The static IP configuration does not require configuring DNS. Honeypots donot require a DNS server at this time.
Example
set traffic-monitoring (for JATP700 Appliances only) (collector mode)
Table 21: set traffic-monitoring
Sets the traffic monitoring interface on the JATP700Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
# set traffic-monitoring-ifc 1gb_ifc
Set the traffic monitoring interface to be the 1G interface.
# set traffic-monitoring-ifc 10gb_ifc
Set the traffic monitoring interface to be the 10G interface.
NOTE: After making an interface type change, the system must be rebooted forthe change to take effect.
Syntax
37Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
set traffic-filter (collector mode)
Table 22: set traffic-filter
Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannot be maderetroactive; for example: any analysis skipped as a result of the filtering cannot be reversed.This command can be applied to an entire network/subnet/ CIDR range.
See Also:“set (server mode)” on page 42;“show (diagnosis mode)” on page 47 [showtraffic-filter]
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
set traffic-filter {add <rule_name> <domain> <sourceaddress> <destination-address><source-port> <destination-port> <protocol> | remove <rule_name>}
Syntax
Adds a traffic filter rule where:traffic-filter add
“RuleString” is the name of the rule<RuleString>
“DomainString” is the domain to filter out<Dom ainString>
“source-address” is the source IPv4 address or network (CIDR)<sourc eaddress>
“destination-address” is the destination IPv4 address or network (CIDR)<destination-address>
“source-port” is the source port number (0-65535)<source-port>
“destination-port” is the destination port number<destinationport>
(0-65535)“protocol” is the protocol type: either IP, TCP, UDP or HTTP<protocol>
Parameters
The following example add a traffic filter rule to the Traffic Collector.
JATP-collector02(collector)# set traffic-rule add CustomRule2 headqrts.example.com10.2.00/16 20.0.0.2 90 120 tcp
where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp, source-addressis 10.2.0.0/16 and source-port is 90 (in our example).
Example
set protocols (collector mode)
Table 23: set protocols
Enables and disables the HTTP or SMB parser for a Traffic Collector.
See Also: show protocols command in “show (collector mode)” on page 45
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
Copyright © 2019, Juniper Networks, Inc.38
CLI Command Reference Guide
Table 23: set protocols (continued)
(collector)# set protocols {http [on|off] | smb [on|off]}Syntax
The following example enables the SMB parser for lateral detections:
hostname (collector) set protocols smb on
Example
set proxy (collector mode)
Table 24: set proxy
Sets an Inside or Outside data path proxy from collector mode.
Deploy Traffic Collectors in locations where the monitoring interface is (1) placed“outside” between the proxy and the egress network for customer environments inwhich the proxy supports XFF (X-Forwarded-For), or (2) [the more typical deploymentscenario], the Collector is placed between the proxy and the internal network usingFQDN (if available) to identify the threat source for all types of incidents (“inside”proxy). When configured, the Juniper ATP Appliance Traffic Collector will monitor alltraffic and correctly identify source and destination hosts for each link in the kill chainwherever the data allows for it.
Note that if the “X-Forwarded-For” header is provided in the HTTP request, detectionwill identify threat targets when deployed outside of the proxy (customers can chooseto disable the XFF feature in the proxy setting, if desired).
See Also: “set (server mode)” on page 42[“set proxy” command for managementnetwork]; “set (diagnosis mode)” on page 40;
NOTE: The mitigation IP address of a CNC server is not be available for Inside proxydeployments. When a Juniper ATP Appliance is deployed behind a proxy, theMitigation-> Firewall page in the Juniper ATP Appliance Central Manager Web UI (whichtypically displays the CNC server IP address to mitigate) will be empty. The destinationIP address of any callback is made to the proxy server ip address, so it is not relevantto display the proxy server IP address on the Mitigation->Firewall page.
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IP address><proxy port>
set proxy outside {add <proxy IP address> | remove <proxy IP address>
Syntax
39Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 24: set proxy (continued)
Sets the inside proxy IP addressesinside
outside Sets the outside proxy IP addressesoutside
a proxy configuration.add Adds
Removes a proxy configuration.remove
Parameters
The following example sets an inside data path proxy:
JATP (collector)# set proxy inside add 10.1.1.1 8080
The following example sets an outside data path proxy:
JATP (collector)# set proxy outside add 10.2.1.1
Example
set (diagnosis mode)
Table 25: set
Sets the logging levels for Juniper ATP Appliance components from diagnosismode.
See Also:“set (server mode)” on page 42; set (collector mode)
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
set loggingSyntax
Sets logging for all Juniper ATP Appliance components.all
Sets logging to the default parametersdefault
Sets logging at the debug level.debug
Sets logging at the info level.info
Sets logging at the warning level.warning
Sets logging at the error level.error
Sets logging at the critical level.critical
Parameters
The following example sets the default logging level for all Juniper ATP Appliancecomponents.
JATP# set logging all
Example
Copyright © 2019, Juniper Networks, Inc.40
CLI Command Reference Guide
set appliance-type (server mode)
Table 26: set appliance-type
Change the appliance type at any time. For example, change from All-In-One toCore/CM. Note that if you change the appliance type after the initial installation,all data files related to the current type are lost and you must set up the applianceas you would a fresh box.
Description
All-in-One | Core CM | CollectorProduct(s) CLI
serverMode(s)
jatp:AIO#(server)# set appliance-type core-cmSyntax
all-in-one
core-cm
email-collector
traffic-collector
Parameters
The following example changes the form factor of the appliance from all-in-one(the default) to core-cm:
jatp:AIO#(server)# set appliance-type core-cmThis will result in the deletion of all data and configurations not relevant to thenew form factor.
Proceed? (Yes/No)? Yes
Example
set ip interface (server mode)
Table 27: set ip interface
Sets the management interface (eth0) and/or the alternate-exhaust interface(eth2) for the Juniper ATP Appliance.
Refer to the Operator’s Guide for information about configuring the optionalalternate analysis engine eth2 interface option (it moves CnC traffic during analysisengine processing off the enterprise’s eth0 management network).
See Also:“set (server mode)” on page 42;“set protocols (collector mode)” onpage 38;“show (coremode)” on page 46;“shutdown” on page 48
Description
All-in-One | Core CM | Mac Mini OS X Detection EngineProduct(s) CLI
serverMode(s)
(server) # set ip interfacemanagement <dhcp | address | netmask | gateway>
(server) # set ip interface alternate-exhaust <address | netmask | gateway>
Syntax
41Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 27: set ip interface (continued)
Enables DHCP for the management or alternate-exhaust interface.dhcp
Sets the static IP address for the management (eth0) or lternate-exhaust (eth2) interface,address
Sets the netmask for the management network or the alternate-exhaust network.netmask
Sets the Gateway IP address for the management interfac or the optiona alternate-exhaustnetwork.
gateway
Parameters
The following example configures the management interface (eth0) for a JuniperATP Appliance Core device:
JATP (server)# set ip interfacemanagement address10.2.123.18 netmask 255.255.255.0 gateway 10.2.0.1
The following example configures the management interface (eth0) using DHCP:
JATP (server)# set ip interfacemanagement dhcp
This example configures the alternate-exhaust interface (eth2) for a Juniper ATPAppliance Core device:
JATP (server)# set ip interface alternate-exhaust address 10.2.123.12 netmask255.255.255.0 gateway 10.2.0.2
Example
set (server mode)
Table 28: set
Configure the system settings.Description
All-in-One | Collector | Core CM | Mac Mini OS X Detection EngineProduct(s) CLI
Server, See Also:“set (diagnosismode)” onpage40;“set traffic-filter (collectormode)” on page 38
Mode(s)
set [autoupdate {on | off} | cli timeout secs | clock | cm address | support{enable | disable} localmode {enable | disable}| passphrase string | dns |firewall {all <backup | flush> | whitelist} | hostname string | ip interface{management | alternate-exhaust}| ntpserver | password | proxy {config |enabled | remove} | timezone string | uipassword]
Syntax
Note: vCore for AWS does not use the following CLI commands:
set ip
set hostname
[Users cannot set static IP address or change the hostname directly on an EC2AWS instance]
server mode “set proxy” command is a management network proxy tool; for datapath Collector proxy configurations, refer to
“set proxy (collector mode)” on page 39
Parameters
(Columns below)
Copyright © 2019, Juniper Networks, Inc.42
CLI Command Reference Guide
Table 28: set (continued)
Turn on or off automatic product updates. set autoupdate content on
Sets CLI timeout period in seconds (0 indicates no timeout).
Sets the current date and time.
Sets the IP address of the Central Manager and netmask using the slash notation;example: AAA.BBB.CCC.DD/X
Enables remote SSH login “support” account or localmode enable|/disable.
Sets DNS (or enables DHCP for DNS) for the management interface by defaultif interface is unspecified.
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes orflushes the current iptables whitelist-specific settings for the firewall.
The “add” option adds an IP address to the iptables outbound whitelist.
# set firewall whitelist add 10.1.1.1
Sets the system’s host name.
Sets the IP address, netmask, or default gateway, or enables DHCP for themanagement or alternate-exhaust interface.
autoupdate {content | software} {on |off}
cli timeout secs
clock
cm address
set support {enable | disable} |{localmode}
dns
firewall {all <backup | flush> | whitelist<add | delete | flush>}
hostname string
ip interface {management |alternateexhaust} <dhcp | address |netmask | gateway}
Sets the Network Time Protocol (NTP) server.
Sets the device key password; enter a string.
Sets a new password for the CLI administrator.
ntpserverpassphrase stringpassword
Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specificproxy server.
TIP: Tip: Config the proxy for “all” protocols first, and then change HTTP proxyas needed.
proxy {config <all|http> | enabled<on|off> | remove <all|http>}
Sets the timezone for the device.timezone string
Sets a new admin password for CM Web UI access.uipassword
The following example disables the CLI timeout counter.
JATP (server)# set cli timeout 0
The following example enables support:
JATP (server)# set support enable
Example
43Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
set system-alert (server mode)
Table 29: set system-alert
Configure the traffic threshold and checking interval for the Collector “monitoredtraffic” health status.
When the monitored traffic of a collector within the checking interval time is lowerthan the threshold, a system health alert is generated. You can send an emailnotification of the alert if email notifications of system health events are configured.
Description
All-in-One | Core CMProduct(s) CLI
Server, See Also:“set (diagnosis mode)” on page 40;“set traffic-filter (collectormode)” on page 38; show
Mode(s)
set system-alert traffic <integer> time <interval>
NOTE: Note that both "traffic" and "time" parameters are required in order to setthe threshold for both the minimum traffic and time.
Syntax
- the minimum traffic (in KB)traffic
- the checking interval (in minutes)interval
Parameters
JATP (server) # set system-alert traffic 100 time 30
This example sets the system alert such that, if the total monitored traffic of acollector within the last 30 minutes dips lower than 100KB, then a system healthalert will be generated (and users will receive an email notification of the alert ifemail notifications are configured for system health events).
By default this alert is disabled, and users must set the minimum traffic and intervalin order to enable it. Also note that all bytes seen on Ethernet frames are countedin the traffic.
The minimum interval for the "set system-alert traffic" time interval command is10 minutes. If the minimum interval is set to less than 10 minutes, no alerts will betriggered.
Example
setupcheck
Table 30: setupcheck
Checks and reports on basic configuration settings and analysis pipeline setup.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
setupcheck {all | report | basic | analysis}Syntax
Copyright © 2019, Juniper Networks, Inc.44
CLI Command Reference Guide
Table 30: setupcheck (continued)
Checks both basic settings and analysis pipelinall
Shows report of last setupcheck.report
Checks basic configuration settings.basic
Checks the analysis pipeline.analysis
Parameters
The following example checks all basic configuration settings as well as the analysispipeline:
JATP (diagnosis) # setupcheck all
Example
show (collector mode)
Table 31: show (collector mode)
Displays the Traffic Collector HOMENET settings and all configured subnets, as wellas current traffic filters and the current XFF status (enabled or disabled)
Description
All-in-One | CollectorProduct(s) CLI
CollectorMode(s)
homenet | traffic-filter | proxy | honeypotSubcommands
showSyntax
45Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 31: show (collector mode) (continued)
Shows all traffic filter rules.traffic-filter
Shows current HTTP or SMB protocol parser settingsprotocols
Shows Traffic Collector proxy for inside or outside configurations.proxy {inside|outside}
Shows the current honeypot configuration.honeypot
Parameters
The following example displays the current Collector proxy inside settings:
collector02(collector)# show proxy insideProxy IPs: 10.1.1.1
The following example displays the current traffic filter:
collector02 (collector)# show traffic-filterName: CustomRule2, Domain: headqtrs.example.com
The following example displays the current SMB protocol parser setting:
collector02 (collector)# show protocols
The following example displays the current honeypot configuration:
collector02 (collector)# show honeypot ssh-honeypot
Example
show (collector mode)
Table 32: show (collector mode)
Display the currently selected traffic monitoring interface.Description
All-in-One | CollectorProduct(s) CLI
CollectorMode(s)
collector02 (collector)#ow traffic-monitoring-ifc-type
Display the currently selected traffic monitoring interface
Syntax
show (coremode)
Displays the guest image(s) status or whitelist statistics.
See Also:“shutdown” on page 48; show (diagnostic mode)
Description
See Also: shutdown; show (diagnostic mode)Product(s) CLI
CoreMode(s)
showSyntax
Copyright © 2019, Juniper Networks, Inc.46
CLI Command Reference Guide
Displays guest image update and status information.images
Displays the name, hit count and the time of last hit of a user configured whitelist.
Note that when a whitelist rule is deleted, it will be removed from the list. Updates to existing ruleare not affected by the presence of the rule in the output, but hit count could increment. Further,more than one rule can be hit by a single incident.
whitelist
Displays the status of the alternate exhaust interface eth2.alternate-exhaustinterface
Parameters
The following example demonstrates the show images command usage:
JATP(core)# show images
The following example demonstrates the show whitelist command usage:
JATP(core)# showwhitelist
JATP(core)# showwhitelist
Local Time of Last HitHit CountRule Name
Wed Sep 2 18:16:55 201510URI1
Wed Sep 2 18:16:55 201510URI2
Wed Sep 2 18:16:55 201510URI3
Wed Sep 2 18:20:00 201549greatfilesarey
The following example shows how to get the alternate-exhaust interface (eth2)status:
JATP(core)# show alternate-exhaust interface
Example
show (diagnosis mode)
Table 33: show (diagnosis mode)
Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.
See Also:“shutdown” on page 48;show (coremode)
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
showSyntax
47Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 33: show (diagnosis mode) (continued)
Display connected device statistics for Traffic Collector, CoreCM, or Mac Mini Detection EngineSecondary “slave core.”
device {collectorstatus | |corestatus | slavecorestatus}
Displays the session counts for network web or email protocols.protocol {web | email}
Displays the current number of file objects.objects
Displays the currently-configured logging level.
See Also: “set traffic-filter (collector mode)” on page 38
logging
Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS process errorlogs. A traceback is a stack of functions that were executing when an error condition wasencountered.
log error traceback
Displays n [1-1000] lines of the contents of the common log file.log error last <integer: numberof lines to display>
Example: show log error last 12
Parameters
The following example displays the connected Traffic Collector status.
JATP(diagnosis)# show device collectorstatus<cr>
JATP (diagnosis)# show device collectorstatusWEB_COLLECTOR
IP : 10.2.9.68Enabled : TrueLast Seen : 2015-07-25 15:13:17.967000-07:00Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3Enabled : TrueLast Seen : 2015-07-28 11:07:42.046000-07:00Install Date : 2013-11-14 09:25:39-08:00
This example displays the log error traceback
JATP(diagnosis)# show log error traceback<cr>
Example
shutdown
Table 34: shutdown
Shuts down the Juniper ATP Appliance server.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
Copyright © 2019, Juniper Networks, Inc.48
CLI Command Reference Guide
Table 34: shutdown (continued)
shutdownSyntax
NoneParameters
The following example performs a shutdown of the current device.
JATP# shutdown
Example
traceroute
Table 35: traceroute
Displays the route packets trace to a host name or an IP address.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Server | CollectorMode(s)
tracerouteSyntax
Specifies the number of hops-h unsigned integer
Names the remote system to be traced.string
Parameters
The following example performs a traceroute of the named device.
JATP# traceroute -h 2MacMininOSX-Engine
Example
upgrade
Table 36: upgrade
Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and allconnected physical or virtual devices.
Description
All-in-One | Core CMProduct(s) CLI
cmMode(s)
upgrade <URI as user@hostname:path>Syntax
Specifies the software packages to copy .from a remo location for upgrading via the Core.<String_URI>Parameters
The following example copies Juniper ATP Appliance software to the Core from aremote location defined by the path provided.
CoreCM(cm)# upgrade [email protected]:some/remote/ directory
Example
49Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
updateimage
Table 37: updateimage
Update or correct the guest-image OS profile used by the detection and analysisbehavioral engine.
The updateimage command will update the guest images from the Juniper ATPAppliance update servers or a USB drive attached to the Juniper ATP Appliance.
Description
All-in-One | Core-CM |MacMini OS X Detection EngineProduct(s) CLI
CoreMode(s)
updateimageSyntax
Updates the guest-image on the detection Engine.built-inParameters
The following example performs a built-in profile update for the Core detectionengine.
JATP (core)# updateimage built-inInstalling image SC-XP-20150617.img...Previous version of SC-XP-20150617.img exists.Checking integrity...Image SC-XP-20150617.img is already installedInstalling image SC-W7-20150521.img...Previous version of SC-W7-20150521.img exists.Checking integrity...Image SC-W7-20150521.img is already installed
Example
wizard
Table 38: wizard
Enters the Configuration Wizard. For Configuration Wizard commands and response,see “Configuration Wizard for the All-in-One Server” in the next section to followcommand prompts and recommended responses.
Description
All-in-One | Core/CM | Collector | MacMini Mac OS XProduct(s) CLI
BasicMode(s)
wizardSyntax
NoneParameters
The following command starts the configuration wizard.
hostname #wizard
Example
Copyright © 2019, Juniper Networks, Inc.50
CLI Command Reference Guide
ConfigurationWizard for the All-in-One Server
Table 39: ConfigurationWizard for All-in-One Server
Customer Response ActionsConfiguration Wizard Prompts
We strongly discourage the use of DHCP addressing becauseit changes dynamically. A static IP address is preferred.
Recommended: Respond with no:
a. Enter an IP address
b. Enter a netmask using the form 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IP address
e. If yes enter the IP address of the secondary DNS server.
f. Enter yes if you want DNS lookups to use a specific domain.
g. Enter search domain(s) separated by spaces; for example:example.com lan.com dom2.com
Enter yes to restart with the new configuration settingsapplied.
Use DHCP to obtain the IP address and DNS server address forthe administrative interface (Yes/No)?
Note: Only if your DHCP response is no ,enter the followinginformation when prompted:
a. IP address (no CIDR format)
b. Netmask
c. Enter a gateway IP address for this management(administrative) interface:
d. Enter primary DNS server IP address.
e. Do you have a secondary DNS Server (Yes/No).
f. Do you want to enter the search domains?
g. Enter the search domain (separate multiple search domainsby space):
Restart the administrative interface (Yes/No)?
Type a hostname when prompted; do not include the domain;for example: JuniperATP1.
NOTE: Only alphanumeric characters and hyphens (in themiddle of the hostname) are allowed.
Enter a valid hostname.
Refer to “Configuring an Alternate Analysis Engine Interface”in the Juniper ATP Appliance Operator’s Guide for moreinformation.
Enter yes to configure an alternate eth2 interface.
Enter the IP address for the eth2 interface.
Enter the eth2 netmask.
Enter the gateway IP address.
Enter the primary DNS server IP Address for thealternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNSserver.
Enter yes or no to indicate whether you want to enter searchdomain.
[OPTIONAL]
If the system detects a Secondary Core with an eth2 port, thenthe alternate CnC exhaust option is displayed:
Use alternate-exhaust for the analysis engine exhaust traffic(Yes/No)?
Enter IP address for the alternate-exhaust (eth2) interface:
Enter netmask for the alternate-exhaust (eth2) interface:(example: 255.255.0.0)
Enter gateway IP Address for the alternateexhaust (eth2)interface: (example:10.6.0.1)
Enter primary DNS server IP Address for the alternate-exhaust(eth2) interface: (example: 8.8.8.8)
Do you have a secondary DNS server for the alternate-exhaust(eth2) interface?
Do you want to enter the search domains for thealternate-exhaust (eth2) interface?
NOTE: A complete network interface restart can take morethan 60 seconds
51Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 39: ConfigurationWizard for All-in-One Server (continued)
Enter yes to create a new SSL certificate for the Juniper ATPAppliance Server Web UI.
Regenerate the SSL self-signed certificate (Yes/No)?
See Also Core/CM Server CLI Commands on page 52•
• Traffic Collector CLI Commands on page 95
Core/CMServer CLI Commands
This chapter describes the commands for available for Juniper ATP Appliance Core/CM
or vCore servers. These commands are used to configure devices and software, manage
security events, and show system information and status.
You must enclose non-alphabet characters in double quotes in CLI commands.
• Basic Mode Commands on page 52
• CM Commands on page 53
• Core Mode Commands on page 53
• Server Mode Commands on page 53
• Diagnosis Mode Commands on page 53
• CoreCM CLI Commands on page 54
• Configuration Wizard for the CoreCM Server on page 74
Basic Mode Commands
Use general system commands to configure the appliance, view appliance history, enter
other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:
• cm on page 29
• core on page 30
• diagnosis on page 31
• exit on page 31
• help on page 33
• history on page 33
• server on page 36
• wizard on page 50
Refer to the respective sections in this guide to review Diagnosis Mode, CM Mode, Collector
Mode and Server Mode commands per product device.
Copyright © 2019, Juniper Networks, Inc.52
CLI Command Reference Guide
CMCommands
• exit on page 31
• help on page 33
• history on page 33
• upgrade on page 49
CoreMode Commands
• exit on page 31
• help on page 33
• history on page 33
• set (core mode) on page 62
• show (core mode) on page 46
• updateimage on page 50
Server Mode Commands
• exit on page 31
• help on page 33
• history on page 33
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• [Unresolved xref]
• set (server mode) on page 42
• set appliance-type (server mode) on page 41
• server on page 36
• show (server mode) on page 68
• shutdown on page 48
• traceroute on page 49
• upgrade on page 49
Diagnosis Mode Commands
• capture-start on page 55
• copy on page 30
53Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
• exit on page 31
• gssreport on page 32
• help on page 33
• history on page 33
• set (diagnosis mode) on page 40
• setupcheck on page 44
• show (diagnosis mode) on page 47
CoreCMCLI Commands
• capture-start on page 55
• cm on page 55
• core on page 56
• copy on page 56
• diagnosis on page 57
• exit on page 57
• gssreport on page 58
• help on page 58
• history on page 59
• ifrestart on page 59
• ping on page 60
• reboot on page 60
• restart on page 61
• set (core mode) on page 62
• server on page 62
• set system-alert (server mode) on page 62
• set (server mode) on page 63
• set appliance-type (server mode) on page 64
• set (diagnosis mode) on page 65
• setupcheck on page 66
• show (core mode) on page 66
• show (diagnosis mode) on page 67
• show (server mode) on page 68
• shutdown on page 71
• traceroute on page 72
• upgrade on page 72
Copyright © 2019, Juniper Networks, Inc.54
CLI Command Reference Guide
• updateimage on page 73
• wizard on page 73
capture-start
Table 40: capture-start
Starts packet capture as a means for diagnosing and debugging network traffic and obtainingstats.
See Also:“diagnosis” on page 31[mode];“copy” on page 30
Description
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
DiagnosisMode(s)
capture-startSyntax
<IP address> <interface_name>Parameters
NoneSub-Commands
The following example starts a packet capture process on interface eth1 for a Traffic Collectorwith IP address 8.8.8.8:
hostname # diagnosis
hostname (diagnosis)# capture-start 8.8.8.8 eth1
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that thecapture filters on.
Example
cm
Table 41: cm
Enters cm (Central Manager) mode.
See Also: basic [mode];
Description
All-in-One | CoreProduct(s) CLI
BasicMode(s)
cmSyntax
NoneParameters
exit | help | history | upgradeSub-Commands
The following command example enters cm configuration mode:
hostname # cm
hostname (cm)#
Example
55Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
core
Table 42: core
Enters core mode.
See Also: basic [mode];
Description
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
coreSyntax
NoneParameters
exit, help, history, show, updateimageSub-Commands
The following command example enters core configurationmode:
hostname # core
hostname (core)#
Example
copy
Table 43: copy
Uses Secure Copy (SCP) to copy and transfer packet capture or traceback (crash) data to a remotelocation, providing the same authentication and level of security as an SSH transfer.
The copy traceback command, upon Customer Support's request, copies the traceback files outof the box to a remote location.
See Also:“diagnosis” on page 31[mode];“capture-start” on page 55
Description
All-in-One | Collector | Core-CM |Mac OSX EngineProduct(s) CLI
DiagnosisMode(s)
copy capture <scp source_file_name username@destination_host:destination_folder> | traceback{<tab> | ALL} <string URI as user@hostname:path
Syntax
copy capture <scp remote filename_location>
copy traceback <ALL | filename>
copy traceback <tab> [tab displays all available crash filenames]
Parameters
NoneSub-Commands
Copyright © 2019, Juniper Networks, Inc.56
CLI Command Reference Guide
Table 43: copy (continued)
The following example copies the file "Eth1.txt" from the local host to a remote host:
hostname (diagnosis)# copy capture scp captureEth1.txt
[email protected]:/some/remote/directory
Example
diagnosis
Table 44: diagnosis
Enters the Diagnosis configuration and status check mode.
See Also: collector [mode], server [mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
diagnosisSyntax
NoneParameters
“capture-start” on page 55; “copy” on page 30; “exit” on page 31; “gssreport” onpage 32;“help” on page 33;“history” on page 33;“set (server mode)” onpage 42;“setupcheck” on page 44;“show (diagnosis mode)” on page 47;“show (servermode)” on page 68
Sub-Commands
The following example enters diagnosis configuration and status check mode:
hostname # diagnosis
hostname (diagnosis)# ?
Example
exit
Table 45: exit
Ends the CLI session.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
exitSyntax
NoneParameters
The following example ends a command mode or CLI session.
JATP# (diagnosis) exitJATP#
Example
57Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
gssreport
Table 46: gssreport
Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and todisplay the status of the current GSS report.
See Also:“gssreport” on page 32;“diagnosis” on page 31[mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
diagnosisMode(s)
gssreport status | submitSyntax
status - displays the status of the current GSS report.
submit - submits a report to Juniper ATP Appliance GSS.
Parameters
NoneSub-Commands
The following examples display the status of a GSS report submission:
hostname # diagnosishostname (diagnosis)# gssreport submitSuccessfully started GSS report
hostname (diagnosis)# gssreport statusGSS is currently enabledLast 5-minute GSS report at 2015-07-28 10:34:24.414322:successfully submittedLast hourly GSS report at 2015-07-28 10:34:24.468259:successfully submittedLast daily GSS report at 2015-07-28 10:34:28.225512:successfully submitted
Example
help
Table 47: help
Displays information about the CLI help system.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
helpSyntax
NoneParameters
Copyright © 2019, Juniper Networks, Inc.58
CLI Command Reference Guide
Table 47: help (continued)
The following example shows some of the output of the help command.
CONTEXT SENSITIVE HELP[?] - Display context sensitive help. This is either a list of possible commandcompletions with summaries, or the full syntax of the current command. Asubsequent repeatof this key,whenacommandhasbeen resolved,will displaya detailed reference.
AUTO-COMPLETIONThe followingkeysbothperformauto-completion for thecurrent command line.If the command prefix is not unique then the bell will ring and a subsequentrepeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there isa syntax error thenoffendingpart of the command linewill be highlightedandexplained.
[tab] - Auto-completes[space] -Auto-completes, or if thecommand isalready resolved insertsaspace.If “<cr>” is shown, that means that what you have entered so far is a completecommand, and youmay press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:JATP (server)# show f?firewall Show the firewall configuration settingsinterfaceJATP (server)# show firewall?all Show the current iptables settingswhitelist Show the iptables whitelist settingsshow firewall whitelist?<cr>show firewall whitelist
Example
history
Table 48: history
Displays the current CLI session command line history.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Core | Collector | Diagnosis | ServerMode(s)
historySyntax
NoneParameters
The following examples returns command line history for the current CLIsession.
JATP# (core) history
Example
ifrestart
Table 49: ifrestart
Restarts the interface driver and services using the interface.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
59Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 49: ifrestart (continued)
ServerMode(s)
ifrestart eth0 | eth1Syntax
eth0 Restarts the management network administra interface.
eth1 Restarts the monitoring network interface.
Parameters
The following example restarts the eth0 interface for the management network.
<FireEye_name># ifrestart eth0
Example
ping
Table 50: ping
Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that thedestination is reachable over the network.
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
ServerMode(s)
ping [-c count] [-h hops] [string]Syntax
Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.-ccount
Number of next hops between pings (default is 1).-hhops
IP address, hostname or interface name used to ping device addressstring
Parameters
The following example sends three echo requests to the device with the IP Address 10.10.10.1
<FireEye_name># ping -c 3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314ms64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277ms64 bytes from v: icmp_req=3 ttl=64 time=0.274m
--- 10.10.10.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1999msrtt min/avg/max/mdev = 0.274/0.288/0.314/0.022ms
Example
reboot
Table 51: reboot
Reboots the Juniper ATP Appliance.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.60
CLI Command Reference Guide
Table 51: reboot (continued)
ServerMode(s)
rebootSyntax
NoneParameters
The following example reboots the system.
hostname# reboot
Example
restart
Table 52: restart
Restarts Juniper ATP Appliance services.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
restart [all | behaviorengine | cm | collector | core | correlationengine | database |ntpserver | sshserver | staticengine | webserver]
Syntax
Restarts all Juniper ATP Appliance services.all
Restarts the Behavioral Analysis Enginebehaviorengine
Restarts the Central Manager Web UI service.cm
Restarts the Collector service.collector
Restarts the Core Detection Engine.core
Restarts the Correlation Engine.correlationengine
Restarts the Database.database
Restarts the NTP server.ntpserver
Restarts the SSH server.sshserver
Restarts the Static Analysis Engine.staticengine
Restarts the web server.webserver
Parameters
The following example restarts the Central manager service.
JATP# restart cm
Example
61Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
set (coremode)
Table 53: set
Resets the Secondary Core UUID, if the virtual core is cloned.Description
Core/CM (Virtual Core)Product(s) CLI
Core (for Virtual Core configurations)Mode(s)
set idSyntax
NoneSub-Commands
The following example sets the Virtual Core appliance id:
hostname # corehostname (core) # set id<cr>
Example
server
Table 54: server
Enters the server configuration mode.Description
All-in-One | Collector | Core/CM |MacMini Mac OS XProduct(s) CLI
BasicMode(s)
serverSyntax
“exit” on page 31;“help” on page 33;“history” on page 33;“ifrestart” on page 34;“ping” onpage34;“reboot”onpage35;[Unresolvedxref];“set (servermode)”onpage42;“show(servermode)” on page 68;“traceroute” on page 49;“upgrade” on page 49
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly willlose the whitelist state as rules cannot be saved in that case.
Sub-Commands
The following example enters server configuration mode:
hostname # serverhostname (server) # ?
Example
set system-alert (server mode)
Table 55: set system-alert
Configure the traffic threshold and checking interval for the Collector “monitored traffic” health status.
When the monitored traffic of a collector within the checking interval time is lower than the threshold, asystem health alert is generated. You can send an email notification of the alert if email notifications ofsystem health events are configured.
Description
All-in-One | Core CMProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.62
CLI Command Reference Guide
Table 55: set system-alert (continued)
Server, See Also:“set (diagnosis mode)” on page 40; set (collector mode); showMode(s)
set system-alert traffic <integer> time <interval>
NOTE: Note that both "traffic" and "time" parameters are required in order to set the threshold for boththe minimum traffic and time.
Syntax
traffic - theminimum traffic (in KB)
interval - the checking interval (in minutes)
Parameters
JATP (server) # set system-alert traffic 100 time 30
This example sets the system alert such that, if the total monitored traffic of a collector within the last30 minutes dips lower than 100KB, then a system health alert will be generated (and users will receivean email notification of the alert if email notifications are configured for system health events).
By default this alert is disabled, and users must set the minimum traffic and interval in order to enableit. Also note that all bytes seen on Ethernet frames are counted in the traffic.
The minimum interval for the "set system-alert traffic" time interval command is 10 minutes. If theminimum interval is set to less than 10 minutes, no alerts will be triggered.
Example
set (server mode)
Table 56: set
Configure the system settings.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Server, See Also: “set (diagnosis mode)” on page 40; “set (coremode)” onpage 62; “show (coremode)” on page 46
Mode(s)
set [autoupdate {on | off} | cli timeout secs | clock | cm address | support{enable | disable} localmode {enable | disable}| passphrase string | dns| firewall {all <backup | flush> | whitelist} | hostname string | ip interface{management | alternate-exhaust}| ntpserver | password | proxy {config| enabled | remove} | timezone string | uipassword]
Syntax
Parameters
NOTE: vCore for AWS does not use thefollowing CLI commands:
set ip
set hostname
[Users cannot set static IP address or changethe hostname directly on an EC2 AWSinstance]
(See columns below)
63Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 56: set (continued)
Turn on or off automatic product updates.
set autoupdate content on
Sets CLI period in seconds (0 indicates no timeout).
Sets the current date and time.
Sets the IP address of the Central Manager and netmask using slash notation;ex: AAA.BBB.CCC.DD/X
Enables remote SSH login “support” account or localmode enable|/disable.
Sets DNS (or enables DHCP for DNS) for the management interface by defaultif interface is unspecified.
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletesor flushes the current iptables whitelist-specific settings for the firewall.
The “add” option adds an IP address to the iptables outbound whitelist.
# set firewall whitelist add 10.1.1.1
Sets the system’s host name.
Sets the IP address, netmask, or default gateway, or enables DHCP for themanagement or alternate-exhaust interface.
autoupdate {content | software} {on | off}
cli secs
clock
cm address
set support {enable | disable} |{localmode}
dns
firewall {all <backup | flush> | whitelist<add | delete | flush>}
hostname string
ip interface {management |alternateexhaust} <dhcp | address |netmask | gateway}
Sets the Network Time Protocol (NTP) server.
Sets the device key password; enter a string.
Sets a new password for the CLI administrator.
ntpserver
passphrase string
password
Config, enable/disable, or remove “all” proxy configs, or remove anHTTP-specific proxy server.
TIP: Config the proxy for “all” protocols first, and then change HTTP proxy asneeded.
proxy {config <all|http> | enable <on|off>| remove <all|http>}
Sets the timezone for the device.timezone string
Sets a new admin password for CM Web UI access.uipassword
The following example enables a proxy server.
JATP (server)# set proxy enable on
Examples
set appliance-type (server mode)
Table 57: set appliance-type
Change the appliance type at any time. For example, change from All-In-One toCore/CM. Note that if you change the appliance type after the initial installation,all data files related to the current type are lost and you must set up the applianceas you would a fresh box.
Description
All-in-One | Core CM | CollectorProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.64
CLI Command Reference Guide
Table 57: set appliance-type (continued)
serverMode(s)
jatp:AIO#(server)# set appliance-type core-cmSyntax
all-in-one
core-cm
email-collector
traffic-collector
Parameters
The following example changes the form factor of the appliance from all-in-one(the default) to core-cm:
jatp:AIO#(server)# set appliance-type core-cmThis will result in the deletion of all data and configurations not relevant to thenew form factor.
Proceed? (Yes/No)? Yes
Example
set (diagnosis mode)
Table 58: set
Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.
See Also:“set (server mode)” on page 42
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
set logging allSyntax
65Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 58: set (continued)
Sets logging for all Juniper ATP Appliance components.all
Sets logging to the default parametersdefault
Sets logging at the debug level.debug
Sets logging at the info level.info
Sets logging at the warning level.warning
Sets logging at the error level.error
Sets logging at the critical level.critical
Parameters
The following example sets the default logging level for all Juniper ATP Appliancecomponents.
JATP# set logging all
Example
setupcheck
Table 59: setupcheck
Checks and reports on basic configuration settings and analysis pipeline setup.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
setupcheck {all | report | basic | analysis}Syntax
all Checks both basic settings and analysis pipelin
report Shows report of last setupcheck.
basic Checks basic configuration settings.
analysis Checks the analysis pipeline.
Parameters
The following example checks all basic configuration settings as well as the analysis pipeline:
JATP (diagnosis) # setupcheck all
Example
show (coremode)
Table 60: show
Displays the guest image(s) status or whitelist statistics.
See Also:“show (server mode)” on page 68; show (diagnostic mode)
Description
Copyright © 2019, Juniper Networks, Inc.66
CLI Command Reference Guide
Table 60: show (continued)
See Also: shutdown; show (diagnostic mode)Product(s)CLI
CoreMode(s)
showSyntax
Displays guest image update and status information.images
Displays the name, hit count and the time of last hit of a user configured whitelist.
Note that when a whitelist rule is deleted, it will be removed from the list. Updates to existingrule are not affected by the presence of the rule in the output, but hit count could increment.Further, more than one rule can be hit by a single incident.
whitelist
Displays the status of the alternate exhaust interface eth2.alternate-exhaustinterface
Parameters
The following example demonstrates the show images command usage:
JATP(core)# show images
The following example demonstrates the show whitelist command usage:
JATP(core)# showwhitelist
JATP(core)# showwhitelist
Local Time of Last HitHit CountRule Name
Wed Sep 2 18:16:55 201510URI1
Wed Sep 2 18:16:55 201510URI2
Wed Sep 2 18:16:55 201510URI3
Wed Sep 2 18:20:00 201549greatfilesarey
The following example shows how to get the alternate-exhaust interface (eth2) status:
JATP(core)# show alternate-exhaust interface
Example
show (diagnosis mode)
Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.
See Also:“show (server mode)” on page 68
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
diagnosisMode(s)
67Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
showSyntax
Display connected device statistics for Traffic Collector, CoreCM, or Mac MiniDetection Engine Secondary “slave core.”
device {collectorstatus | | corestatus |slavecorestatus}
Displays the session counts for network web or email protocols.protocol {web | email}
Displays the current number of file objects.objects
Displays the currently-configured logging level.
See Also: set traffic-filter (collector mode) logging
logging
Displays only the tracebacks (if any) generated by Juniper ATP Appliance OS processerror logs. A traceback is a stack of functions that were executing when an errorcondition was encountered.
log error traceback
Displays n [1-1000] lines of the contents of the common log file.log error last <integer: number of lines todisplay>
Example: show log error last 12
Parameters
The following example displays the connected Traffic Collector status.
JATP(diagnosis)# show device collectorstatus<cr>
JATP (diagnosis)# show device collectorstatusWEB_COLLECTOR
IP : 10.2.9.68Enabled : TrueLast Seen : 2015-07-25 15:13:17.967000-07:00Install Date : 2015-06-25 19:03:38-07:00
IP : 10.2.20.3Enabled : TrueLast Seen : 2015-07-28 11:07:42.046000-07:00Install Date : 2013-11-14 09:25:39-08:00
This example displays the log error traceback
JATP(diagnosis)# show log error traceback<cr>
Example
show (server mode)
Table 61: show
Display configurations and status information.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
Server, See Also: “show (diagnosis mode)” on page 47Mode(s)
Copyright © 2019, Juniper Networks, Inc.68
CLI Command Reference Guide
Table 61: show (continued)
showSyntax
Parameters
(See Tables below)
Show the automatic update setting.autoupdate
Show the CLI timeout setting.cli timeout
Show the current date and time.clock
Show the Central Manager IP address.cm
Show the driver state for interfaces.controller
Show the remote SSH login support status.support
Show the server or system description.description
Show the device key.devicekey
Show the device type.devicetype
Show the DNS servers settings.dns
Show the End User License Agreement.eula
Show the firewall configuration settings.firewall [all <| whitelist]
Show the system’s host name.hostname
Show information about the management (administrative) network interface eth0, orthe monitoring interface (eth1), or the alternate-exhaust interface (eth2).
interface [management |monitoring | alternateexhaust]
Show the IP address of the management (administrative) interface eth0.See Also:
show controller
Results may show both private and public IP addresses if the AWS vCore has a publicIP.
ip
Show the server name.name
Show the Network Time Protocol (NTP) server settings.ntpserver
Shows the proxy configuration for the management network.
Show system statistics:
proxy
69Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 61: show (continued)
cpuload shows average CPU load in the system for running processes in the last 1, 5and 15 min intervals.
See also show (collector mode) forshow proxy inside/outside data path
disk shows the disk space usage in the system.
memoryshows the system memory usage.
show stats cpuload (0.06,0.13,0.13)
stats [cpuload | disk | memory]
Shows the current set system-alert settings.system-alert
Show the current timezone; example:
set timezone US/Pacific
TIP:
set timezone <tab> shows options.
timezone {US/Eastern |US/Central | US/ Mountain
Show how long the system has been running.uptime
Show the system UUID (universally unique ID).uuid
Show Juniper ATP Appliance software and content security
versions:
version
Copyright © 2019, Juniper Networks, Inc.70
CLI Command Reference Guide
Table 61: show (continued)
The following example displays information about the CoreCM server device type:
CoreCM(server)# show devicetypeDevice type: cm, core
The following example requests data about the alternate-exhaust interface (eth2):
CoreCM(server)# show interface alternate-exhaust
The following example shows details about the Collector’s monitoring interface (eth1):
CoreCM(server)# show interfacemonitoringInterface: monitoring (eth1) Enabled: Yes Link: Yes
IP Address: unknown Mask: unknown MTU: 1500
MAC Address: 90:d6:1f:22:70:g6 Speed: 1000Mb/s Duplex:
Full
Auto-negotiation: Yes Medium: Copper
RX packets: 1869032424 Bytes: 1716560257902 Errors: 0
Overruns: 0
TX packets: 409287 Bytes: 44607401 Errors: 0 Overruns: 0
Traffic rate for the last 5 seconds/1 minute/5 minutes
RX bits/sec: 108616/160176/442736
RX packets/sec: 44/46/91
TX bits/sec: 0/112/128
TX packets/sec: 0/0/0
Example
shutdown
Table 62: shutdown
Shuts down the Juniper ATP Appliance server.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
shutdownSyntax
NoneParameters
71Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 62: shutdown (continued)
The following example performs a shutdown of the current device.
JATP# shutdown
Example
traceroute
Table 63: traceroute
Displays the route packets trace to a host name or an IP address.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
ServerMode(s)
tracerouteSyntax
Specifies the number of hops-h unsigned integer
Names the remote system to be traced.string
Parameters
The following example performs a traceroute of the named device.
JATP# traceroute -h 2 MacMininOSX-Engine
Example
upgrade
Table 64: upgrade
Upgrade Juniper ATP Appliance software for the Core/CM device or vCore, and all connected physical or virtual devices.Description
All-in-One | Core CMProduct(s)CLI
cmMode(s)
upgrade <URI as user@hostname:path>Syntax
Specifies the software packages to copy .from a remo location for upgrading via the Core.<String_URI>Parameters
The following example copies Juniper ATP Appliance software to the Core from a remote location defined by the path provided.
CoreCM(cm)# upgrade [email protected]:some/remote/ directory
Example
Copyright © 2019, Juniper Networks, Inc.72
CLI Command Reference Guide
updateimage
Table 65: updateimage
Update or correct the guest-image OS profile used by the detection and analysis behavioral engine.
The updateimage command will update the guest images from a USB drive attached to the Juniper ATP Appliance.
Description
All-in-One | Core-CM |MacMini OS X Detection EngineProduct(s)CLI
CoreMode(s)
updateimageSyntax
Updates the guest-image on the detection Engine.built-inParameters
The following example performs a built-in profile update for the Core detection engine.
JATP (core)# updateimage built-inInstalling image SC-XP-20140617.img...Previous version of SC-XP-20140617.img exists.Checking integrity...Image SC-XP-20140617.img is already installedInstalling image SC-W7-20140521.img...Previous version of SC-W7-20140521.img exists.Checking integrity...Image SC-W7-20140521.img is already installed
Example
wizard
Table 66: wizard
Enters the Configuration Wizard. For Configuration Wizard commands and response, see“Configuration Wizard for the CoreCM Server” in the next section to follow commandprompts and recommended responses.
Description
All-in-One | Core/CM | Collector | MacMini Mac OS XProduct(s) CLI
BasicMode(s)
wizardParameters
NoneExample
The following command starts the configuration wizard.
hostname #wizard
73Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
ConfigurationWizard for the CoreCMServer
NOTE: Enter CTRL-C to exit the ConfigurationWizard at any time. If you exitwithout completing the configuration, you will be prompted again whetherto run the ConfigurationWizard.
Youmayalso reruntheConfigurationWizardatany timewith theCLIcommandwizard.
Customer Response ActionsConfigurationWizard Prompts
We strongly discourage the use of DHCP addressing because itchanges dynamically. A static IP address is preferred.
Recommended: Respond with no:
a. Enter an IP address
b. Enter a netmask using the form 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IP address
e. If yes, enter the IP address of the secondary DNS server.
f. Enter yes if you want DNS lookups to use a specific domain.
g. Enter search domain(s) separated by spaces; for example:example.com lan.com dom2.com
Enter yes to restart with the new configuration settings applied.
Use DHCP to obtain the IP address and DNS server addressfor the administrative interface (Yes/No)?
NOTE: Only if your DHCP response is no,enter the followinginformation when prompted:
a. IP address (no CIDR format)
b. Netmask
c. Enter a gateway IP address for this management(administrative) interface:
d. Enter primary DNS server IP address.
e. Do you have a secondary DNS Server (Yes/No).
f. Do you want to enter the search domains?
g. Enter the search domain (separate multiple searchdomains by space):
Restart the administrative interface (Yes/No)
Type a hostname when prompted; do not include the domain;for example: juniperatp1
NOTE: Only alphanumeric characters and hyphens (in themiddle of the hostname) are allowed.
Enter a valid hostname.
Copyright © 2019, Juniper Networks, Inc.74
CLI Command Reference Guide
Refer to “Configuring an Alternate Analysis Engine Interface” inthe Juniper ATP Appliance Operator’s Guide for moreinformation.
Enter yes to configure an alternate eth2 interface.
Enter the IP address for the eth2 interface.
Enter the eth2 netmask.
Enter the gateway IP address.
Enter the primary DNS server IP Address for thealternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNS server.
Enter yes or no to indicate whether you want to enter searchdomain.
[OPTIONAL]
If the system detects a Secondary Core with an eth3 port,then the alternate CnC exhaust option is displayed:
Use alternate-exhaust for the analysis engine exhaust traffic(Yes/No)?
Enter IP address for the alternate-exhaust (eth2) interface:
Enter netmask for the alternate-exhaust (eth2) interface:(example: 255.255.0.0)
Enter gateway IP Address for the alternateexhaust (eth2)interface: (example:10.6.0.1)
Enter primary DNS server IP Address for the alternate-exhaust(eth2) interface: (example: 8.8.8.8)
Do you have a secondary DNS server for the alternate-exhaust(eth2) interface?
Do you want to enter the search domains for thealternate-exhaust (eth2) interface?
NOTE: A complete network interface restart can take morethan 60 seconds
Enter yes to create a new SSL certificate for the Juniper ATPAppliance Server Web UI.
If you decline the self-signed certificate by entering no, beprepared to install a certificate authority (CA) certificate.
Regenerate the SSL self-signed certificate (Yes/No)?
Is this a Central Manager device?:
Enter Yes; the system will auto-set IP 127.0.0.1 as the All-in-OneIP address.
Enter a connected Juniper ATP Appliance Collector DeviceName; this identifies the Collector in the Web UI.
Enter a device Description
Enter a user-defined PassPhrase to be used to authenticate theCore to the Central Manager.
Enter the following server attributes:
Central Manager (CM) IP Address:
Device Name: (must be unique)
Device Name: (must be unique)
Device Key PassPhrase
NOTE: Remember this passphrase and use it for alldistributed devices.
See Also All-in-One CLI Commands on page 25•
• Traffic Collector CLI Commands on page 95
MacOS X Engine CLI Commands
This chapter describes the CLI commands available for the Mac Mini Mac OS X “Secondary
Core” detection engine device. There is no Collector Mode on this device.
75Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
NOTE: Youmust enclose non-alphabet characters in double quotes in CLIcommands.
• Basic Mode Commands on page 76
• Core Mode Commands on page 76
• Server Mode Commands on page 76
• Diagnosis Mode Commands on page 77
• Mac OS X Detection Engine CLI Commands on page 77
• Configuration Wizard Command Prompt Responses on page 93
Basic Mode Commands
Use general system commands to configure the appliance, view appliance history, enter
other CLI modes, obtain help with CLI syntax, and to exit the CLI session.
The general commands are:
• core on page 30
• diagnosis on page 31
• exit on page 31
• help on page 33
• histroy on page 82
• server on page 36
• wizard on page 50
Refer to the respective chapters in this guide to review Collector Mode, Diagnosis Mode
and Server Mode commands per device-- All-in-One, Mac OS X Engine, Traffic Collector
and CoreCM.
CoreMode Commands
• exit on page 31
• help on page 33
• histroy on page 82
• show (core mode) on page 46
• updateimage on page 50
Server Mode Commands
• exit on page 31
• help on page 33
• histroy on page 82
Copyright © 2019, Juniper Networks, Inc.76
CLI Command Reference Guide
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• [Unresolved xref]
• server on page 36
• set (server mode) on page 42
• show (server mode) on page 68
• shutdown on page 48
• traceroute on page 49
Diagnosis Mode Commands
• capture-start on page 55
• copy on page 30
• exit on page 31
• gssreport on page 32
• help on page 33
• histroy on page 82
• set (diagnosis mode) on page 40
• setupcheck on page 44
• show (diagnosis mode) on page 47
MacOS XDetection Engine CLI Commands
• capture-start on page 78
• copy on page 78
• core on page 79
• diagnosis on page 79
• exit on page 80
• gssreport on page 80
• help on page 81
• histroy on page 82
• ifrestart on page 82
• ping on page 83
• reboot on page 83
• restart on page 84
77Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
• server on page 84
• set (server mode) on page 85
• set (diagnosis mode) on page 87
• setupcheck on page 87
• show (core mode) on page 88
• show (diagnosis mode) on page 89
• show (server mode) on page 89
• shutdown on page 91
• traceroute on page 91
• updateimage on page 92
• upgrade on page 93
• wizard on page 93
capture-start
Table 67: capture-start
Starts packet capture as a means for diagnosing and debugging network traffic and obtainingstats.
See Also: “diagnosis” on page 31[mode];“copy” on page 30
Description
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
DiagnosisMode(s)
capture-startSyntax
<IP address> <interface_name>Parameters
NoneSub-Commands
The following example starts a packet capture process on interface eth1 for a Traffic Collectorwith IP address 8.8.8.8:
hostname # diagnosis
hostname (diagnosis)# capture-start 8.8.8.8 eth1
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just a host that thecapture filters on.
Example
copy
Table 68: copy
Uses Secure Copy (SCP) to scp to copy and transfer packet capture ortraceback (crash) data to a remote location, providing the same authenticationand level of security as an SSH transfer.
See Also: “diagnosis” on page 31 [mode]; “capture-start” on page 55
Description
Copyright © 2019, Juniper Networks, Inc.78
CLI Command Reference Guide
Table 68: copy (continued)
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
DiagnosisMode(s)
copy capture <scp source_file_nameusername@destination_host:destination_folder> | traceback all <stringURI as user@hostname:path>
Syntax
copy capture <scp remote filename_location>copy traceback all <path string>copy traceback <tab> [tab displays all available crash filenames]
Parameters
NoneSub-Commands
The following example copies the file "captureEth1.txt" from the local host toa remote host:
hostname (diagnosis)# copy capture scp captureEth1.txt
[email protected]:/some/remote/directory
Example
core
Table 69: core
Enters core mode.
See Also: basic [mode];
Description
All-in-One | Collector | Core | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
coreSyntax
NoneParameters
exit, help, history, show, updateimageSub-Commands
The following command example enters core configurationmode:
hostname # core
hostname (core)#
Example
diagnosis
Table 70: diagnosis
Enters the Diagnosis configuration and status check mode.
See Also: collector [mode], server [mode]
Description
79Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 70: diagnosis (continued)
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
diagnosisSyntax
NoneParameters
“capture-start” on page 55;“copy” on page 30;“exit” on page 31; “gssreport” on page 32;“help” onpage 33; “histroy” onpage82; “set (servermode)” onpage42;“setupcheck” onpage 44; “show (diagnosis mode)” on page 47; “shutdown” on page 48
Sub-Commands
The following example enters diagnosis configuration and status check mode:
hostname # diagnosis
hostname (diagnosis)# ?
Example
exit
Table 71: exit
Ends the CLI session.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Server | DiagnosisMode(s)
exitSyntax
NoneParameters
The following example ends a command mode or CLI session.
JATP# (diagnosis) exitJATP#
Example
gssreport
Table 72: gssreport
Use the gssreport command to submit reports to Juniper Global Security Services (GSS), and todisplay the status of the current GSS report.
See Also:“gssreport” on page 32;“diagnosis” on page 31[mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
diagnosisMode(s)
gssreport status | submitSyntax
Copyright © 2019, Juniper Networks, Inc.80
CLI Command Reference Guide
Table 72: gssreport (continued)
status - displays the status of the current GSS report.
submit - submits a report to Juniper ATP Appliance GSS.
Parameters
NoneSub-Commands
The following examples display the status of a GSS report submission:
hostname # diagnosishostname (diagnosis)# gssreport submitSuccessfully started GSS report
hostname (diagnosis)# gssreport statusGSS is currently enabledLast 5-minute GSS report at 2015-07-28 10:34:24.414322:successfully submittedLast hourly GSS report at 2015-07-28 10:34:24.468259:successfully submittedLast daily GSS report at 2015-07-28 10:34:28.225512:successfully submitted
Example
help
Table 73: help
Displays information about the CLI help system.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Server | DiagnosisMode(s)
helpSyntax
NoneParameters
81Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 73: help (continued)
The following example shows some of the output of the help command.
CONTEXT SENSITIVE HELP[?] - Display context sensitive help. This is either a list of possible commandcompletions with summaries, or the full syntax of the current command. Asubsequent repeatof this key,whenacommandhasbeen resolved,will displaya detailed reference.
AUTO-COMPLETIONThe followingkeysbothperformauto-completion for thecurrent command line.If the command prefix is not unique then the bell will ring and a subsequentrepeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If there isa syntax error thenoffendingpart of the command linewill be highlightedandexplained.
[tab] - Auto-completes[space] -Auto-completes, or if thecommand isalready resolved insertsaspace.If “<cr>” is shown, that means that what you have entered so far is a completecommand, and youmay press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:JATP (server)# show f?firewall Show the firewall configuration settingsinterfaceJATP (server)# show firewall?all Show the current iptables settingswhitelist Show the iptables whitelist settingsshow firewall whitelist?<cr>show firewall whitelist
Example
histroy
Table 74: history
Displays the current CLI session command line history.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Server | DiagnosisMode(s)
historySyntax
NoneParameters
The following examples returns command line history for the current CLIsession.
JATP# (core) history
Example
ifrestart
Table 75: ifrestart
Restarts the interface driver and services using the interface.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.82
CLI Command Reference Guide
Table 75: ifrestart (continued)
ServerMode(s)
ifrestart eth0 | eth1Syntax
eth0 Restarts the management network administra interface.
eth1 Restarts the monitoring network interface.
Parameters
The following example restarts the eth0 interface for the managementnetwork.
<FireEye_name># ifrestart eth0
Example
ping
Table 76: ping
Sends ICMP (Internet Control Message Protocol) echo request packets to a specified host name or IP address to verify that thedestination is reachable over the network.
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
ServerMode(s)
ping [-c count] [-h hops] [string]Syntax
Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.-ccount
Number of next hops between pings (default is 1).-hhops
IP address, hostname or interface name used to ping device addressstring
Parameters
The following example sends three echo requests to the device with the IP Address 10.10.10.1
<FireEye_name># ping -c 3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314ms64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277ms64 bytes from v: icmp_req=3 ttl=64 time=0.274m
--- 10.10.10.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1999msrtt min/avg/max/mdev = 0.274/0.288/0.314/0.022ms
Example
reboot
Table 77: reboot
Reboots the Juniper ATP Appliance.Description
83Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 77: reboot (continued)
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
rebootSyntax
NoneParameters
The following example reboots the system.
hostname# reboot
Example
restart
Table 78: restart
Restarts Juniper ATP Appliance services.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
restart [all | behaviorengine | cm | collector | core | correlationengine | database |ntpserver | sshserver | staticengine | webserver]
Syntax
Restarts all Juniper ATP Appliance services.all
Restarts the Database.database
Restarts the NTP server.ntpserver
Restarts the SSH server.sshserver
Parameters
The following example restarts the Central manager service.
JATP# restart cm
Example
server
Table 79: server
Enters the server configuration mode.Description
All-in-One | Collector | Core/CM |MacMini Mac OS XProduct(s) CLI
BasicMode(s)
serverSyntax
Copyright © 2019, Juniper Networks, Inc.84
CLI Command Reference Guide
Table 79: server (continued)
“exit” on page 31; “help” on page 33; “histroy” on page 82; “ifrestart” on page 34; “ping” onpage 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)” on page 42; “show(server mode)” on page 68; “traceroute” on page 49; “updateimage” on page 50
Whitelist rules rely on normal service shutdown to be backed up.Powering off a VM directly willlose the whitelist state as rules cannot be saved in that case.
Sub-Commands
The following example enters server configuration mode:
hostname # serverhostname (server) # ?
Example
set (server mode)
Table 80: set
Configure the system settings.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Server, See Also: “set (diagnosis mode)” on page 40Mode(s)
set [autoupdate {on | off} | cli timeout secs | clock | cm address | support{enable | disable} localmode {enable | disable}| passphrase string | dns| firewall {all <backup | flush> | whitelist} | hostname string | ip interface{management | alternate-exhaust}| ntpserver | password | proxy {config| enabled | remove} | timezone string | uipassword]
Syntax
Parameters
(See table below)
85Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 80: set (continued)
Turn on or off automatic product updates.
set autoupdate content on
Set CLI timeout period in seconds (0 = no timeout).
Sets the current date and time.
Sets the IP address of the Central Manager and netmask using slash notation;ex: AAA.BBB.CCC.DD/X
Enables remote SSH login “support” account or localmode enable|/disable.
Sets the device key password; enter a string.
Sets DNS (or enables DHCP for DNS) for the management interface by defaultif interface is unspecified.
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletesor flushes the current iptables whitelist-specific settings for the firewall.
The “add” option adds an IP address to the iptables outbound whitelist.
# set firewall whitelist add 10.1.1.1
Sets the system’s host name.
Sets the IP address, netmask, or default gateway, or enables DHCP for themanagement or alternate-exhaust interface.
autoupdate {content | software} {on | off}
cli timeout secs
clock
cm address
setsupport {enable |disable} | {localmode}
passphrase string
dns
firewall {all <backup | flush> | whitelist<add | delete | flush>}
NOTE: Whitelist rules rely on normal serviceshutdown for backup.Powering off a VMdirectly loses the whitelist state as rulescannot be saved in that case.
hostname string
ip interface {management |alternateexhaust} <dhcp | address |netmask | gateway}
Sets the Network Time Protocol (NTP) server.ntpserver
Sets a new password for the CLI administrator.password
Config, enable/disable, or remove “all” proxy configs, or remove anHTTP-specific proxy server.
TIP: Config the proxy for “all” protocols first, and then change HTTP proxy asneeded.
proxy {config <all|http> | enable <on|off>| remove <all|http>}
Show the current timezone; example:
set timezone US/Pacific
TIP: set timezone <tab> shows options.
timezone {US/ Eastern | US/ Central | US/Mountain
Sets a new admin password for CM Web UI access.uipassword
The following example sets an ip address for the device management interfaceeth0.
JATP# set ip interface 10.1.1.1
Examples
Copyright © 2019, Juniper Networks, Inc.86
CLI Command Reference Guide
set (diagnosis mode)
Table 81: set
Sets the logging levels for Juniper ATP Appliance components from diagnosis mode.
See Also:“set (server mode)” on page 42
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
set loggingSyntax
Sets logging for all Juniper ATP Appliance components.all
Sets logging to the default parametersdefault
Sets logging at the debug level.debug
Sets logging at the info level.info
Sets logging at the warning level.warning
Sets logging at the error level.error
Sets logging at the critical level.critical
Parameters
The following example sets the default logging level for all Juniper ATP Appliancecomponents.
JATP# set logging all
Example
setupcheck
Table 82: setupcheck
Checks and reports on basic configuration settings and analysis pipeline setup.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
setupcheck {all | report | basic | analysis}Syntax
87Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 82: setupcheck (continued)
Checks both basic settings and analysis pipelin.all
Shows report of last setupcheck.report
Checks basic configuration settings.basic
Checks the analysis pipeline.analysis
Parameters
The following example checks all basic configuration settings as well as the analysispipeline:
JATP (diagnosis) # setupcheck all
Example
show (coremode)
Table 83: show
Displays the guest image(s) status.
See Also: “show(servermode)” onpage68; show(diagnosticmode)
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
CoreMode(s)
showSyntax
Displays guest image update and status information.images
Displays the name, hit count and the time of last hit of a userconfigured whitelist.
Note that when a whitelist rule is deleted, it will be removed fromthe list. Updates to existing rule are not affected by the presenceof the rule in the output, but hit count could increment. Further,more than one rule can be hit by a single incident.
whitelist
Displays the status of the alternate exhaust interface eth2.alternate-exhaustinterface
Parameters
The following example demonstrates the show images command usage:
JATP(core)# show images
The following example shows how to get the alternate-exhaust interface(eth2) status:
JATP(core)# show alternate-exhaust interface
Example
Copyright © 2019, Juniper Networks, Inc.88
CLI Command Reference Guide
show (diagnosis mode)
Sets the logging levels for Juniper ATP Appliance components from diagnosismode.
See Also:“show (server mode)” on page 68
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
showSyntax
Display connected device statistics for Traffic Collector, CoreCM, or MacMini Detection Engine Secondary “slave core.”
NOTE: Not available from the Mac Mini CLI.
device {collectorstatus | | corestatus |slavecorestatus}
Displays the session counts for network web or email protocols.
NOTE: Not available from the Mac Mini CLI.
protocol {web | email}
Displays the current number of file objects.
NOTE: Not available from the Mac Mini CLI.
objects
Displays the currently-configured logging level.
See Also: set (diagnosis mode) logging
logging
Displays only the tracebacks (if any) generated by Juniper ATP ApplianceOS process error logs. A traceback is a stack
of functions that were executing when an error condition was encountered.
log error traceback
Displays n [1-1000] lines of the contents of the common log file.log error last <integer: number of lines to display>
Parameters
The following example displays the connected Traffic Collector status.
osx-1(server)# show devicetypeDevice type: slave_core.
Example
show (server mode)
Table 84: show
Display configurations and status information.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
Server, See Also: “show (diagnosis mode)” on page 47Mode(s)
showSyntax
89Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 84: show (continued)
Parameters
(See the columns below)
Show the automatic update setting.autoupdate
Show the CLI setting.cli
Show the current date and time.clock
Show the Central Manager IP address.cm
Show the driver state for interfaces.controller
Show support status.support
Show the server or system description.description
Show the device key.devicekey
Show the device type.devicetype
Show the DNS servers settings.dns
Show the End User License Agreement.eula
Show the firewall configuration settings.firewall [all <| whitelist]
Show the system’s host name.hostname
(administrative) network interface eth0, or the monitoring interface (eth1), or thealternate-exhaust interface (eth2).
See Also: show controller
interface [management | monitoring |alternateexhaust]
Show the IP address of the management (administrative) interface eth0.ip
Show the server name.name
Show the Network Time Protocol (NTP) server settings.ntpserver
Show current proxy configuration.proxy
Show system statistics:
• cpuload shows the average CPU load in the system for running processes in thelast 1, 5 and 15 minute intervals.
• disk shows the disk space usage in the system.
• memory shows the system memory usage.
stats [cpuload | disk | memory]
Show the current timezone.timezone
Copyright © 2019, Juniper Networks, Inc.90
CLI Command Reference Guide
Table 84: show (continued)
Show the last manual upgrade-related information.upgrade
Show the system UUID (universally unique ID).uuid
Show how long the system has been running.uptime
Show Juniper ATP Appliance software and content security versions.version
The following example displays information about the MacOSX cpuload statistics:
MacOSX (server)# # show stats cpuload(0.06, 0.13, 0.13)
The following example requests details for the Collector’s monitoring interface (eth1):
MacOSX(server)# show interfacemonitoring
Example
shutdown
Table 85: shutdown
Shuts down the Juniper ATP Appliance server.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
shutdownSyntax
NoneParameters
The following example performs a shutdown of the current device.
JATP# shutdown
Example
traceroute
Table 86: traceroute
Displays the route packets trace to a host name or an IP address.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
ServerMode(s)
tracerouteSyntax
91Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 86: traceroute (continued)
Specifies the number of hops-h unsigned integer
Names the remote system to be traced.string
Parameters
The following example performs a traceroute of the named device.
MacOSX1# traceroute -h 2 MacMininOSX2-Engine
Example
updateimage
Table 87: updateimage
Update or correct the guest-image OS profile used by the detection andanalysis behavioral engine.
The updateimage command will update the guest images from a USB driveattached to the Juniper ATP Appliance.
Description
MacMini OS X Detection EngineProduct(s) CLI
CoreMode(s)
updateimageSyntax
Updates the guest-image on the Mac OSX Detection “Secondary core.”.built-inParameters
The following example performs a built-in profile update for the Coredetection engine.
MAC2(core)# updateimage built-inInstalling image SC-OSX-20131003.img...Previous version of SC-OSX-20131003.img exists. Checkingintegrity...Latest Image SC-OSX-20131003.img is already installedInstalling image SC-XP-20140617.img...Previous version of SC-XP-20140617.img exists. Checkingintegrity...Image SC-XP-20140617.img is already installedInstalling image SC-W7-20140521.img...Previous version of SC-W7-20140521.img exists. Checkingintegrity...Image SC-W7-20140521.img is already installed
Example
Copyright © 2019, Juniper Networks, Inc.92
CLI Command Reference Guide
upgrade
Table 88: upgrade
Upgrade a configured Juniper ATP Appliance Mac OSX Mac Mini device. If the Mac Mini has already been upgraded to Ubuntu14.04, this upgrade command will not be visible at the CLI because it will not be needed.
Please note that this command will only show up for existing customers that have Mac Mini devices configured as Juniper ATPAppliance Mac OSX detection engine Secondary Cores (running Ubuntu 13.10). For new customers running Juniper ATP ApplianceRelease 3.2.5, each Mac Mini device is shipped with the new Ubuntu 14.04 version already installed, so in this case, the upgradecommand will again not be available from the Juniper ATP Appliance Mac OSX Engine CLI.
Description
MacMini OS X Detection EngineProduct(s)CLI
CoreMode(s)
upgradeSyntax
Updates the guest-image on the Mac OSX Detection “secondary core.”.built-inParameters
The following example performs a built-in Mac OS X profile update for the Mac Mini-based Secondary core detection engine..
MAC2(core)# upgrade
Example
wizard
Table 89: wizard
Enters the Configuration Wizard. For Configuration Wizard commands and response, see“Configuration Wizard for the CoreCM Server” in the next section to follow commandprompts and recommended responses.
Description
All-in-One | Core/CM | Collector | MacMini Mac OS XProduct(s) CLI
BasicMode(s)
wizardParameters
NoneExample
The following command starts the configuration wizard.
hostname #wizard
ConfigurationWizard Command Prompt Responses
Customer Response from theMacMiniConfigurationWizard Prompts
93Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
We strongly discourage the use of DHCP addressing because itchanges dynamically. A static IP address is preferred.
Recommended: Respond with no:
a. Enter an IP address
b. Enter a netmask using the form 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IP address
e. If yes, enter the IP address of the secondary DNS server.
f. Enter yes if you want DNS lookups to use a specific domain.
g. Enter search domain(s) separated by spaces; for example:example.com lan.com dom2.com
Enter yes to restart with the new configuration settings applied.
Use DHCP to obtain the IP address and DNS server addressfor the administrative interface (Yes/No)?
NOTE: Only if your DHCP response is no,enter the followinginformation when prompted:
a. IP address (no CIDR format)
b. Netmask
c. Enter a gateway IP address for this management(administrative) interface:
d. Enter primary DNS server IP address.
e. Do you have a secondary DNS Server (Yes/ No).
f. Do you want to enter the search domains?
g. Enter the search domain (separate multiple searchdomains by space):
Restart the administrative interface (Yes/No)?
Type a hostname when prompted; do not include the domain;for example: juniperatp1
NOTE: Only alphanumeric characters and hyphens (in themiddle of the hostname) are allowed.
Enter a valid hostname.
Refer to “Configuring an Alternate Analysis Engine Interface” inthe Juniper ATP Appliance Operator’s Guide for moreinformation.
Enter yes to configure an alternate eth2 interface.
Enter the IP address for the eth2 interface.
Enter the eth2 netmask.
Enter the gateway IP address.
Enter the primary DNS server IP Address for thealternate-exhaust (eth2) interface.
Enter yes or no to confirm or deny an eth2 secondary DNS server.
Enter yes or no to indicate whether you want to enter searchdomain.
[OPTIONAL]
If the system detects a Secondary Core with an eth2 port,then the alternate CnC exhaust option is displayed:
Use alternate-exhaust for the analysis engine exhaust traffic(Yes/No)?
Enter IP address for the alternate-exhaust (eth2) interface:
Enter netmask for the alternate-exhaust (eth2) interface:(example: 255.255.0.0)
Enter gateway IP Address for the alternate-exhaust (eth2)interface: (example:10.6.0.1)
Enter primary DNS server IP Address for the alternate-exhaust(eth2) interface: (example: 8.8.8.8)
Do you have a secondary DNS server for the alternate-exhaust(eth2) interface?
Do you want to enter the search domains for thealternate-exhaust (eth2) interface?
NOTE: A complete network interface restart can take morethan 60 seconds
Enter yes to create a new SSL certificate for the Juniper ATPAppliance Server Web UI.
If you decline the self-signed certificate by entering no, beprepared to install a certificate authority (CA) certificate.
Regenerate the SSL self-signed certificate (Yes/ No)?
Copyright © 2019, Juniper Networks, Inc.94
CLI Command Reference Guide
Required:Enter the IP address of the Juniper ATP ApplianceServer Core/CM or All-in-One.
Enter a Juniper ATP Appliance Mac Mini or Core/CM DeviceName; this identifies the Mac OS X or Core Engine in the WebUI.
Enter a device Description
Enter the same PassPhrase used to authenticate the Core orMac Mini to the Central Manager.
Enter the following server attributes:
Central Manager (CM) IP Address:
Device Name: (must be unique)
Device Description
Device Key PassPhrase
NOTE: Remember this passphrase and use it for alldistributed devices!
See Also All-in-One CLI Commands on page 25•
Traffic Collector CLI Commands
This chapter describes the commands specific to the Juniper ATP Appliance Collector
CLI. The available commands are as follows:
• Basic Mode Commands on page 95
• Collector Mode Commands on page 95
• Diagnosis Mode Commands on page 96
• Server Mode Commands on page 96
• Traffic Collector CLI Commands on page 97
• traceroute on page 115
• Configuration Wizard Command Prompt Progressions on page 116
Basic Mode Commands
• collector on page 29
• diagnosis on page 31
• exit on page 31
• help on page 33
• history on page 33
• server on page 36
• wizard on page 50
Collector Mode Commands
• exit on page 31
• help on page 33
• history on page 33
• set honeypot (collector mode) on page 37
95Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
• set proxy (collector mode) on page 39
• set proxy (collector mode) on page 39
• set protocols (collector mode) on page 38
• set traffic-filter (collector mode) on page 38
• show (collector mode) on page 45
Diagnosis Mode Commands
• capture-start on page 55
• copy on page 30
• exit on page 31
• gssreport on page 32
• help on page 33
• history on page 33
• set (diagnosis mode) on page 40
• setupcheck on page 44
• show (diagnosis mode) on page 47
Server Mode Commands
• exit on page 31
• help on page 33
• history on page 33
• ifrestart on page 34
• ping on page 34
• reboot on page 35
• restart on page 35
• [Unresolved xref]
• set (server mode) on page 42
• set appliance-type (server mode) on page 41
• show (server mode) on page 68
• shutdown on page 48
• traceroute on page 49
Copyright © 2019, Juniper Networks, Inc.96
CLI Command Reference Guide
Traffic Collector CLI Commands
• capture-start on page 97
• collector on page 98
• copy on page 98
• diagnosis on page 99
• exit on page 99
• gssreport on page 100
• help on page 100
• history on page 101
• ifrestart on page 102
• ping on page 102
• reboot on page 103
• restart on page 103
• server on page 103
• set proxy (collector mode) on page 104
• set honeypot (collector mode) on page 105
• set (diagnosis mode) on page 106
• set protocols (collector mode) on page 106
• set (server mode) on page 107
• set appliance-type (server mode) on page 108
• set traffic-filter (collector mode) on page 109
• set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector
mode) on page 110
• setupcheck on page 110
• show (collector mode) on page 111
• show (diagnosis mode) on page 112
• show (server mode) on page 113
• shutdown on page 115
capture-start
Table 90: capture-start
Starts packet capture as a means for diagnosing and debugging network trafficand obtaining stats.
See Also: “diagnosis”onpage31 [mode]; “collector”onpage29 [mode]; “copy”on page 30
Description
All-in-One | CollectorProduct(s) CLI
DiagnosisMode(s)
97Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 90: capture-start (continued)
capture-startSyntax
<IP address> <interface_name>Parameters
NoneSub-Commands
The following example starts a packet capture process on interface eth1 for aTraffic Collector with IP address 8.8.8.8:
hostname # diagnosis
hostname (diagnosis)# capture-start 8.8.8.8 eth1
NOTE: Note: Address 8.8.8.8 need not be a Juniper ATP Appliance. It is just ahost that the capture filters on.
Example
collector
Table 91: collector
Enters the Collector configuration mode.
See Also: “server” on page 36 [mode]
Description
All-in-One | CollectorProduct(s) CLI
BasicMode(s)
collectorSyntax
NoneParameters
“exit” on page 31;“help” on page 33; “history” on page 33; “set proxy (collectormode)” on page 39; “show (collector mode)” on page 45
Sub-Commands
The following example enters collector configuration mode:
hostname # collectorhostname (collector)# ?
Example
copy
Table 92: copy
Uses Secure Copy (SCP) to scp to copy and transfer packet capture or traceback(crash) data to a remote location, providing the same authentication and levelof security as an SSH transfer.
The copy traceback command, upon Customer Support's request, copies thetraceback files out of the box to a remote location.
See Also: “diagnosis” on page 31 [mode]; “capture-start” on page 55
Description
All-in-One | Collector | Core-CM |Mac OSX EngineProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.98
CLI Command Reference Guide
Table 92: copy (continued)
DiagnosisMode(s)
copy capture <scp source_file_nameusername@destination_host:destination_folder> | traceback all <stringURI as user@hostname:path>
Syntax
copy capture <scp remote filename_location>copy traceback all <path string>copy traceback <tab> [tab displays all available crash filenames]
Parameters
NoneSub-Commands
The following example copies the file "captureEth1.txt" from the local host toa remote host:
hostname (diagnosis)# copy capture scp captureEth1.txt
[email protected]:/some/remote/directory
Example
diagnosis
Table 93: diagnosis
Enters the Diagnosis configuration and status check mode.
See Also: collector [mode], server [mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
BasicMode(s)
diagnosisSyntax
NoneParameters
“capture-start” on page 55; “copy” on page 30; “exit” on page 31; “gssreport” onpage 32; “help” on page 33; “history” on page 33; “set (server mode)” on page 42;“setupcheck” on page 44; “show (diagnosis mode)” on page 47; “show (servermode)” on page 68
Sub-Commands
The following example enters diagnosis configuration and status check mode:
hostname # diagnosis
hostname (diagnosis)# ?
Example
exit
Table 94: exit
Ends the CLI session.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
99Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 94: exit (continued)
Basic | Server | Collector | DiagnosisMode(s)
exitSyntax
NoneParameters
The following example ends a command mode or CLI session.
JATP# (diagnosis) exitJATP#
Example
gssreport
Table 95: gssreport
Use the gssreport command to submit reports to Juniper Global Security Services(GSS), and to display the status of the current GSS report.
See Also: “gssreport” on page 32; “diagnosis” on page 31[mode]
Description
All-in-One | Collector | Mac OS XDetection EngineProduct(s) CLI
diagnosisMode(s)
gssreport status | submitSyntax
status - displays the status of the current GSS report.
submit - submits a report to Juniper ATP Appliance GSS.
Parameters
NoneSub-Commands
The following examples display the status of a GSS report submission:
hostname # diagnosishostname (diagnosis)# gssreport submitSuccessfully started GSS report
hostname (diagnosis)# gssreport statusGSS is currently enabledLast 5-minute GSS report at 2015-07-28 10:34:24.414322:successfully submittedLast hourly GSS report at 2015-07-28 10:34:24.468259:successfully submittedLast daily GSS report at 2015-07-28 10:34:28.225512:successfully submitted
Example
help
Table 96: help
Displays information about the CLI help system.Description
Copyright © 2019, Juniper Networks, Inc.100
CLI Command Reference Guide
Table 96: help (continued)
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Server | Collector | DiagnosisMode(s)
helpSyntax
NoneParameters
The following example shows some of the output of the help command.
CONTEXT SENSITIVE HELP[?] - Display context sensitive help. This is either a list of possible commandcompletions with summaries, or the full syntax of the current command. Asubsequent repeat of this key, when a command has been resolved, willdisplay a detailed reference.
AUTO-COMPLETIONThe following keys both perform auto-completion for the current commandline. If the command prefix is not unique then the bell will ring and asubsequent repeat of the key will display possible completions.
[enter] - Auto-completes, syntax-checks then executes a command. If thereis a syntaxerror thenoffendingpart of the command linewill behighlightedand explained.
[tab] - Auto-completes[space] - Auto-completes, or if the command is already resolved inserts aspace.
If “<cr>” is shown, thatmeans thatwhat youhaveentered so far is a completecommand, and youmay press Enter (carriage return) to execute it.
Use ? to learn command parameters and option:JATP (server)# show f?firewall Show the firewall configuration settingsinterfaceJATP (server)# show firewall?all Show the current iptables settingswhitelist Show the iptables whitelist settingsshow firewall whitelist?<cr>show firewall whitelist
Example
history
Table 97: history
Displays the current CLI session command line history.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Basic | Server | Collector | DiagnosisMode(s)
historySyntax
NoneParameters
The following examples returns command line history for the current CLI session.
JATP# history
Example
101Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
ifrestart
Table 98: ifrestart
Restarts the interface driver and services using the interface.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
ifrestart eth0 | eth1Syntax
eth0 Restarts the management network administra interface.
eth1 Restarts the monitoring network interface.
Parameters
The following example restarts the eth0 interface for the management network.
<FireEye_name># ifrestart eth0
Example
ping
Table 99: ping
Sends ICMP (Internet Control Message Protocol) echo request packets to aspecified host name or IP address to verify that the destination is reachable overthe network.
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
ping [-c count] [-h hops] [string]Syntax
Number of echo requests to send. By default, pings ar continuously until you press Ctrl+C.-ccount
Number of next hops between pings (default is 1).-hhops
IP address, hostname or interface name used to ping device addressstring
Parameters
The following example sends three echo requests to the device with the IPAddress 10.10.10.1
<FireEye_name># ping -c 3 10.10.10.1
PING 10.10.10.1 (10.10.10.1) 56(84) bytes of data.64 bytes from 10.10.10.1: icmp_req=1 ttl=64 time=0.314ms64 bytes from 10.10.10.1: icmp_req=2 ttl=64 time=0.277ms64 bytes from v: icmp_req=3 ttl=64 time=0.274m
--- 10.10.10.1 ping statistics ---3 packets transmitted, 3 received, 0% packet loss, time 1999msrtt min/avg/max/mdev = 0.274/0.288/0.314/0.022ms
Example
Copyright © 2019, Juniper Networks, Inc.102
CLI Command Reference Guide
reboot
Table 100: reboot
Reboots the Juniper ATP Appliance.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
rebootSyntax
NoneParameters
The following example reboots the system.
hostname# reboot
Example
restart
Table 101: restart
Restarts Juniper ATP Appliance services.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
restart [all | behaviorengine | cm | collector | core | correlationengine | database| ntpserver | sshserver | staticengine | webserver]
Syntax
Restarts all Juniper ATP Appliance services.all
Restarts the Database.database
Restarts the NTP server.ntpserver
Restarts the SSH server.sshserver
Parameters
The following example restarts the Central manager service.
JATP# restart cm
Example
server
Table 102: server
Enters the server configuration mode.
See Also: “collector” on page 29
Description
All-in-One | Collector | Core/CM |MacMini Mac OS XProduct(s) CLI
103Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 102: server (continued)
BasicMode(s)
serverSyntax
“exit” on page 31; “help” on page 33; “history” on page 33; “ifrestart” on page 34;“ping” on page 34; “reboot” on page 35; [Unresolved xref]; “set (server mode)”on page 42; “show (server mode)” on page 68
Sub-Commands
The following example enters server configuration mode:
hostname # serverhostname (server) # ?
Example
set proxy (collector mode)
Table 103: set proxy
Sets an Inside or Outside data path proxy from collector mode.
Deploy Traffic Collectors in locations where the monitoring interface is (1) placed“outside” between the proxy and the egress network for customer environmentsin which the proxy supports XFF (X-Forwarded-For), or (2) [the more typicaldeployment scenario], the Collector is placed between the proxy and the internalnetwork using FQDN (if available) to identify the threat source for all types ofincidents (“inside” proxy). When configured, the Juniper ATP Appliance TrafficCollector will monitor all traffic and correctly identify source and destinationhosts for each link in the kill chain wherever the data allows for it.
Note that if the “X-Forwarded-For” header is provided in the HTTP request,detection will identify threat targets when deployed outside of the proxy(customers can choose to disable the XFF feature in the proxy setting, if desired).
See Also: “set (servermode)” on page 42; “set (diagnosismode)” on page 40
NOTE: The mitigation IP address of a CNC server is not be available for Insideproxy deployments. When a Juniper ATP Appliance is deployed behind a proxy,the Mitigation-> Firewall page in the Juniper ATP Appliance Central ManagerWeb UI (which typically displays the CNC server IP address to mitigate) will beempty. The destination IP address of any callback is made to the proxy server ipaddress, so it is not relevant to display the proxy server IP address on theMitigation->Firewall page.
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
set proxy inside {add <proxy IP address> <proxy port> | remove <proxy IPaddress> <proxy port>
set proxy outside {add <proxy IP address> | remove <proxy IP address>
Syntax
Copyright © 2019, Juniper Networks, Inc.104
CLI Command Reference Guide
Table 103: set proxy (continued)
Sets the inside proxy IP addressesinside
Sets the outside proxy IP addressesoutside
Adds a proxy configuration.add
Removes a proxy configuration.remove
Parameters
The following example sets an inside data path proxy:
JATP(collector)# set proxy inside 10.1.1.1 53
The following example sets an outside data path proxy:
JATP(collector)# set proxy inside 10.2.1.1
Example
set honeypot (collector mode)
Table 104: set honeypot
Enables and disables the SSH-Honeypot feature for a Traffic Collector.
A honeypot can be deployed within a customer network to detect network activitygenerated by malware attempting to infect or attack other machines in a localarea network. These attempted SSH logins can be used to supplement detectionof lateral spread.
There are two parameters that can be set for a honeypot:
• Enable/disable a honeypot
• Set a Static IP (IP, mask, and gateway) or DHCP of a publicly addressableinterface
See Also: show honeypot command in “show (collector mode)” on page 45
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
(collector)# set honeypot ssh-honeypot enable dhcp
(collector)#sethoneypotssh-honeypotenableaddress(IPaddress)netmask(subnet IP) gateway (IP address)
(collector):# set honeypot ssh-honeypot disable
Syntax
The following example enables the SMB parser for lateral detections:
(collector)# set honeypot ssh-honeypot enable address 1.2.3.4 netmask255.255.0.0 gateway 1.2.3.1
NOTE: The static IP configuration does not require configuring DNS. Honeypotsdo not require a DNS server at this time.
Example
105Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
set (diagnosis mode)
Table 105: set
Sets the logging levels for Juniper ATP Appliance components from diagnosismode.
See Also:“set (server mode)” on page 42 ; “set proxy (collector mode)” onpage 39
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
set loggingSyntax
Sets logging for all Juniper ATP Appliance components.all
Sets logging to the default parametersdefault
Sets logging at the debug level.debug
Sets logging at the info level.info
Sets logging at the warning level.warning
Sets logging at the error level.error
Sets logging at the critical level.critical
Parameters
The following example sets the default logging level for all Juniper ATP Appliancecomponents.
JATP# set logging all
Example
set protocols (collector mode)
Table 106: set protocols
Enables and disables the HTTP or SMB parser for a Traffic Collector.
See Also: show protocols command in “show (collector mode)” on page 45
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
(collector)# set protocols {http [on|off] | smb [on|off]}Syntax
The following example enables the SMB parser for lateral detections:
hostname (collector) set protocols smb on
Example
Copyright © 2019, Juniper Networks, Inc.106
CLI Command Reference Guide
set (server mode)
Table 107: set
Configure the system settings.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Server, See Also:“set(diagnosismode)”onpage40; “set proxy (collector mode)”on page 39
Mode(s)
set [autoupdate {on | off} | cli timeout secs | clock | cm address | support {on| off} | passphrase string | dns | firewall {all <backup | flush> | whitelist} |hostname string | ip {interface | dhcp | address | netmask | gateway} |ntpserver | password | proxy {config | enabled | remove} |timezone string| uipassword]
Syntax
Parameters
(See table below)
Turn on or off the automatic product update feature.
autoupdate {software| content} {on|off}
example: set autoupdate content on
autoupdate{software|content}{on|off}
Set CLI timeout period in seconds (0 indicates no timeout).cli timeout secs
Sets the current date and time.clock
Sets the IP address of the Central Manager and netmask using the slash notation;example: AAA.BBB.CCC.DD/x
cm address
Enables remote SSH login “support” account or localmode enable|/disable.set support {enable | disable} |{localmode}
Sets the device key password; enter a string.passphrase string
Sets the DNS servers (or enable DHCP for DNS) for the management interfaceeth0.
dns
Backs up or flushes (clears) all current iptables for a firewall, or adds, deletes orflushes the current iptables whitelist-specific settings for the firewall.
The “add” option adds an IP address to the iptables outbound whitelist.
# set firewall whitelist add 10.1.1.1
Whitelist rules rely on normal service shutdown to be backed up. Powering off aVM directly will lose the whitelist state as rules cannot be saved in that case
firewall {all <backup | flush> | whitelist<add | delete | flush>}
Sets the system’s host name.hostname string
Sets the IP address, netmask, or default gateway, or enables DHCP for themanagement interface eth0.
ip {interface | dhcp | address | netmask|gateway}
107Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 107: set (continued)
Sets the Network Time Protocol (NTP) server.ntpserver
Sets a new password for the CLI administrator.password
Config, enable/disable, or remove “all” proxy configs, or remove an HTTP-specificproxy server.
TIP: Config the proxy for “all” protocols first, and then change HTTP proxy asneeded.
proxy{config<all|http> |enable<on|off>| remove <all|http>}
Show the current timezone; example:
set timezone US/Pacific
TIP: set timezone <tab> shows options.
timezone {US/ Eastern | US/ Central |US/ Mountain
Sets a new admin password for CM Web UI access.uipassword
The following example sets an ip address for the device management interfaceeth0.
JATP# set ip interface 10.1.1.1
Examples
set appliance-type (server mode)
Table 108: set appliance-type
Change the appliance type at any time. For example, change from All-In-One toCore/CM. Note that if you change the appliance type after the initial installation,all data files related to the current type are lost and you must set up the applianceas you would a fresh box.
Description
All-in-One | Core CM | CollectorProduct(s) CLI
serverMode(s)
jatp:AIO#(server)# set appliance-type core-cmSyntax
Copyright © 2019, Juniper Networks, Inc.108
CLI Command Reference Guide
Table 108: set appliance-type (continued)
all-in-one
core-cm
email-collector
traffic-collector
Parameters
The following example changes the form factor of the appliance from all-in-one(the default) to core-cm:
jatp:AIO#(server)# set appliance-type core-cmThis will result in the deletion of all data and configurations not relevant to thenew form factor.
Proceed? (Yes/No)? Yes
Example
set traffic-filter (collector mode)
Table 109: set traffic-filter
Sets traffic filter rules to avoid analysis on a set of configured traffic, which cannotbe made retroactive; for example: any analysis skipped as a result of the filteringcannot be reversed. This command can be applied to an entire network/subnet/CIDR range.
See Also: “set (servermode)” on page 42;“show (diagnosis mode)” on page 47[show traffic-filter]
Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
set traffic-filter {add <rule_name> <domain> <sourceaddress><destination-address> <source-port> <destination-port> <protocol> |remove <rule_name>}
Syntac
109Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 109: set traffic-filter (continued)
Adds a traffic filter rule where:traffic-filter add
“RuleString” is the name of the rule<RuleString>
“DomainString” is the domain to filter out<Dom-ainString>
“source-address” is the source IPv4 address or network (CIDR)<sourc-eaddress>
“destination-address” is the destination IPv4 address or network (CIDR)<destination-address>
“source-port” is the source port number (0-65535)<source-port>
“destination-port” is the destination port number<destinationport>
(0-65535)“protocol” is the protocol type: either IP, TCP, UDP or HTTP<protocol>
Parameters
The following example add a traffic filter rule to the Traffic Collector.
JATP-collector02(collector)# set traffic-rule add CustomRule2headqrts.example.com 10.2.00/16 20.0.0.2 90 120 tcp
where destination-address is 20.0.0.2, destination-port is 120, protocol is tcp,source-address is 10.2.0.0/16 and source-port is 90 (in our example).
Example
set traffic-monitoring (for JATP700 and JATP400 Appliances) (collector mode)
Table 110: set traffic-monitoring
Sets the traffic monitoring interface on the JATP700 and JATP400.Description
All-in-One | CollectorProduct(s) CLI
collectorMode(s)
# set traffic-monitoring-ifc 1gb_ifc
Set the traffic monitoring interface to be the 1G interface.
# set traffic-monitoring-ifc 10gb_ifc
Set the traffic monitoring interface to be the 10G interface.
NOTE: After making an interface type change, the system must be rebooted forthe change to take effect.
Syntax
setupcheck
Table 111: setupcheck
Checks and reports on basic configuration settings and analysis pipeline setup.Description
All-in-One | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Copyright © 2019, Juniper Networks, Inc.110
CLI Command Reference Guide
Table 111: setupcheck (continued)
diagnosisMode(s)
setupcheck {all | report | basic | analysis}Syntax
Checks both basic settings and analysis pipelin.all
Shows report of last setupcheck.report
Checks basic configuration settings.basic
Checks the analysis pipeline.analysis
Parameters
The following example checks all basic configuration settings as well as theanalysis pipeline:
JATP (diagnosis) # setupcheck all
Example
show (collector mode)
Table 112: show
Displays the Traffic Collector current traffic filters and the current XFF status(enabled or disabled)
Description
All-in-One | CollectorProduct(s) CLI
CollectorMode(s)
traffic-filter | proxy | honeypotSubcommands
showSyntax
111Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 112: show (continued)
Shows all traffic filter rules.traffic-filter
Shows current HTTP or SMB protocol parser settings.protocols
Shows Traffic Collector proxy for inside or outsideconfigurations. See also show proxy:
“show (server mode)” on page 68
proxy {inside |outside}
Shows the current honeypot configuration.
show honeypot ssh-honeypot
honeypot
Parameters
The following example displays the current Collector proxy inside settings:
collector02(collector)# show proxy insideProxy IPs: 10.1.1.1
The following example displays the current traffic filter:
collector02 (collector)# show traffic-filterName: CustomRule2, Domain: headqtrs.example.com
The following example displays the current SMB protocol parser setting:
collector02 (collector)# show protocols
Example
show (diagnosis mode)
Table 113: show
Sets the logging levels for Juniper ATP Appliance components from diagnosismode.
See Also:“show(servermode)”onpage68; “show(collectormode)”onpage45
Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
diagnosisMode(s)
showSyntax
Copyright © 2019, Juniper Networks, Inc.112
CLI Command Reference Guide
Table 113: show (continued)
Display connected device statistics for Traffic Collector, CoreCM, or MacMini Detection Engine Secondary “slave core.”
NOTE: Not available from the Mac Mini CLI.
device {collectorstatus | | corestatus |slavecorestatus}
Displays the session counts for network web or email protocols.
NOTE: Not available from the Mac Mini CLI.
protocol {web | email}
Displays the current number of file objects.
NOTE: Not available from the Mac Mini CLI.
objects
Displays the currently-configured logging level.
See Also: “set (diagnosis mode)” on page 40 logging
logging
Displays only the tracebacks (if any) generated by Juniper ATP ApplianceOS process error logs. A traceback is a stack
of functions that were executing when an error condition was encountered.
NOTE: Not available from the Collector CLI.
log error traceback
Displays n [1-1000] lines of the contents of the common log file.
NOTE: Not available from the Collector CLI.
log error last <integer: number of lines to display>
NOTE: Example: show log error last 12
Parameters
The following example displays the connected Traffic Collector status.
JATP(diagnosis)# show device collectorstatus<cr>
JATP (diagnosis)# show device collectorstatusWEB_COLLECTOR
IP : 10.2.9.68Enabled : TrueLast Seen : 2014-07-25 15:13:17.967000-07:00Install Date : 2014-06-25 19:03:38-07:00
IP : 10.2.20.3Enabled : TrueLast Seen : 2014-07-28 11:07:42.046000-07:00Install Date : 2013-11-14 09:25:39-08:00
Example
show (server mode)
Table 114: show
Display configurations and status information.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s)CLI
113Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 114: show (continued)
Server, See Also: show (collector mode); “show (diagnosis mode)” on page 47Mode(s)
showSyntax
Parameters
(See the columns below)
Show the automatic update setting.autoupdate
Show the CLI timeout setting.cli timeout
Show the current date and time.clock
Show the Central Manager IP address.cm
Show the driver state for interfaces.controller
Show the remote SSH login support status.support
Show the server or system description.description
Show the device key.devicekey
Show the device type.devicetype
Show the DNS servers settings.dns
Show the End User License Agreement.eula
Show the firewall configuration settings.firewall [all <| whitelist]
Show the system’s host name.hostname
Show information about the management (administrative) network interface eth0and the monitoring interface eth1.
interface
Show the IP address of the management (administrative) interface eth0.
Results may show both private and public IP addresses if the AWS vCore has apublic IP.
ip
Show the server name.name
Show the Network Time Protocol (NTP) server settings.ntpserver
Show current proxy configuration.proxy
Show the system UUID (universally unique ID).uuid
Copyright © 2019, Juniper Networks, Inc.114
CLI Command Reference Guide
Table 114: show (continued)
Show system statistics:
• cpuload shows the average CPU load in the system
• disk shows the disk space usage in the system.
• memory shows the system memory usage.
# show stats cpuload(0.06, 0.13, 0.13)
stats [cpuload | disk | memory]
Show the current timezone.timezone
Show the last manual upgrade-related information.uptime
Show Juniper ATP Appliance software and content security versions.version
The following example displays information about the All-in-One server devicetype:
All-in-One(server)# show devicetypeDevice type: cm, core, web_collector.
Example
shutdown
Table 115: shutdown
Shuts down the Juniper ATP Appliance server.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
ServerMode(s)
shutdownSyntax
NoneParameters
The following example performs a shutdown of the current device.
JATP# shutdown
Example
traceroute
Table 116: traceroute
Displays the route packets trace to a host name or an IP address.Description
All-in-One | Collector | Core CM |MacMini OS X Detection EngineProduct(s) CLI
Server | CollectorMode(s)
tracerouteSyntax
115Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Table 116: traceroute (continued)
Specifies the number of hops-h unsigned integer
Names the remote system to be traced.string
Parameters
The following example performs a traceroute of the named device.
JATP# traceroute -h 2 8.8.8.8
Example
• wizard on page 116
wizard
Table 117: wizard
Enters the Configuration Wizard. For Configuration Wizard commands and response,see “Configuration Wizard for the CoreCM Server” in the next section to followcommand prompts and recommended responses.
Description
All-in-One | Core/CM | Collector | MacMini Mac OS XProduct(s) CLI
BasicMode(s)
wizardSyntax
NoneParameters
The following command starts the configuration wizard.
hostname #wizard
Example
ConfigurationWizard Command Prompt Progressions
Table 118: ConfigurationWizard
Customer Response fromCollectorConfigurationWizard Prompts
Copyright © 2019, Juniper Networks, Inc.116
CLI Command Reference Guide
Table 118: ConfigurationWizard (continued)
We strongly discourage the use of DHCP addressing because it changesdynamically. A static IP address is preferred.
Recommended: Respond with no:
a. Enter an IP address
b. Enter a netmask using the form 255.255.255.0.
c. Enter a gateway IP address.
d. Enter the DNS server IP address
e. If yes, enter the IP address of the secondary DNS server.
f. Enter yes if you want DNS lookups to use a specific domain.
g. Enter search domain(s) separated by spaces; for example: example.comlan.com dom2.com
Enter yes to restart with the new configuration settings applied.
Use DHCP to obtain the IP address andDNS server address for the administrativeinterface (Yes/No)?
NOTE: Only if your DHCP response is no,enter the following information whenprompted:
a. IP address (no CIDR format)
b. Netmask
c. Enter a gateway IP address for thismanagement (administrative)interface:
d. Enter primary DNS server IP address.
e. Do you have a secondary DNS Server(Yes/ No).
f. Do you want to enter the searchdomains?
g. Enter the search domain (separatemultiple search domains by space):
Restart the administrative interface(Yes/No)?
Type a hostname when prompted; do not include the domain; for example:juniperatp1
NOTE: Only alphanumeric characters and hyphens (in the middle of the hostname)are allowed.
Enter a valid hostname.
Not applicable to Collector.Regenerate the SSL self-signed certificate(Yes/ No)?
Required: Enter the IP address of the Juniper ATP Appliance Server All-in-One CMor CoreCM to which you are connecting [another] Collector in order to register withand view the Collector in the CM Web UI.
Enter the Juniper ATP Appliance Collector Device
Name; this identifies the Collector in the Web UI.
Enter a device Description
Enter the same PassPhrase used to authenticate the Collector to the CentralManager.
Enter the following server attributes:
Central Manager (CM) IP Address:
Device Name: (must be unique)
Device Description
Device Key PassPhrase
NOTE: Remember this passphrase anduse it for all distributed devices!
NOTE: Enter CTRL-C to exit the ConfigurationWizard at any time. If you exitwithout completing the
See Also All-in-One CLI Commands on page 25•
• Core/CM Server CLI Commands on page 52
117Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Glossary of Terms
An eth2 interface configured (optionally) to contain analysis engine CnC traffic off themanagement network (eth0).
Alternate Exhaust Interface
A Juniper ATP Appliance Advanced Threat Analytics (ATA) feature that allows for moredetailed endpoint and log ingestion handling, management and reporting; includes ActiveDirectory, Splunk and Direct Log Ingestion options.
Anti-SIEM
Amazon Web Services and EC2 management console from which Juniper ATP Applianceadministrators can configure vCore AMI images.
AWS
A list or register of entities to be denied a specified access or privilege. During detectionengine analysis, when content matches any pattern on the blacklist, the content is deemedmalicious and therefore an alert or block action is enacted immediately.
Blacklist
Juniper ATP Appliance’s Traffic inspection and object collection mechanismCollector
Command and control server that directs the operation of a botnet.CnC server
Command-line interface. The Juniper ATP Appliance has a CLI interface for administeringthe appliance.
CLI
The Juniper ATP Appliance Central Manager component that has a web-based graphicaluser interface.
CM
Currently unused address space.Darkspace
Dynamic Host Configuration Protocol.DHCP
Demilitarized zone. An area of the network where systems have direct access to the Internetor an external network.
DMZ
Domain Name Service.DNS
Indicates a type of security intrusion or attack.Event
Greylists provide control over the priority of workorders for known IP addresses and URLs.Greylists contain files that contain either URLs or IP addresses and are used by the JuniperATP Appliance analysis engines to check if the specified URLs or IP addresses contain amalicious rule match.
Greylist
Graphical user interface. The Juniper ATP Appliance uses a web-based GUI for managingthe appliance.
GUI
Events that are triggered when the appliance sees any of the common IRC bot commandsor detects any communication sent to known botnet servers.
Known botnet server bot command
East-west detection of malware within the enterprise spread from endpoint host to host.Lateral Detection
Malicious software used by attackers to disrupt, control, steal, cause data loss, spy upon,or gain unauthorized access to computer systems.
Malware
Copyright © 2019, Juniper Networks, Inc.118
CLI Command Reference Guide
Network Time Protocol.NTP
Events that indicate modification of the operating system.OS-anomaly
Open Shortest Path First. A protocol that computes an optimal path for traffic in a TCP/IPnetwork.
OSPF
A mode in which malware is permitted to run, but results of the malware action arerestricted to the virtual machine and not permitted to escape.
Sandbox mode
Simple Network Management Protocol.SNMP
A type of malware installed on computers that collects small pieces of information aboutuser(s) it is spying on.
spyware
Secure Sockets Layer.SSL
Transport Layer Security.TLS
Virtual Local Area Network.VLAN
Virtual Machine. A software program that runs an instance of an operating system. Theoperating system runs on top of a program that emulates a hardware system.
VM
A self-replicating malware program that uses a computer network to send copies of itselfto other computers. This may be done without any user intervention.
Worm
An attack by malware that exploits unknown or newly discovered vulnerabilities in softwarebefore they become known or before security patches are applied to fix them
Zero-day attack
RelatedDocumentation
• All-in-One CLI Commands on page 25
• Core/CM Server CLI Commands on page 52
• Mac OS X Engine CLI Commands on page 75
• Traffic Collector CLI Commands on page 95
119Copyright © 2019, Juniper Networks, Inc.
Chapter 1: CLI Command Reference Guide
Copyright © 2019, Juniper Networks, Inc.120
CLI Command Reference Guide