Submit a ticketCall us

Announcing NCM 7.7
With NCM 7.7, you can examine the rules that make up an access control list for a Cisco ASA device. Then you can apply filters to display only rules that meet the specified criteria, order the rules by line number or by the hit count, and much more.
See new features and improvements.

Home > Success Center > Log & Event Manager (LEM) > SolarWinds LEM 6.3 User Guide > Using the CMC command line with LEM

Using the CMC command line with LEM

CMC commands are the only means to access LEM and nDepth appliances. Use CMC to upgrade and maintain the appliances.

You can use the CMC commands for such tasks as:

  • Upgrading the manager software
  • Deploying new connector infrastructure to the managers and agents
  • Rebooting or shutting down the network appliance
  • Configuring trusted reporting hosts
  • Configuring supplemental services on the manager appliance
  • Controlling your nDepth appliances
  • Manually applying connector updates

Below is an example of the CMC window.

File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0F0/050/cmc_management_console_menu_370x242.png

Special characters

The following table lists the special characters you can use in your CMC commands and passwords.

Character Example
Capital letters ABCDEFGHIJKLMNOPQRSTUVWXYZ
Lower-case letters abcdefghijklmnopqrstuvwxyz
Numerals 0123456789
Symbols _ ` ~ ! @ # $ % ^ & * ( ) - = + ' [ { ] } \ | ; : a " A , 1 < . > / ?
White spaces command1 command2 command3

Log on to CMC

  1. Connect to the LEM appliance using:

    • A keyboard and monitor. If you connect using this method, skip to step 7.
    • A Secure Shell (SSH) client (such as PuTTY) on port 32033 or 22. SSH is a remote administration connector.

      Beginning with version 6.3, you can use port 22.

    The following example shows the PuTTY Configuration window with the default manager settings.

    File:Success_Center/Reusable_content_-_InfoDev/LEMUserGuide_MT/0F0/050/PuttySettings_353x341.gif

  2. In the Host Name (or IP address) box, type the IP address of your manager, In this example, the IP address is 10.1.1.200.
  3. Select the SSH protocol.
  4. Enter 32022 or 22 in the Port box.
  5. Enter Manager into the Saved Sessions box, and then click Save.
  6. Click Open.

    To reopen this connection for future sessions, double-click Manager in the Saved Session box.

  7. Enter your CMC user name and password.

    The CMC menu displays with a cmc> prompt.

Using the CMC menu

The CMC provides an interface you can use to interact with the LEM appliance and perform routine administrative tasks without root access. The appliance, manager, service, and ndepth commands include additional command menus.

The commands are listed in order of appearance.

Command

Description

appliance Displays the appliance menu to run network and system commands on your appliance. You can activate the appliance, configure network parameters, and change the CMC password.
manager Displays the manager menu to run upgrade and debug commands on the LEM ??manager. You can install a LEM??hotfix, start and stop the Manager Service, and import a certificate used for console communication.
service Displays the service menu to run restrictions, SSH, and Snort commands. You can start and stop the SSH Service, copy Snort rules to a network share, and restrict access to the Reports console by IP or host name.
ndepth Displays the ndepth menu to run nDepth configuration and maintenance commands. You can set your log message archive and backup share settings, restart the Log Message search or storage service, and start and stop the Log Message search and storage services.

upgrade

Installs the LEM upgrade package used to upgrade your LEM ??appliance.
admin

Opens the Admin user interface in a text browser.

import Imports a keytab file into the Admin user interface to access Active Directory for Kerberos authentication and single sign-on.
help Displays the Help menu.
exit Exits the management console.

Activate your appliance

See the LEM Quick Start and Deployment Guide for details about activating your appliance.

Access the Admin user interface

For improved usability, open a supported web browser and connect to the Admin user interface on the LEM virtual appliance at http://<lem_manager_IP_address>:8443/mvc/login.

If the unsecure port 8080 was re-enabled or the activation was not completed (leaving port 8080 open), connect to the Admin user interface at http://<lem_manager_IP_address>:8080/mvc/login.

Using the CMC appliance menu

After you enter the appliance command, the cmc::acm# prompt displays. You can use any command listed in the following table.

The commands are listed in alphabetical order. Command descriptions with an asterisk (*) indicate the command requires an automatic restart of the manager service.

Command

Description

activate Activates appliance features after activating LEM.
checklogs Shows the contents of the virtual appliance's log files from sources such as syslog and SNMP.
clearsyslog Removes all rotated and compressed localN files.
cleantemp Removes temporary files created by the virtual appliance during normal operation. You may run this command to recover used disk space, or at the suggestion of SolarWinds Support.
dateconfig Sets/shows the virtual appliance's date and time.
dbdiskconfig * Configures the database retention.
diskusage Checks and provides a summary of disk usage for your virtual appliance and several of the internal components (such as the database or log files). This information is included when you send SolarWinds Support information using the support command.
diskusageconfig Sets the disk usage limit of your manager by the percentage of unavailable disk space or the amount of free disk space.
editbanner Edits the SSH login banner.
exit Exits the Appliance menu and returns to the main menu.
exportsyslog Exports the System Logs.
hostname Changes the virtual appliance's hostname.
import Imports the SIM or LEM backup to the LEM.
limitsyslog Interrogates and/or changes the number of rotated log files to be kept.

multimanagerconfig

Enables or disables the multimanager.

If you enable multimanager, some security scanners may generate security warnings about your appliance for crossdomain. If this feature is not required, keep it disabled.

setlogrotate Defines the syslog rotation frequency (hourly, daily
netconfig Configures network parameters for the appliance, such as the IP address, subnet mask and DNS server(s).
ntpconfig Configures the Network Time Protocol (NTP) service on the virtual appliance for synchronization with a time server.
password Changes the CMC user password.
ping Pings other IP addresses or host names from the virtual appliance to verify network connectivity.
reboot Reboots the virtual appliance.
resetsystemmac Resets the appliance MAC address.
shutdown Shuts down the virtual appliance.
top Displays and monitors CPU and memory usage, as well as per process information for the Manager Network Appliance.
tzconfig Configure the virtual appliance's time zone information.
viewnetconfig Displays the current network configuration parameters for the appliance such as the IP address, subnet mask and DNS server(s).
exit Return to the main menu.

Using the CMC manager menu

After typing the manager command, the cmc::cmm# prompt displays. You may then use any of the commands listed in the following table. The commands are listed in alphabetical order. Command descriptions with an asterisk (*) indicate the command requires an automatic restart of the Manager service.

Command Description

actortoolupgrade

* Upgrades the manager's Actor Tools from CD or floppy disk.

archiveconfig

Configures the manager appliance database archives to a remote file share on a daily, weekly, or monthly schedule.

backupconfig

Configures the manager appliance software and configuration backups to a remote file share on a daily, weekly, or monthly schedule.

cleanagentconfig

Reconfigures the agent on this manager to a new manager.

configurendepth Configures the virtual appliance to use an nDepth server
confselfsignedcert Configures the manager to use a self-signed certificate.
dbrestart Restart the database.

debug

Emails the manager debugging information to any given email address. The email message contains a collection of data that can be useful in diagnosing problems.

disabletls Disables TLS for the database connections.
enabletls Enables TLS for the database connections.

exit

Return to main menu.

exportcert

Exports the CA certificate for Console.

exportcertrequest

Exports a certificate request for signing by CA.

hotfix Installs a LEM??hotfix.

importcert

* Imports a certificate used for Console communication.

importl4ca * Imports a CA of the other node in an L4 configuration.
licenseupgrade * Upgrades your manager license.

logbackupconfig

Configures the Manager appliance remote log backups to a remote file share on a daily, weekly, or monthly schedule.

resetadmin

* Resets the admin password to "password". This command does not affect other users on the system and all settings are preserved.

restart

* Restarts the manager service. This will take the Manager offline for 13 minutes.

sensortoolupgrade

Upgrades the manager's Sensor Tools from a CD or floppy disk.

showlog

Allows you to page through the manager's log file.

showmanagermem

Displays the Manager's configured memory utilization settings.

start

Starts the Manager service. If the Manager is already started, then nothing will happen.

stop

* Stops the manager service. This makes the manager inactive until it is started again.

support

Sends debugging information via email to support@SolarWinds.com. This command prompts you for your name and email address. It then sends SolarWinds a collection of data that can be useful in diagnosing problems.

togglehttp * Enables or disables HTTP on port 80.

viewsysinfo

Displays appliance settings and information, useful for support and troubleshooting.

watchlog

Displays 20 lines of the current manager log file and monitors the log for further updates. Any new log entries appear as they are written to the log.

Using the CMC service menu

After typing the service command, the cmc::scm# prompt displays. You may then use any of the commands listed in the following table.

The commands are listed in alphabetical order. Command descriptions with an asterisk (*) indicate the command requires an automatic restart of the manager service.

Command Description

copysnortrules

Copy the existing Snort rules from the manager onto a floppy disk or network file share. This allows you to retrieve the Snort rules from the manager's hard drive and make any rule updates or modifications. This requires a formatted floppy disk or a network file share.

disableflow

Disables the flow Collection Service on the appliance (and in the SolarWinds Explorer).

enableflow

* Enables the flow Collection Service on the appliance (and in the SolarWinds Explorer).

exit

Returns to the main menu.

help

Displays a brief description of each command within the service menu.

loadsnortbackup

Loads Snort rules from factory default on the manager. This allows you to revert to the Snort rules original default settings in case of an error. This command overwrites any changes that were made to the main set of rules with the original rules that were installed with the SolarWinds system.

loadsnortrules

Loads Snort rules from a floppy disk or a network file share to the manager. This allows you to update the Snort rules on the manager. The floppy disk must be in the same format (i.e., the same names and directories) that the copysnortrules command uses to issue the original rules; otherwise, the rules will not be updated.

restartsnort

Restarts the Snort service.

restartssh

Restarts the SSH service. If the SSH service is running, this command stops and then restarts the service.

restrictconsole

Restricts access to the Console's graphical user interface to only certain IP addresses or hostnames. This command prompts you to provide the allowable IP addresses or hostnames. Once the restriction is in place, only the given IP addresses/hostnames are able to connect to the Console. Users are still required to log in with a password to fully access the Console.

restrictreports

Restricts access to reports to only certain IP addresses or hostnames. This command prompts you to provide the allowable IP addresses or hostnames. Once the restriction is in place, only the given IP addresses/hostnames are able to create and view reports.

restrictssh

Restrict the SSH service to only certain IP addresses. This command prompts you to provide the allowable IP addresses. Once the restriction is done, only the given IP address/user combinations will be able to connect to the manager using the SSH service.

snmp Configures the SNMP Services.

startssh

Starts the SSH service.

stopopsec

Terminates any connections from the manager appliance to Check Point Open Platform for Security (OPSEC) hosts.

stopssh

Stops the SSH service. If you issue this command, you can only access the manager with a keyboard and monitor until you issue a reboot command.

To restrict access to the SSH service (outside of the user name and password requirements), see the restrictssh command.

unrestrictconsole

Removes restrictions to the console graphical user interface. This command removes all restrictions and allows any valid system user to connect to the Console. The only protection at this point is the user name and password combination.

unrestrictreports

Removes restrictions on access to reports. This command removes all restrictions and allows anyone with the Reports Console, or any alternative database connection software, with the proper username and password, to create and view reports and browse the database.

unrestrictssh

Removes restrictions on access to the SSH service. Any connection attempts will still require a user name and password.

Using the CMC ndepth menu

If you have one or more nDepth appliances, CMC has an ind menu that lets you control these appliances. After typing the ind command, the cmc::ind# prompt displays. You may then use any of the commands listed in the following table.

The commands are listed in alphabetical order. Command descriptions with an asterisk (*) indicate the command requires an automatic restart of the manager service.

Command Description
exit Returns to the main menu.

logmarchiveconfig

Sets the Log Message archive share settings.

logmbackupconfig

Sets the Log Message backup share settings.

restart

* Restarts the Log Message search/storage service.

start

Starts the Log Message search/storage service.

stop

Stops the Log Message search/storage service.

Last modified
16:13, 20 Feb 2017

Tags

Classifications

Public