DLP Endpoint CLI Commands Parent topic

Note
Note
You must configure system configurations, such as network settings, through the DLP VA command line interface. You cannot configure system configurations using Linux commands. If you do, settings will not be saved in the configuration file and the agent will not be able to register with the server.
The following commands are available in DLP.

Command Line Interface Commands

CLI Command
Description
Notes
admin log config backup ftp [host] [user] [password] [path]
Configures FTP as a backup destination for the log file.
host: type FTP server IP address
user: type the user name. For a domain account, type '/' instead of '\' (such as trend/test)
password: if there is no password, type "none" (case sensitive)
path: type the relative path on the FTP server. DLP does not support the following special characters: ~`!* and white space
admin log config backup local
Configures local as a backup destination for the log file.
admin log config backup smb [host] [user] [password] [path]
Configures the Server Message Block (SMB) as a backup destination for the log file.
host: type smb/samba server IP address
user: type the user name. For a domain account, type '/' instead of '\' (such as trend/test)
password: if there is no password, type "none" (case sensitive)
path: type the relative path on the smb/samba server. DLP does not support the following special characters: ~`!* and white space
admin log config purge [days]
Sets the maximum number of days to save the backup incident logs after a purge. Valid values are 0 to 180. After exceeding the time limit, the logs are cleaned up.
This parameter must be an integer. If set to 0, all incident logs in the database are deleted.
admin log config purge [days]
Sets the maximum number of days to save the backup incident logs after a purge. Valid values are 0 to 180. After exceeding the time limit, the logs are cleaned up.
This parameter must be an integer. If set to 0, all incident logs in the database are deleted.
admin log config schedule [none/ day mon week]
Sets the schedule for automatically running the log purge.
admin log config show
Shows the log configuration parameters.
admin log delback [file name]
Deletes the backup log file.
You can use the CLI (log show backup) to check the backup files, which are located at /backup/violationlogs
admin log purge
Purges incident logs in the database.
DLP may take more time to purge log files depending on the number of log files to purge. The purge is not finished until the command prompt returns. You must wait until the purge is complete.
admin log restore [file name]
Restores the backup log and forensic data to the DLP server database.
You can use the CLI (log show backup) to check the backup files, which are located at /backup/violationlogs
admin db backup [db name] [destination] [option] …
db_backup.sh – backs up the database.
admin db checkconf [configuration file] [option] …
admin_checkconf.sh – performs an integrity check on the database.
admin db checksize [db file] [option] …
admin_checksize.sh – used to verify the amount of disk space allocated to the database.
admin db clean [db file] [option] …
Performs VACUUM (on the database.)
admin db reindex [db file] [option] …
admin_reindex.sh – re-indexes the database.
admin db restore [source] [db name] [option] …
db_restore.sh – restores the database from the backup file.
capture interface [interface value] [option 1] [option 2] [option 3] …
tcpdump – Captures network traffic passing through the interfaces on the system.
Suggested Options: Src IP Dst IP Protocol Interface Port Packet Count Output Location Leverages v3.1’s GUI to manage the dump files used by FTP to transport. Have a maximum hard limit to prevent dump files from taking over the disk.
config.properties
Specifies parameters for cleaning and backing up logs.
configure date
Specifies parameters for cleaning and backing up logs.
configure DLP network
Configures the IP and firewall settings.
configure dns
Configures the dns settings.
configure hostname
Configures the hostname or FQDN.
configure interface
Configures the interface.
configure password enable
Changes the enable user's password.
configure route
Adds, deletes, or sets a default route.
configure timezone
Allows you to change the time zone to the chosen region.
dg_import.sh [file name]
Imports Data Loss Prevention files that are over 200MB.
enable
Command to enable mode.
enable shell
Launches the Native OS shell.
exit
Exits the session.
ftp (support same OS format and syntax)
ftp – Helpful when you need to transfer files to a remote system via FTP.
help
Displays an overview of the CLI syntax.
history
Displays the current session's command line history.
Logout
Logs out of the current CLI session.
ping [ip address[] [fqdn]
ping – Helpful when checking if a remote machine is reachable or not. Also uses ICMP messages.
reboot
Reboots the server.
rescue
Rescue the system and software. Sets DLPback to the factory defaults.
resolve
Resolves an IP address on the network.
scp (support same OS format and syntax)
scp – Helpful when you need to transfer files to a remote system via Secure Copy.
setupEnv.sh
Sets up a proper shell environment.
show arp [ip address / hostname]
arp – obtains arp table values for troubleshooting.
show boot message
dmesg - displays the kernel debug messages.
show capture [file name]
Shows the directory where dump files are stored.
show connections
Displays network connections.
show conntrack
cat /proc/net/sockstat - displays the used socket information.
show conntrack expect
cat /proc/net/ip_conntrack_expect - displays the FW expect connection tables (root access required).
show database backup
Shows database backup files.
show date
Shows current date and time.
show disk partition [optional partition]
df – Displays the disk space usage of the different partitions on the system.
show disk space [optional directory or file name]
du – Estimates the disk space usage of each file recursively for the directories.
show file [option] …
lsof – List all the files open on the system.
Need to get the list of popular options used with this command.
show firewall filter
uses the iptables –t filter –L -v
show firewall nat
iptables - displays the firewall rules if any (needs root equivalence).
uses the iptables –t nat-L –v
show hostname
Displays the hostname.
show ip [options]
Displays the DNS or IP settings.
show log backup
Displays log files to be backed up on the local file system.
Normally, log files are located at /backup/violationlogs
show module
lsmod – displays the kernel modules loaded.
show process [optional name/ID with wildcard support]
ps – Lists the active processes running on the system. Helpful when checking which processes are running and their statuses.
show process library [active process name/id]
ltrace – Attaches to an active process and prints out the dynamic library calls it is using during its run time.
show process stack [active process name/id]
pstack – Attaches to an active process and prints out an execution stack trace.
Just use the ID instead of the process name.
show process top
top – Lists the top processes running on a system at any specific time.
show process trace [active process name/id]
strace – Attaches to an active process and prints out the system calls it’s using during its run time.
show resource [process name/id]
plimit – Sets or gets the resource limits of a running process.
show statistic [interval]
vmstat – Reports information about processes, memory paging blocks, I/O traps, and CPU activity.
show statistic block_io
show statistic cpu
show statistic ethernet [Ethernet interface] [all] [n] [a]
netstat – Shows network statistics of the system.
n – not to resolve IP address to hostnames.
a – displays all sockets: listening and nonlistening.
all – displays all Ethernet interfaces.
default – displays packet information.
show statistic IO [interval]
iostat – Reports the I/O performance of the system.
show statistic memory
show statistic paging
show statistic process
show statistic traps
show system
sysctl – displays the kernel parameters.
show timezone
Displays the current time zone.
show uptime
Displays how long the system has been running.
show version
Command to list the version of the appliance software – includes both the DLPserver version and the OS version.
shutdown
Shuts down the server.
stop process [process id] [core]
kill – Used force-kill a process. Helpful in situations where you want to force-generate a core file from a process.
If stop process is used without options - just kill the process using -9. If stop process is used with options [core] they will generate the core using -6. You must add the file management to allow Trend Micro to transfer the core file out.
tftp (support same OS format and syntax)
tftp – Helpful when you need to transfer files to a remote system via TFTP.
traceroute [ip address] [fqdn]
traceroute – tracks where the packet is dropped on the network using ICMP messages.