ExtraHop Command-line Reference
You can manage many administrative tasks on your ExtraHop system through a command-line interface (CLI). You will typically manage your ExtraHop system with the CLI when you connect from the USB connection on the appliance with a keyboard and monitor or when you connect through the IDRAC interface.
This reference provides information about accessing the CLI and a list of all available ExtraHop commands and sub-commands.
Authorization and access
You can log in to the CLI from the ExtraHop Administration settings or through a secure shell (SSH) terminal application. While you can run basic commands when logged in as any user with unlimited privileges, you must have the password for the setup user account to run advanced commands.
Connect to the CLI through the ExtraHop Administration settings
- Log in to the Administration settings on your ExtraHop system with an account that has unlimited privileges.
Click Launch Shell in the top right corner.
A terminal window appears with a prompt that specifies the ExtraHop system hostname. You are automatically logged in and can begin typing commands at the prompt.
Note: You must type commands into the Web Shell interface. Copy and paste actions are not available.
Connect to the CLI through SSH
- Open a secure shell (SSH) terminal application.
Type a command similar to the following example, substituting
example-extrahop.com with the hostname or IP address
of your ExtraHop system.
$ ssh firstname.lastname@example.org
- When prompted, type the password for the shell user account and then press ENTER.
Commands are available in privileged and non-privileged mode. Any user with unlimited privileges can access non-privileged commands, however the setup user account password is required to access privileged commands.
- Non-privileged commands
- These four commands require that you log in with a user account that has unlimited privileges.
- Enables privileged commands. When this command is executed, you are prompted for the setup user account password.
- Sends a ping request to a specified device.
- Displays the ExtraHop system configuration settings in view-only mode.
- Sends a traceroute request to a specified device.
- Privileged commands
- The following commands require the setup user account password.
- Enables configuration mode.
- Allows delete operations.
- Disables privileged mode.
- Enables privileged mode.
- Sends a ping request.
- Allows reload services operations.
- Allows reset services operations.
- Allows restart services operations.
- Shows the current system configuration settings.
- Shuts down the ExtraHop system.
- Stops ExtraHop services.
- Enables (or disables) the ExtraHop Support account.
- Sends a traceroute request.
Puts the ExtraHop system into Configuration mode. After the configure command executes and the system is in Configuration mode, you can pass in any of the sub-commands listed below.
The following command sequence opens Configuration mode, enables the interface subcommands, sets a static IP address, DNS servers, and hostname for interface 2 on the ExtraHop system, and then exits Configuration mode:
extrahop#configure extrahop(config)#interface 2 extrahop(config-if)#ip ipaddr <ipaddr> <netmask> <gateway> extrahop(config-if)#ip dnsservers <ipaddr> <ipaddr 2> extrahop(config-if)#ip hostname <name> extrahop(config-if)#exit extrahop(config)#exit
The configure command supports the following sub-commands:
Specifies the primary and secondary DNS servers.
Puts the CLI in Interface mode and provides sub-commands to specify how the ExtraHop system acquires an IP address and the hostname.
extrahop#configure extrahop(config)#interface <interface-number> extrahop(config-if)#ip ipaddr <addr> <netmask> <gateway> Parameters
|Note:||You can specify the interface you want to configure by entering the interface number when running the interface command. If you do not specify an interface, the command will configure the primary management interface.|
The interface command includes the following sub-commands and parameters:
- ip dhcp
- Configures the ExtraHop system with the DHCP option.
- ip dnsserver
- Configures the system DHCP servers. This parameter requires the following values:
- primary addr
- Specifies the primary IP address of the DNS Server.
- secondary addr
- Specifies the secondary IP address of the DNS server. This parameter is optional.
- ip hostname
- Specifies the system hostname.
- Specifies the hostname for the ExtraHop system.
- ip ipaddr
- Specifies the hostname for the ExtraHop system.
- A static IP address.
- An address that specifies the subnet mask.
- The IP address of the computer that is used by devices on the network to access another network or a public network.
- ip6 dhcp
- Enables IPv6 and configures the ExtraHop system with the DHCPv6 option with
Note: If enabled, DHCPv6 will be used to configure DNS settings.
- ip6 disable
- Disables IPv6.
- ip6 ipaddr
- Enables IPv6 and sets a static IPv6 address. If specified without an IPv6 address, clears all previously configured static IPv6 addresses.
- ip6 ra_dns
- Enables the system to configure Recursive DNS Server (RDNSS) and DNS Search List (DNSSL) information according to router advertisements,
- ip6 slaac
- Enables IPv6 and configures Stateless Address Autoconfiguration for IPv6.
- Disables Stateless Address Autoconfiguration.
- Configures the system to automatically assign IPv6 addresses based on the MAC address of the sensor.
- Configures the system to automatically assign private IPv6 addresses that are not based on hardware addresses. This method is described in RFC 7217.
Provides sub-commands to enter the license string to update the ExtraHop license. The license key text is sent by ExtraHop Support, and it is pasted into the CLI at the Enter license text prompt.
Provides sub-commands to enable or disable remote authentication of users on the ExtraHop system. Note that the sub-commands ldap, radius, and tacacs put the CLI in the specific mode to accept parameters for the specified remote authentication method.
The remote_auth command includes the following sub-commands and parameters:
- Disables remote authentication.
- Specifies configuration parameters to enable the LDAP remote authentication method.
This command puts the CLI in ldap mode and requires the following
- Specifies the base of the LDAP search used to find users.
- Specifies the Distinguished Name (DN) used by the ExtraHop system to authenticate with the LDAP server.
- Specifies the listening port number of the LDAP server.
- Specifies the search filter used when searching the LDAP directory for user accounts.
- Specifies the hostname or IP address of the LDAP server (or servers).
- Displays the current LDAP settings.
- Specifies configuration parameters to enable the RADIUS remote authentication method.
This command puts the CLI in radius mode and requires requires the following parameter values:
- Deletes a specified RADIUS server host.
- Specifies the hostname or IP address of the RADIUS server (or servers), the shared secret password, and an optional timeout value.
- Displays the current RADIUS settings.
- Specifies configuration parameters to enable the TACACS remote authentication method.
This command puts the CLI in tacacs mode and requires requires the following parameter values:
- Deletes a specified TACACS server host.
- Specifies the hostname or IP address of the TACACS server (or servers), the shared secret password, and an optional timeout value.
- Displays the current TACACS settings.
Provides commands to update the running configuration settings and save changes made to the running configuration to disk. The update command generates a prompt in the CLI to provide the updated configuration text. For more information about modifying the running config code, see the Running Config section.
The running_config command includes the following sub-commands and parameters:
- Provides an interface to make changes to sections of the running configuration.
- Provides an interface to make changes to the entire running configuration. You are prompted to enter the running config text by the CLI.
- Saves the changes made to the running configuration to disk.
- Reverts to the saved running configuration.
Provides commands to enable or disable the Administration settings, enable or disable the SSH service that supports the CLI interface, and enable or disable SNMP services.
extrahop#configure extrahop(config)#services gui <enable/disable>
The services command includes the following sub-commands and parameters:
- Enables or disables the web service that supports the Administration settings. This command supports the parameter values enable to turn on the service and disable to turn off the service.
- Enables or disables the SNMP service that supports SNMP monitoring. This command supports the parameter values enable to turn on the service and disable to turn off the service.
- Enables or disables the SSH service that supports the command-line interface. This command supports the parameter values enable to turn on the service and disable to turn off the service.
Provides commands to work with core files.
extrahop#configure extrahop(config)#systemsettings corefiles lifetime <value>
The systemsettings command includes the following sub-commands and parameters:
- corefiles enable
- Enables the core files.
- corefiles disable
- Disables the core files.
- Sets the value for the core files lifetime.
- Specifies the lifetime value.
Puts the ExtraHop system into Delete mode. After the delete command executes and the system is in delete mode, you can pass in any of the sub-commands listed below to remove files from the system.
Removes the ExtraHop system from Enable mode. After the disable command executes and the system is disabled, you will need to execute the enable command to perform any operations that modify settings through the command-line interface.
(Console only) Puts the ExtraHop system into eca mode. After the eca command executes and the system is in eca mode, you can pass in any of the sub-commands listed below to manage connected sensors, recordstores, and packetstores.
Provides commands to add a sensor to a console.
After you run the eca addnode command, you are prompted to type the following parameters:
- Type the hostname of the sensor you are adding.
- setup password
- Type the password of the sensor setup user.
- product key (optional)
- Type the ExtraHop product key.
- Type a nickname to easily identify the new sensor.
- Type Y or n.
The reset option removes locally-managed user customizations (device groups, alerts, and triggers) from the sensor. Gathered metrics, such as captures and devices, remain available.
Provides commands to list the configuration details of the connected sensor.
extrahop[ECA]#eca details <nodeid>
|Tip:||Run the eca details command without the nodeid parameter to show the details of all connected sensors, recordstores, and packetstores.|
Puts the ExtraHop system in Privileged mode. After the enable command executes and the system is fully enabled, you can enter and execute other commands to perform operations through the command-line interface. At the start of a session, this command is usually the first command issued. If you are prompted to enter a username and password, type the following credentials:
- Type shell as the user name.
- Type the number displayed on the service tag
|Note:||The service tag is on a pullout tab located on the front of the ExtraHop appliance, below the video connector on the 610 and below the power button on the 710.|
Executes a command to ping a selected target to verify the ability to contact the specified host. Ping results specify the response packets received and the round-trip time.
Executes a reload operation for the specified ExtraHop system component. After the reload command is invoked, you can reload any of the supported components identified by their subcommands.
Executes a reset operation for the specified ExtraHop system component. After the reset command is invoked, you can reset the ExtraHop Datastore, which clears all current data from the Datastore.
Executes a restart operation for the specified ExtraHop system component. After the restart command is invoked, you can restart the ExtraHop component services identified by the following sub-commands.
Puts the CLI in View mode so that you can see the settings and parameter values associated with the ExtraHop system components. After the show command executes and the system is in View mode, you can look at the settings associated with every aspect of the ExtraHop system.
Displays information about a specific interface of the ExtraHop system.
extrahop#show interface <interface-number> <sub-command>
The interface command includes the following sub-commands:
- Shows whether DHCP is enabled or disabled on the interface.
- Shows the IP address and netmask for the ExtraHop system management port on the interface.
- Shows the MAC address for the interface.
Provides sub-commands to show IP address configuration settings for the ExtraHop system.
The ip command includes the following parameters:
- Shows ARP resolution for the device and any computers connected to the device.
- Shows information for every IP interface on the connected computer.
- Shows all active Internet connections for the device.
- Shows the IP, ICMP, ICMP msg, TCP, UDP, UDP lite, TCP Ext, and IP Ext traffic for the device.
Provides sub-commands to show the logs for the ExtraHop system.
Stops the specified ExtraHop system components. After the stop command is invoked, you can halt the operation of specific system component services without shutting down the entire ExtraHop system.
Provides commands to enable or disable the ExtraHop system support account. After the support command is invoked, you can enable or disable the support account.
Executes the traceroute command on the ExtraHop system to measure packet delays across the network.
Thank you for your feedback. Can we contact you to ask follow up questions?