Cytool for Mac
Table of Contents
4.2 (EoS)
Expand all | Collapse all
Cytool for Mac
Cytool is a command-line interface that is integrated
into Traps that enables you to query and manage both basic and advanced
functions of Traps. Any changes that you make using Cytool are active
until Traps receives the next heartbeat communication from the ESM
Server.
On Mac endpoints, you can access Cytool as a super user using
a terminal. Cytool is located in the
/Library/Application
Support/PaloAltoNetworks/Traps/bin
directory on the endpoint.The following table displays the Cytool options available on
Mac endpoints.
Command Option | Description |
---|---|
-h --help |
|
enum | Enumerate protected processes. Usage: sudo
./cytool enum For example:
|
esm | Connect or disconnect from an ESM Server. Usage: sudo
./cytool connect http[s]://<hostname|IP address>:<port> Usage: sudo
./cytool disconnect Use http or https depending
on the communication settings of the ESM Server. For example:
|
startup | Enable, disable, or query the startup state
of Traps components. Usage: sudo ./cytool startup <action> <component> where:
For
example:
|
runtime | Stop or start product components. Usage: sudo
./cytool runtime <action> <component> where:
For
example:
|
persist | Traps stores policy and security event information
such as the list of trusted signers, local verdicts, and one-time
actions in local databases on the endpoint. To troubleshoot policy
issues and security events, you can use cytool persist operations
to import, export, and view information stored in the local database. Usage: sudo
./cytool persist <action> where <action>
To view
a list of all local databases, use the cytool persist list command.
|
log | Set log level for the desired process. Usage: sudo
./cytool log <log_level> <components> where:
For
example:
Then use the sudo ./cytool
log collect command to generate a support file archive
of all logs in a TGZ file. On Mac endpoints running OS X 10.10 and
OSX 10.11, Cytool outputs the logs to the /var/log/traps directory.
On Mac endpoints running macOS 10.12, you can view logs from the
Console application. |
wakeup | Wake up the endpoint from an
OS incompatibility state.
|
dump | Enable or disable dump generation
or restore policy settings.
|
checkin | Initiate check-in to the server. Usage: sudo
./cytool checkin To verify the checkin, view the
check-in time on the Traps console. |
opswat | Check Traps Agent status and version. Usage: sudo
./cytool opswat <parameter> where <parameter>
|