Open a Remote Terminal

Perform commands remotely on your Cortex XDR Broker VM.
Cortex
XDR
enables you to remotely connect to a broker VM directly from the
Cortex
XDR
console.
  1. In
    Cortex
    XDR
    , select
    Settings
    Configurations
    Data Broker
    Broker VMs
    table.
  2. Locate the broker VM you want to connect to, right-click and select
    Open Remote Terminal
    .
    Cortex
    XDR
    opens a CLI window where you can perform the following commands:
    • Logs
      Broker VM logs located are located in
      /data/logs/ folder
      and contain the applet name in file name. For example, folder
      /data/logs/[applet name]
      , containing
      container_ctrl_[applet name].log
    • Ubuntu Commands
      Cortex
      XDR
      Broker VM supports all Ubuntu commands. For example,
      telnet 10.0.0.10 80 or ifconfig -a
      .
    • Sudo Commands
      Broker VM supports the command listed in the following table. All the commands are located in the
      /home/admin/sbin
      folder.
      Cortex
      XDR
      requires you use the following values when running commands:
      Applet Names
      • Local Agent Settings—
        tms_proxy
      Services
      • Upgrade—
        zenith_upgrade
      • Frontend service—
        webui
      • Sync with
        Cortex
        XDR
        cloud_sync
      • Internal messaging service (RabbitMQ)—
        rabbitmq-server
      • Upload metrics to
        Cortex
        XDR
        metrics_uploader
      • Prometheus node exporter—
        node_exporter
      • Backend service—
        backend
      The following table displays the available commands in alphabetical order.
      Command
      Description
      Example
      applets_restart
      Restarts one or more applets.
      sudo ./applets_restart wec
      applets_start
      Start one or more applets.
      sudo ./applets_start wec
      applets_status
      Check the status of one or more applets.
      sudo ./applets_status wec
      applets_stop
      Stop one or more applets.
      sudo ./applets_stop wec
      hostnamectl
      Check and update the machine hostname on a Linux operating system.
      sudo ./hostnamectl set-hostname <new_host_name>
      Restart machine after running command.
      kill
      Linux kill command.
      sudo ./kill [some pid]
      restart_routes
      Invoke a restart of the routing service after updating your static network route configuration file,
      /etc/network/routes
      .
      The
      /etc/network/routes
      configuration file is a standard Ubuntu routes configuration file and can be edited directly. The admin user that you logged in with, when using the remote terminal or via SSH, has read/write permissions to this file.
      sudo ./restart_routes
      You can either
      restart_routes
      or reboot the broker VM machine for the changes in the
      /etc/network/routes
      file to take affect.
      route
      Modify your IP address routing.
      sudo ./route
      services_restart
      Restarts one or more services. OS services are not supported.
      sudo ./services_restart cloud_sync
      services_start
      Start one or more services
      sudo ./services_start cloud_sync
      services_status
      Check the status of one or more services.
      sudo ./services_status cloud_sync
      services_stop
      Stop one or more services.
      sudo ./services_restart cloud_sync
      set_ui_password.sh
      Change the password of the Broker VM Web UI.
      Run the command, enter the new password followed by Ctrl+D.
      sudo ./set_ui_password.sh
      squid_tail
      Display the Proxy applet Squid log file in real-time.
      sudo ./squid_tail
      tcpdump
      Linux capture network traffic command.
      You must use
      -w
      flag in order to print output to file.
      sudo ./tcpdump -i eth0 -w /tmp/packets.pcap

Recommended For You