Open Remote Terminal

In Cortex XDR, select

Settings ( )

Configurations

Broker VM

Broker VMs

table.

Locate the broker VM you want to connect to, right-click and select

Open Remote Terminal

.

Cortex XDR opens a CLI window where you can perform the following commands:

Logs

Broker VM logs located are located in

/data/logs/ folder

and contain the applet name in file name. For example, folder

/data/logs/[applet name]

, containing

container_ctrl_[applet name].log

Ubuntu Commands

Cortex XDR Broker VM supports all Ubuntu commands. For example,

telnet 10.0.0.10 80 or ifconfig -a

.

Sudo Commands

Broker VM supports the command listed in the following table. All the commands are located in the

/home/admin/sbin

folder.

Cortex XDR requires you use the following values when running commands:

Applet Names

Agent Proxy—
tms_proxy
Syslog Collector—
anubis
WEC—
wec
Network Mapper—
network_mapper
Pathfinder—
odysseus

Services

Upgrade—
zenith_upgrade
Frontend service—
webui
Sync with Cortex XDR—
cloud_sync
Internal messaging service (RabbitMQ)—
rabbitmq-server
Uploads metrics to the Cortex XDR—
metrics_uploader
Prometheus node exporter—
node_exporter
Backend service—
backend

The following table displays the available commands in alphabetical order.

Command	Description	Example
applets_restart	Restarts one or more applets.	> sudo applets_restart wec
applets_start	Start one or more applets.	>sudo applets_start wec
applets_status	Check the status of one or more applets.	> sudo applets_status wec
applets_stop	Stop one or more applets.	> sudo applets_stop wec
hostnamectl	Check and update the machine hostname on a Linux operating system.	> sudo hostnamectl set-hostname <new_host_name> Restart machine after running command.
kill	Linux kill command.	> sudo kill [some pid]
restart_routes	Invoke a restart of the routing service after updating your static network route configuration file, vi /etc/network/routes . Editing the file triggers an editor (VI). Enter the parameters in a new line, save, exit, and execute the restart_routes command to apply the updates.	> sudo restart_routes For restart_routes to take affect, restart the machine and broker VM.
route	Modify your IP address routing.	/sbin/route
services_restart	Restarts one or more services. OS services are not supported.	> sudo services_restart cloud_sync
services_start	Start one or more services	> sudo services_start cloud_sync
services_status	Check the status of one or more services.	> sudo services_status cloud_sync
services_stop	Stop one or more services.	> sudo services_restart cloud_sync
set_ui_password.sh	Changes password of the Broker VM Web UI. Run the command, enter the new password followed by Ctrl+D.	> sudo set_ui_password.sh
squid_tail	Display the Proxy applet Squid log file in real-time.	sudo squid_tail
tcpdump	Linux capture network traffic command. You must use -w flag in order to print output to file.	> sudo tcpdump -i eth0 -w /tmp/packets.pcap