1. Home
    2. Cortex
    3. Cortex XDR
    4. Cortex XDR™ Pro Administrator’s Guide
    5. Broker VM
    6. Manage Your Broker VMs
    7. Open Remote Terminal

    Open Remote Terminal

    Perform commands remotely on your Cortex XDR Broker VM.
    Cortex XDR allows you to remotely connect to a broker VM directly from the Cortex XDR console.
    1. Navigate to
      Cortex XDR app
      gear.png
      Settings
      Broker
      VMs
       table.
    2. Locate the broker VM you want to connect to, right-click and select
      Open Remote Terminal
      .
      Cortex XDR opens a CLI window where you can perform the following commands:
      • Logs
        Broker VM logs located are located in
        /data/logs/ folder
         and contain the applet name in file name. For example, folder
        /data/logs/[applet name]
        , containing
        container_ctrl_[applet name].log
      • Ubuntu Commands
        Cortex XDR Broker VM supports all Ubuntu commands. For example,
        telnet 10.0.0.10 80 or ifconfig -a
        .
      • Sudo Commands
        Cortex XDR requires you use the following values when running commands:
        Applet Names
        • Agent Proxy—
          tms_proxy
        • Syslog Collector—
          anubis
        • WEC—
          wec
        • Network Mapper—
          network_mapper
        • Pathfinder—
          odysseus
        Services
        • Upgrade-—
          zenith_upgrade
        • Frontend service—
          webui
        • Sync with Cortex XDR—
          cloud_sync
        • Internal messaging service (RabbitMQ)-—
          rabbitmq-server
        • Uploads metrics to the Cortex XDR—
          metrics_uploader
        • Prometheus node exporter—
          node_exporter
        • Backend service—
          backend
        Command
        Description
        Example
        applets_restart
        Restarts one or more applets.
        >
        sudo applets_restart wec
        applets_start
        Start one or more applets.
        >sudo applets_start wec
        applets_status
        Check the status of one or more applets.
        > sudo applets_status wec
        applets_stop
        Stop one or more applets.
        > sudo applets_stop wec
        services_restart
        Restarts one or more services. OS services are not supported.
        > sudo services_restart cloud_sync
        services_start
        Start one or more services
        > sudo services_start cloud_sync
        services_status
        Check the status of one or more services.
        > sudo services_status cloud_sync
        services_stop
        Stop one or more services.
        > sudo services_restart cloud_sync
        set_ui_password.sh
        Changes password of the Broker VM Web UI.
        Run the command, enter the new password followed by Ctrl+D.
        > sudo set_ui_password.sh
        tcpdump
        Linux capture network traffic command.
        You must use
        -w
         flag in order to print output to file.
        > sudo tcpdump -i eth0 -w /tmp/packets.pcap
        kill
        Linux kill command.
        > sudo kill [some pid]
        route
        Modify your IP address routing.
        /sbin/route
        edit_routes
        Update static network routes.
        Can only run through a direct SSH connection.
        sudo edit_routes
        Broker VMs that were migrated from Pathfinder VM do not currently support this function.
        Executing this command will trigger an editor (VI), enter the parameters in a new line, save, exit, and restart the machine and broker VM.
        hostnamectl
        Check and update the machine hostname on a Linux operating system.
        sudo hostnamectl set-hostname <new_host_name>
        Restart machine after running command.

    Recommended For You

    Recommended Videos

    Recommended videos not found.

    © 2021 Palo Alto Networks, Inc. All rights reserved.

    Techdocs Logo