End-of-Life (EoL)
The find command helps you find a command when you don't know where to start looking in the hierarchy. The command—which is available in all CLI modes—has two forms. Used alone, find command displays the entire command hierarchy. Used with the keyword parameter, find command keyword displays all commands that contain the specified keyword.
You can also view a complete listing of all PAN-OS 7.1 CLI commands or view the CLI changes between the current and previous PAN-OS release.
View the Entire Command Hierarchy
Use find command without any parameters to display the entire command hierarchy in the current command mode. For example, running this command from operational mode on a VM-Series Palo Alto Networks device yields the following (partial result):
admin@7-1-VM> find command
target set <value>
target show
schedule uar-report user <value> user-group <value> skip-detailed-browsing <yes|no> title <value> period <value> start-time <value> end-time <value> vsys <value>
schedule botnet-report period <last-calendar-day|last-24-hrs> topn <1-500> query <value>
clear arp <value>|<all>
clear neighbor <value>|<all>
clear mac <value>|<all>
clear job id <0-4294967295>
clear query id <0-4294967295>
clear query all-by-session
clear report id <0-4294967295>
clear report all-by-session
clear report cache
clear log traffic
clear log threat
clear log config
clear log system
clear log alarm
clear log acc
clear log hipmatch
clear log userid
clear log iptag
clear wildfire counters
clear counter interface
clear counter global name <value>
clear counter global filter category <value> severity <value> aspect <value> pac
ket-filter <yes|no>
clear counter all
clear session id <1-4294967295>
clear session all filter nat <none|source|destination|both> ssl-decrypt <yes|no> type <flow|predict> state <initial|opening|active|discard|closing|closed> from <value> to <value> source <ip/netmask> destination <ip/netmask> source-user <value> destination-user <value> source-port <1-65535> destination-port <1-65535> protocol <1-255> application <value> rule <value> nat-rule <value> qos-rule <value> pbf-rule <value> dos-rule <value> hw-interface <value> min-kb <1-1048576> qos-node-id <0-5000>|<-2> qos-class <1-8> vsys-name <value>|<any>
clear application-signature statistics
clear nat-rule-cache rule <value>
clear statistics
clear high-availability control-link statistics
clear high-availability transitions
clear vpn ike-sa gateway <value>
clear vpn ipsec-sa tunnel <value>
clear vpn ike-preferred-version gateway <value>
clear vpn ike-hashurl
clear vpn flow tunnel-id <1-2147483648>
clear dhcp lease all expired-only
clear dhcp lease interface clear dhcp lease interface <name> ip <ip/netmask>
Find a Specific Command Using a Keyword Search
Use find command keyword to locate all commands that have a specified keyword.
admin@7-1-VM# find command keyword <keyword>
For example, suppose you want to configure certificate authentication and you want the Palo Alto Networks device to get the username from a field in the certificate, but you don’t know the command. In this case you might use find command keyword to search for commands that contain username in the command syntax.
admin@7-1-VM> configure
Entering configuration mode
admin@7-1-VM# find command keyword username
show shared certificate-profile <name> username-field
set deviceconfig system log-export-schedule <name> protocol ftp username <value>
set deviceconfig system log-export-schedule <name> protocol scp username <value>
set deviceconfig setting wildfire session-info-select exclude-username <yes|no>
set mgt-config password-complexity block-username-inclusion <yes|no>
set network interface ethernet <name> layer3 pppoe username <value>
set shared authentication-profile <name> username-modifier <value>|<validate>|<%USERINPUT%|%USERINPUT%@%USERDOMAIN%|%USERDOMAIN%\%USERINPUT%>
set shared certificate-profile <name> username-field
set shared certificate-profile <name> username-field subject <common-name>
set shared certificate-profile <name> username-field subject-alt <email|principal-name>
set vm-info-source <name> VMware-ESXi username <value>
set vm-info-source <name> VMware-vCenter username <value>
set user-id-collector setting ntlm-username <value>
set user-id-collector syslog-parse-profile <name> regex-identifier username-regex <value>
set user-id-collector syslog-parse-profile <name> field-identifier username-prefix <value>
set user-id-collector syslog-parse-profile <name> field-identifier username-delimiter <value>
From the resulting lists of commands, you can identify that the command you need is:
admin@7-1-VM# set shared certificate-profile <name> username-field
If you’re not sure exactly what to enter in the command line, you can then Get Help on Command Syntax.

Recommended For You