Cytool for Mac
Cytool is a command-line interface that is integrated into Traps that enables you to query and manage both basic and advanced functions of Traps. Any changes that you make using Cytool are active until Traps receives the next heartbeat communication from the Traps management service.
On Mac endpoints, you can access Cytool as a super user using a terminal. Cytool is located in the
/Library/Application Support/PaloAltoNetworks/Traps/bindirectory on the endpoint.
The following table displays the Cytool options available on Mac endpoints.
Enumerate protected processes.
Enable, disable, or query the startup state of Traps components.
sudo ./cytool startup
Stop or start product components.
Traps stores policy and security event information such as the list of trusted signers, local verdicts, and one-time actions in local databases on the endpoint. To troubleshoot policy issues and security events, you can use cytool persist operations to import, export, and view information stored in the local database.
To view a list of all local databases, use the
cytool persist listcommand.
Set log level for the desired process.
sudo./cytool log <log_level> <components>
Then use the
sudo ./cytoollog collectcommand to generate a support file archive of all logs in a TGZ file. On Mac endpoints running OS X 10.10 and OSX 10.11, Cytool outputs the logs to the
/var/log/trapsdirectory. On Mac endpoints running macOS 10.12, you can view logs from the Console application.
Wake up the endpoint from an OS incompatibility state.
Enable or disable dump generation or restore policy settings.
Initiate check-in to the server.
To verify the checkin, view the check-in time on the Traps console.
Check Traps Agent status and version.
sudo./cytool opswat <parameter>
Recommended For You
Recommended videos not found.