Basic Command Line Parameters and Editing
NwConsole is like a Swiss army knife; it contains many tools buried underneath its command line interface. NwConsole is multi-platform. Executables are available for Windows and Mac. NwConsole is included on all hosts.
Basic Command Line Parameters
Here are some basic command line parameters:
- -f To run a set of commands from a file, use the
-fattribute as shown here:NwConsole -f /tmp/<somefile.script> - -e You can use the -e attribute (which is similar to the -f attribute) to run a set of commands from a file and allow environment variable substitution within the file using $ENV_VAR syntax, as shown here:
NwConsole -e /tmp/<somefile.script>
Use \$ to escape a dollar sign and \\ to escape a backslash. -
-c To pass in a list of commands from the command line, use the
-cattribute as shown here:NwConsole -c <command1> -c <command2> -c <command3>This is not recommended except for very simple scripts. The Bash interpreter can jumble quoted strings if you do not escape properly. If you have non-obvious errors passing through the command line, switch to reading from a file to see if that fixes the issues.
-
-i Normally, the NwConsole exits after running commands passed by a file or command line. If you want to keep the interactive prompt open after the commands are executed, include
-iin the command line. -
-q To suppress command information messages and only see command output, use
-qfor Quiet mode. This makes it easy to pipe command output (stdout) to other commands.
You can also run NwConsole and type the commands in the console window.
When you use the -c option, you can use additional quotes and escape quotes to include embedded spaces for the where clause. For example:
where="\"tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'\""
The following example shows how to use the -c option for pcap extraction.
[root@nwadmin1 ~]# NwConsole -c login 127.0.0.1:56003:ssl <user> <passowrd> -c cd sdk -c packets
where="\"tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'\""
pathname="/var/netwitness/ny_sdwan_tcp_443_20200930.pcap"
RSA NetWitness NextGen Console 11.3.1.0
Copyright 2001-2020, RSA Security Inc. All Rights Reserved.
>login ...
Successfully logged in to 127.0.0.1:56003 as session 168886
>cd sdk
[127.0.0.1:56003] /sdk
>packets where="tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'"
pathname=/var/netwitness/ny_sdwan_tcp_443_20200930.pcap
Writing packets to /var/netwitness/ny_sdwan_tcp_443_20200930.pcap (100%)
Line Editing
You can use the keys in the following table when editing a command.
| Key | Descripton |
|---|---|
| Ctrl-U | Clears the current line |
| Ctrl-W | Deletes the word that the cursor is on |
| Ctrl-A | Moves the cursor to the beginning of the line |
| Ctrl-E | Moves the cursor to the end of the line |
|
Ctrl-F |
Moves the cursor forward to the next word |
| Ctrl-B | Moves the cursor backwards to the previous word |
| Up arrow | Displays the previously executed command |
| Down arrow | Displays the command executed after the current command (only valid if the up arrow has been pressed) |
| Left arrow | Moves the cursor to the previous character |
| Right arrow | Moves the cursor to the next character |
| Tab | Provides context sensitive completion of most commands and their parameters. The Tab key is very helpful for editing. For example, to view the Connecting to a Service help topic, at the command line, you can type man con and then press the Tab key. NwConsole completes the command for you: man Connecting to a ServicePress Enter to run the command and view the topic. |
history |
Displays a numbered list of previous commands |
history execute=# |
Executes a previous command, which is also equivalent to typing !# For example, !1 executes the previous command. |
history clear |
Clears all command history |
history erase=# |
Erases a specific command from the history buffer. History is automatically stored from one session to the next. |
