On This Page
Command Line Reference
The SecureTrack processes can be managed from the command line with these commands:
SecureTrack
st_add_user
Adds a SecureTrack Administrator; In a Multi-Domain environment, adds a Super Administrator. This command is useful if the Administrator's SecureTrack password has been forgotten.
The command initiates a series of prompts, for username, password, full name, and options for the new Administrator.
st info
If you encounter a problem that cannot be easily resolved, Tufin Support may ask you to send additional information. The "st info" command line collects SecureTrack logs and additional information, and places it in a file named st_info.tgz.
"st info" does not collect any part of the security policy (rules, objects, etc) or your organization's security configuration.
SecureTrack's web interface has an equivalent action.
st reconf [IP]
Notifies SecureTrack processes of an updated configuration.
To notify a specific connection, specify the device IP address as an additional parameter.
st restart [IP]
Stops and restarts all running connections to all devices.
To restart a specific connection, specify the device IP address as an additional parameter.
SecureTrack's web interface has an equivalent action.
st start [-s] [IP]
Starts the connections with all of the devices that are configured in SecureTrack.
To start a specific connection, specify the device IP address as an additional parameter.
Use the –s flag for stealth mode: does not provide feedback.
SecureTrack's web interface has an equivalent action.
st stat
Prints status information about the monitored devices, SecureTrack processes, and license and version information.
The command returns this information for each device:
- Management - Management server name or device name
- IP - IP address
- ID - SecureTrack ID# for the device
- Type - Device type
- PID - SecureTrack Process ID
- License - License status
- Status - Connection status
The command returns the status of these processes:
- Web server - the TOS web server
- Database - the TOS database
- Syslog processes - the SecureTrack processes that handle syslogs
- Job queue server - the server that handles TOS jobs such as reports
- Tufin Jobs service - the service that handles calculations for the dashboard browsers
- Tomcat server - the dynamic server that renders certain features in TOS
- DS connection - the service used for communication between servers in Distributed Architecture
For example:
|
|
|||||||||||
|
|
|
|
|
||||||||
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|||||
|
|
|
|
|
|
|
|
|||||
Web server: running
Database: running
Syslog ipc: running
Syslog server: running
Syslog bookkeeper: running
Syslog message handlers: running
Syslog traffic manager: running
Syslog revision manager: running
Job queue server: running
Tufin Jobs service: running
Tomcat server: running
DS Tunnel: stopped
29 days left on evaluation license issued for: user
SecureTrack version: XX-X build XXXXX
If Check Point Customer Log Modules (CLMs) are being monitored for Rule Usage reports, the process monitoring each CLM will be displayed as well, and its type will be listed as CLM.
You can also see some of this information in SecureTrack in Settings > Administration > Status.
st stop [IP]
Stops all running connections to the devices.
To stop a specific connection, add the device IP address.
SecureTrack's web interface has an equivalent action.
st version
Displays the product version and build number. This information is also displayed in "st stat".
tos conf
Displays status of Tufin Orchestration Suite products, and prompts to change these settings.
tos version
Displays TufinOS and TOS versions currently installed.
tos backup [--st] [--conf-only] [--stop-all] [--scw] <backup_file>
Creates a backup of Tufin Orchestration Suite's current configuration and databases for restore and disaster recovery purposes. The backup includes all files necessary to restore a TOS server, but does not include files that are part of the operating system, such as postgresql.conf.
--st - Makes a backup of the SecureTrack database and configuration only
--conf-only - Makes a partial backup that includes only SecureTrack configuration information. You must use --conf-only with --st only.
--stop-all - Stops all SecureTrack and SecureChange processes before performing the backup. Use this option only if you need to make sure that revisions from after the time the backup is run are not included in the backup.
When --stop-all is used, some traffic usage information may be lost.
--scw - Makes a backup the SecureChange and SecureApp database and configuration only
--sa - Include Suite Administration backup data
<backup_file> - the name of the backup file. The file is compressed in TGZ format.
By default, the backup operation is performed while SecureTrack monitoring processes are active. A database locking mechanism makes sure the database maintains integrity.
When the Tufin databases take up most of the hard drive's disk space, this command may fail if the backup is made to a local (non-NFS) file.
tos restore [--st] [--scw] <backup_file>
Restores from a backup file to an existing TOS installation.
--st - Restores the SecureTrack database and configuration
--scw - Restores the SecureChange and SecureApp database and configuration
-- sa - Restores the Suite Administration backup data
The restore completely replaces the existing configuration and database of the TOS products specified by --st, --scw, --sa or any combination of them.
The target restore server must have the same TOS version and the same amount of installed RAM as the source backup server.
