Subcommand |
Description |
certs |
Generates and deploys your certificates. You can use the following arguments with this subcommand:
-
--deploy : Deploys SSL certificates. For more information, see the Updating the SSL certificates section in the Additional configuration settings for FortiSOAR chapter in the "Deployment Guide."
-
--generate <host name> : Generates and deploys self-signed certificates. You can use the --no-replace-nginx-cert argument with this command, if you do not want to replace your nginx self-signed certificates.
|
db |
Performs operations related to database. You can use the following arguments with this subcommand:
-
--archival-externalize [ARCHIVAL_DB] : Externalizes your data archival database.
-
--backup [<backup_dir_path>] : Performs a backup of your FortiSOAR system, including backup of both data and configuration files in the directory you have specified. IMPORTANT: If you have externalized your PostgreSQL database, it is recommended to use the csadm db --backup-config [<backup_dir_path>] command for taking periodic backups of the configuration. Using the --backup argument is not recommended for an externalized PostgreSQL database. From version 6.4.3 onwards, you can optionally use the --exclude-workflow option to exclude all the "Executed Playbook Logs" from the backup. For more information, see the Backing up and Restoring FortiSOAR chapter.
-
--backup-config [<backup_dir_path>] : Performs a backup of only your configuration files in the directory you have specified.
-
--change-passwd : Changes the password of your PostgreSQL database. Once you run this command, you will be prompted to enter the password of your choice and confirm the password, which will then update your PostgreSQL database password to the new password.
-
--check-connection : Checks the database connection that is mentioned in the db_external_config.yml file.
-
--restore [<backup_file_path>] : Performs data restore from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz ). For more information, see the Backing up and Restoring FortiSOAR chapter.
-
-encrypt : Generates an encrypted version of the text that you have specified on the prompt. Use this command to generate an encrypted version of the password that you have set for your PostgreSQL database.
-
--externalize : Performs externalization of your FortiSOAR PostgreSQL data. You must provide the path in which you want to save your database backup file. For more information, see the Externalization of your FortiSOAR PostgreSQL database chapter.
--check-connection : Checks the connection between FortiSOAR and the external PostgreSQL database.
-
--getsize : Displays the size of the primary data and the audit and workflow logs in your database. This enables you to see the current usage and calculate usage over time based on your purging policy.
From version 7.0.0 onwards, you can also backup and restore the data of your external Secure Message Exchange (SME) system, by using the following arguments with the db subcommand:
-
--backup [<backup_dir_path>] : Performs a backup of your external SME system.
-
--restore [<backup_file_path> : Performs data restore for your external SME system from a locally stored file, whose path you have specified. The default location of the backup file is (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tgz ). For more information, see the Backing up and Restoring FortiSOAR chapter. Note: All other options of the db option are not applicable to the external SME.
|
ha |
Manages your FortiSOAR High Availability cluster. For more information about HA and its commands, see the High Availability support in FortiSOAR chapter. |
hostname |
Changes the name of the host and Fully Qualified Domain Name (FQDN) based on the parameters you have specified. You can use the following arguments with this subcommand:
-
--set [<hostname>] : If you specify a new hostname, then this changes your current hostname to the new hostname that you have specified, sets up the message broker, regenerates certificates, and restarts FortiSOAR services. If you do not specify a hostname, then this sets up the message broker, regenerates certificates using the existing hostname, and restarts FortiSOAR services. Note: Before you run this subcommand, you must ensure that the specified hostname is resolvable.
-
--dns-name <DNS_SERVER_IP> : Adds the DNS server entry to the /etc/resolv.conf file.
|
license |
Manages your FortiSOAR license. You can use the following arguments with this subcommand:
-
--get-device-uuid : Retrieves the Device UUID for your FortiSOAR instance.
-
--deploy-enterprise-license <License File Path> : Deploys your FortiSOAR enterprise license. For example, csadm license --deploy-enterprise-license temp/<Serial_No>.lic .
-
--deploy-multi-tenant-license <License File Path> : Deploys your FortiSOAR multitenant license.
--show-details : Displays details of the installed license, such as the type of license, Device UUID, expiry date of the license, etc.- Add the
[License File Path] parameter to this argument, for example, --show-details /home/<Serial_No>.lic , to view the contents of the license file. - Add the
--debug parameter to this argument for example, --show-details --debug , or after the [License File Path] parameter, for example, --show-details /home/<Serial_No>.lic --debug , to view the FDN response in addition to the license details. This provides more details about the license and helps in troubleshooting licensing issues.
|
user
|
Manages your FortiSOAR users. You can use the following options with this subcommand:
show-logged-in-users : Displays a list of currently logged in users whose access type is 'Concurrent'. The following arguments can be used with this option: --access-type {Named,Concurrent} : Access type, i.e., Named or Concurrent, of the users that you want to include in the list of currently logged in users. For example, if you specify csadm user show-logged-in-users --access-type Named , then the list of 'named' users currently logged into FortiSOAR will be displayed. By default, the access type is set as Concurrent.
--limit [1-30] : Last n users who have logged into FortiSOAR. Use this argument to limit the number of users that you want to display in the list of currently logged in users. For example, if you specify csadm user show-logged-in-users --limit 5 , then the list will display the last 5 logged in users. By default, the limit is set to 10. You can specify any value between 1 to 30.
logout-user --username USERNAME : Forcefully logs out a specific 'Concurrent' user from FortiSOAR; 'Named' users cannot be logged out. You must specify the username argument with this option, i.e., you must include the username of the user you want to log out of FortiSOAR. For example, to log out testuser1, specify csadm user logout-user --username testuser1
|
mq |
FortiSOAR message queue controller (RabbitMQ) functions. You can use the following options with this subcommand:
|
log |
Performs log collection and forwarding of syslogs. You can use the following option and arguments with this subcommand:
-
forward : Forwards FortiSOAR logs to your central log management server (syslog server) that supports a Rsyslog client. For the options that you can use with this subcommand see the CLI commands used for forwarding FortiSOAR logs section. You can also configure forwarding of FortiSOAR logs using the FortiSOAR UI, details of which are in the System Configuration chapter.
-
--collect [LOG_PATH] : Collects logs and bundles them up into a fortisoar-logs.tar.gz file. You must specify the path where the logs should be collected. If you do not specify a path, then the logs will be collected in the current working directory.
-
--password LOG_FILE_PASSWORD : Password-protects the log file, i.e., the password would be required to extract the log file contents. The collected logs are bundled into fortisoar-logs.tar.gz.gpg . Therefore, to collect logs and to password-protect the logs, use the following command:
csadm log --collect [LOG_PATH][--password LOG_FILE_PASSWORD]
|
secure-message-exchange |
Manages the default secure message exchange server available with a FortiSOAR node. A secure message exchange establishes a secure channel that is used to relay information to the agents or tenant nodes. Note: For a production setup, it is recommended that you add and configure a separate secure message exchange for handling scale and high availability. You can use the following options with this subcommand:
-
enable : Enables the secure message exchange on your FortiSOAR instance if you want to use localhost, i.e., the Default (Embedded) secure message exchange to connect to an external agent or in case of a dedicated tenant. You must specify the password , which is the admin password that is used for setting up a communication channel for every tenant or agent node that will connect to this FortiSOAR instance using this local secure message exchange. All the other parameters are optional and if they are not specified, then the default values are set. If you do specify the values for any parameter, then the default values are replaced by the user-specified values. The following arguments are used with this option:
-
--name : Name that you want to set for the secure message exchange. By default, this is set to Default (Embedded) .
-
--user : Admin username that will be used to login to the secure message exchange management console and perform tasks such as configuring tenants and agents on the secure message exchange. Default value is admin.
-
--password : Admin password that will be used to login to the secure message exchange management console.
-
--vhost : Virtual host for running admin commands on the secure message exchange. Default value is cyops-admin.
-
--api-port : RabbitMQ API port that should be enabled for configuring tenants and agents on the secure message exchange. Default value is 15671.
-
--tcp-port : RabbitMQ TCP port that should be enabled for data exchange with tenants and agents. Default value is 5671.
-
disable : Disables the secure message exchange that you had enabled on your FortiSOAR instance for using localhost to connect to an external agent.
-
show-config : Displays the configuration details of your secure message exchange, such as the name of the secure message exchange, username used to login to the secure message exchange, the TCP port and API port that is configured for your secure message exchange, etc.
|
source-control
|
Allows import or export of FortiSOAR configurations, such as, MMD and SVT updates along with playbooks and other required configuration changes between systems. This is required for Continuous Integration or Continuous delivery (CICD), which is a pipeline that automates of your software delivery process. The pipeline builds code, runs tests (CI), and safely deploys a new version of the application (CD). You can use the following options with this subcommand:
export-config : Exports configurations defined in the source_control.yaml file or a user-defined yaml file. The configuration file is a standard yaml file with sections such as, module, playbook, reports, etc. You can either choose to edit the source_control.yaml file or make a copy of this file, make changes in that file, and then provide the path of the updated file while using the and export-config command. You can either provide value as ‘all ’ to export all entities of a particular type or provide a specific entity to export. You can also exclude an entity from being exported by adding it to the ‘exclude ’ section The export-config command has two optional arguments, a configuration file describing what is to be exported (--config-file [CONFIG_FILE ]) and a directory path to save the exported configuration (--export-directory [EXPORT_DIRECTORY ]). For --config-file [CONFIG_FILE , you can specify the path of the yaml file from where you want to export the configurations. The default location for the configuration file, i.e., the source_control.yml file is /opt/cyops/scripts/csadm/commands/source_control.yaml . For --export-directory [EXPORT_DIRECTORY ], you can specify the path where you want to export the configuration data. By default, the configurations are exported to /tmp/source_control . Once the command completes exporting the configurations, you can copy or move the exported files to the destination system; however, you must preserve the directory structure.
import-config : Imports configurations from the yaml files that are located at the specified directory. The import-config command has one optional argument, (--import-directory [IMPORT_DIRECTORY ]) in which you can specify the directory from where you want to import the configuration data. By default, the configurations are imported from /tmp/source_control .
|
services |
FortiSOAR services controller (RabbitMQ) functions. You can use the following arguments with this subcommand:
-
--start : Starts all FortiSOAR services in their respective order.
-
--stop : Stops all FortiSOAR services in their respective order.
-
--restart : Restarts all FortiSOAR services in their respective order.
-
--status : Displays the status, i.e., Running or Not Running of all FortiSOAR services. From release 7.4.1 onwards, the --status argument includes information about how long the services have been active. Knowing the last active time of a service can assist with troubleshooting when a service is restarting repeatedly due to an issue.
|
network |
Manages network operations. You can use the following options with this subcommand:
ipv6 --enable : Enables the IPv6 protocol on your FortiSOAR system. The system will reboot as part of the execution.
set-https-proxy --host<proxy_hostname> --port<proxy_port> --user<proxy_username> --password<proxy_password> : Configures an https proxy server to serve all https requests from FortiSOAR. To configure an https proxy, you must specify the hostname and the port number of the HTTPS proxy server. You can also optionally specify the username and password used to access the HTTPS proxy server. Note: By default, the 'HTTP' protocol is used to communicate with the proxy server. User the --protocol argument, if you want to set the communication protocol to 'HTTPS'.
-
set-http-proxy --host<proxy_hostname> --port<proxy_port> --user<proxy_username> --password<proxy_password> : Configures an http proxy server to serve all http requests from FortiSOAR. To configure an http proxy, you must specify the hostname and the port number of the HTTP proxy server. You can also optionally specify the username and password used to access the HTTP proxy server.
-
list-proxy : Lists the proxies that are configured.
-
set-no-proxy --host<hostname> : Configures a comma-separated list of hostnames that do not require to be routed through a proxy server. Note: Review the existing no-proxy list using the list-proxy option. You can add or remove proxies from the existing list by specifying a complete comma-separated list of proxies that you want to configure using the set-no-proxy option. For example, if you have added hostname1 to the no-proxy list and you want to add hostname2 to the no-proxy list, then you must run the command as:
csadm network set-no-proxy --host "hostname1, hostname2"
-
remove-proxy : Removes all the configured proxies, i.e., remove-proxy will remove both the http and https proxies that have been configured.
|
system
|
Manages system settings. You can use the following options with this subcommand:
disk : Provides Disk management and helps you address disk space issues. You can use this subcommand to extend a logical volume to occupy space that is available in its own volume group or if a new disk is attached, then a single partition is created and the logical volume is expanded to occupy that partition based on the size (GB) you have specified. You can perform the following actions using this option:expand-lv : Expands the specified logical volume. The following arguments can be used with this action:--logical-volume : Specify the name of the logical volume that you want to expand. Running csadm system disk expand-lv --help automatically lists the logical volumes that are available for expansion in the help message. Note: You cannot expand 'swap' and 'root' logical volumes using the csadm system disk option.--disk : Name of the disk that you want to use to expand the logical volume. Running csadm system disk expand-lv --help automatically lists the disks that are attached to the system. Example of using the --disk argument: The command for expanding the pgsql logical volume to use 10GB of a newly attached disk named 'sdf':
# csadm system disk expand-lv --logical-volume relations --disk sdf --size 10
--use-vg : Specify a value for this argument if you want to extend a logical volume, by the size specified in GBs, to occupy available free space that is available in its own volume group. Example of using the --use-vg argument: The command for expanding the pgsql logical volume to consume 100% disk space of the volume group:
# csadm system disk expand-lv --logical-volume relations --use-vg Important: Note the following points with respect to running csadm system disk expand-lv :- You must use either the
--disk or the --use-vg argument with the expand-lv option. - For expansion to take place atleast 1GB free space must be available on the target entry (disk or logical volume). If there is less than 1GB of space available, then
csadm system disk expand-lv will exit after displaying an appropriate message. - The
--disk argument will not operate on a disk that has more than one partition. In this case csadm system disk expand-lv will exit after displaying an appropriate message such as "...This subcommand does not support the automation of handling of multiple partitions due to complications involved....Exiting now"
--size : Specify the size in gigabytes (GBs) that will be consumed from the specified disk or volume group that contains the logical volume that you want to expand. You must specify a positive integer for this argument. Note: If you do not specify the --size argument, then 100% of the space available on the specified disk or volume group will be used. Running this subcommand displays information of the steps that are being performed and also provides information of the sizes of the logical volume and the disk or volume group before and after the expansion. --validate : Validates the inputs passed for the csadm system disk expand-lv command and provides a summary of changes that will be made after running this command. This summary displays the current lvm size, the current free space on the disk, and the expected LVM size following the execution of the command. The user will see an error if the requested disk space for expansion is less than the free space that is available. An example of this command:
# csadm system disk expand-lv --validate --logical-volume home --use-vg Note: It is advised to use the --validate argument before executing the csadm system disk expand-lv command so that users know the details of the available space on the partition, the new expanded size of the disks, etc. Users will also be aware of any issues that could prevent them from expanding the partition.
fortimonitor : (Introduced in 7.2.0) Manages FortiSOAR integration with FortiMonitor, i.e., FortiMonitor can be used to monitor your FortiSOAR instance. For more information, see the FortiSOAR integration with FortiMonitor chapter. The following options can be used with this subcommand:agent : Manages the FortiMonitor agent. The following actions can be performed using this option:install : Installs the FortiMonitor agent on the FortiSOAR instance you want monitored. You must specify the following argument with this option:--customer-key CUSTOMER_KEY : Specify the customer key of your FortiMonitor account.
uninstall : Uninstalls the FortiMonitor agent from the monitored FortiSOAR instance.rebuild-metadata : Rebuilds the metadata for a FortiMonitor agent. If you have made any changes to FortiSOAR components to be monitored by FortiMonitor such as adding connector monitoring, then you can run rebuild-metadata to enable the changes to be reflected immediately.show-details : Displays the details such as the agent's uid, the customer and server key, version, etc. of the FortiMonitor agent.
|
package
|
Installs, updates, or removes connectors (RPM packages) from your FortiSOAR system. You must specify the following options with this subcommand:
|