Common Command Line Operations

-a <activation code>

Type the Activation Code to activate Tenable Network Monitor in standalone mode to enable plugin updates and monitoring functions.

If your Tenable Network Monitor system is managed by Tenable Security Center and is running in Standard mode, you can use the following command: -a SecurityCenter

If your Tenable Network Monitor system is managed by Tenable Security Center and is running in High Performance mode, you can use the following command: -a SecurityCenter <activation code>

If your Tenable Network Monitor system is managed by Tenable Vulnerability Management and is running in Standard mode, you can use the following command: -a Cloud

Before running the -a command for Tenable Network Monitor that is managed by Tenable Vulnerability Management, you should first configure the Cloud Host, Cloud Port, Cloud Key, and NNM Name parameters.

--config --add "custom_paramater name" "parameter value"

Add a custom configuration parameter for Tenable Network Monitor or an Tenable Network Monitor Proxy. The double quote characters are required, although single quotes may be used when special characters are required.

--config --delete "custom_parameter name"

The delete command may be used to remove custom configuration parameters.

--config --list

Lists the current Tenable Network Monitor and Tenable Network Monitor Proxy configuration parameters. Parameter values are listed to the left of the colon character and are case sensitive. The value of the parameter displays to the right of the colon character.

--config "parameter name" ["parameter value"]

Displays the defined parameter value. If a value is added at the end of the command, the parameter updates with the new setting. The double quote characters are required, although single quotes may be used when special characters are required.

Note: While CLI changes to some parameters do not require restarting Tenable Network Monitor for the change to take effect, you must restart Tenable Network Monitor after changing the location of the realtime log file.

--config “Send Telemetry Data” <0-1>

When enabled, Tenable Network Monitor periodically and securely sends non-confidential, anonymous product usage data to Tenable. Usage statistics include Tenable Network Monitor license and operational mode (discovery or detailed vulnerability analysis), Tenable Network Monitor version being used to verify that systems have been upgraded properly with the latest release, etc.

Tenable uses the data to see how Tenable Network Monitor is being used by customers to make it more useful and to verify that Tenable Network Monitor is being upgraded properly.

Disable this option at any time by setting it to 0.

-d debug mode

Runs Tenable Network Monitor in debug mode for troubleshooting purposes. This option causes the system to use more resources and should be enabled only when directed by a Tenable Support Technician.

-f packet_dump_file

Replaces packet_dump_file with the path to the .pcap or .pcapng file you want Tenable Network Monitor to process.

Note: Windows does not support the pcapng format.

-h

Displays the command line options help file.

-k

Displays the Tenable Network Monitor activation status.

-L

Displays a list of the license declarations.

-l

Displays a list of the plugin IDs that are loaded by Tenable Network Monitor.

--list-interfaces

Displays the interfaces that Tenable Network Monitor can access for packet collection. Useful to display interfaces to 10Gb cards running in high performance mode.

-m

Shows various aspects of memory usage during the processing of the NNM command.

-p packet_dump_file

Dumps payload packet data in Hex and ASCII to the specified packet_dump_file. This command dumps internal data from packet and plugins processing. This can be useful for debugging plugin issues.

Tenable Network Monitor --users --add

Adds a new user to Tenable Network Monitor with the expected values of: ["username" "password" admin]: add new user. Expected values for “admin” flag are either: 1 - grant user administrative privileges, or 0 - don’t grant user administrative privileges.

Adds a new user to Tenable Network Monitor. Optionally, you can add the following arguments:

NNM --users --add ["username" "password" admin]

Expected values for “admin” flag are:

• 1 - grant user administrative privileges

• 0 - don’t grant user administrative privileges

Tenable Network Monitor --users --chpasswd

Changes an Tenable Network Monitor user's password.

Tenable Network Monitor --users --delete "user"

Removes a user from Tenable Network Monitor, where "user" is the username to be deleted.

--register-offline <license file>

Registers Tenable Network Monitor in offline mode when you insert the license file obtained from Tenable®.

--config 'Software Update Type' <0-3>

Configures the type of software update that runs when Tenable Network Monitor updates.

• 0 - Disables all updates.

• 1 - Updates only plugins.

• 2 - Updates web server, HTML client, and plugins.

• 3 - Updates all components (web server, HTML client, plugins, and engine).

--update-software <update package tarball>

Runs a software update using the setting you configured for Software Update Type. Optionally, if you are running Tenable Network Monitor in offline mode and have a custom update package, append the update package tarball name.

-v

Shows the version information about the installed instance of Tenable Network Monitor.