Common Command Line Operations
Tenable Nessus Network Monitor can be run from the command line to update plugins, perform configuration tasks, and analyze Pcap files to generate a report file for use with Tenable Security Center or other programs. Running the Tenable Nessus Network Monitor binary with the –h option displays a list of available options.
Note: You must stop Tenable Nessus Network Monitor before running command line operations.
Tenable Nessus Network Monitor Binary Locations
The Tenable Nessus Network Monitor binary for Linux can be found in the following location:
# /opt/nnm/bin/nnm
The Tenable Nessus Network Monitor binary for Windows can be found in the following location:
C:\Program Files\Tenable\NNM\nnm.exe
The Tenable Nessus Network Monitor binary for macOS can be found in the following location:
# /Library/NNM/bin/nnm
Tenable Nessus Network Monitor Command Line Options
Note: While you can configure many advanced settings via the command line using custom parameters, others use standard parameters. For example, while the ACAS Classification setting uses the custom --add parameter, the Login Banner setting does not require the --add parameter.
|
Option |
Purpose |
|---|---|
|
|
Type the Activation Code to activate Tenable Nessus Network Monitor in standalone mode to enable plugin updates and monitoring functions. If your Tenable Nessus Network Monitor system is managed by Tenable Security Center and is running in Standard mode, you can use the following command: If your Tenable Nessus Network Monitor system is managed by Tenable Security Center and is running in High Performance mode, you can use the following command: If your Tenable Nessus Network Monitor system is managed by Tenable Vulnerability Management and is running in Standard mode, you can use the following command: Before running the -a command for Tenable Nessus Network Monitor that is managed by Tenable Vulnerability Management, you should first configure the |
|
|
Add a custom configuration parameter for Tenable Nessus Network Monitor or an Tenable Nessus Network Monitor Proxy. The double quote characters are required, although single quotes may be used when special characters are required. |
|
|
The |
|
|
Lists the current Tenable Nessus Network Monitor and Tenable Nessus Network Monitor Proxy configuration parameters. Parameter values are listed to the left of the colon character and are case sensitive. The value of the parameter displays to the right of the colon character. |
|
|
Displays the defined parameter value. If a value is added at the end of the command, the parameter updates with the new setting. The double quote characters are required, although single quotes may be used when special characters are required. Note: While CLI changes to some parameters do not require restarting Tenable Nessus Network Monitor for the change to take effect, you must restart Tenable Nessus Network Monitor after changing the location of the realtime log file. |
|
-d debug mode |
Runs Tenable Nessus Network Monitor in debug mode for troubleshooting purposes. This option causes the system to use more resources and should be enabled only when directed by a Tenable Support Technician. |
|
-f packet_dump_file |
Replaces packet_dump_file with the path to the .pcap or .pcapng file you want Tenable Nessus Network Monitor to process. Note: Windows does not support the |
|
-h |
Displays the command line options help file. |
|
-k |
Displays the Tenable Nessus Network Monitor activation status. |
|
-L |
Displays a list of the license declarations. |
|
-l |
Displays a list of the plugin IDs that are loaded by Tenable Nessus Network Monitor. |
|
|
Displays the interfaces that Tenable Nessus Network Monitor can access for packet collection. Useful to display interfaces to 10Gb cards running in high performance mode. |
|
-m |
Shows various aspects of memory usage during the processing of the NNM command. |
|
-p packet_dump_file |
Dumps payload packet data in Hex and ASCII to the specified packet_dump_file. This command dumps internal data from packet and plugins processing. This can be useful for debugging plugin issues. |
|
Tenable Nessus Network Monitor --users --add |
Adds a new user to Tenable Nessus Network Monitor with the expected values of: ["username" "password" admin]: add new user. Expected values for “admin” flag are either: 1 - grant user administrative privileges, or 0 - don’t grant user administrative privileges. Adds a new user to Tenable Nessus Network Monitor. Optionally, you can add the following arguments:
Expected values for “admin” flag are:
|
|
Tenable Nessus Network Monitor --users --chpasswd |
Changes an Tenable Nessus Network Monitor user's password. |
|
Tenable Nessus Network Monitor --users --delete "user" |
Removes a user from Tenable Nessus Network Monitor, where "user" is the username to be deleted. |
|
--register-offline <license file> |
Registers Tenable Nessus Network Monitor in offline mode when you insert the license file obtained from Tenable®. |
|
--config 'Software Update Type' <0-3> |
Configures the type of software update that runs when Tenable Nessus Network Monitor updates.
|
|
--update-software <update package tarball> |
Runs a software update using the setting you configured for Software Update Type. Optionally, if you are running Tenable Nessus Network Monitor in offline mode and have a custom update package, append the update package tarball name. |
|
-v |
Shows the version information about the installed instance of Tenable Nessus Network Monitor. |