trisulctl_probe commands

The trisulctl_probe allow you to co-ordinate , manage, and run commands across all the nodes in the domain

General Commands

Command Description Example
help Displays help messgaes help
quit Exit trisulctl tool quit
set state set config of trisulctl tool set state timeout=1
show state show config of trisulctl tooll show state
log Show trisul probe log files log defaul@probe0 log=ns

Domain Commands

Command Description Example
connect domain Establish connection to domain_name connect domain domain0
start domain start the domain processes start domain
stop domain stop the domain processes stop domain
list nodes list all the nodes active in domain list nodes
node config show node config, allowed probes etc node config probe0
hello get a hello message from all nodes hello probe0
disconnect domain disconnect from the domain disconnect doamin
install probe install a new probe using the certificate file given by hub
install context install a new context inside the probe install context probe-id context-name
relocate context move context storage to different disk volume relocate context domain0 probe0 default
install domain install a new domain using the certficate file given by admin
create probe create new probe cert/key and request permission from hub admin

Context Commands

Command Description Example
info context show context status, leave context blank to show all contexts info context default
start context start specified context, you can also use context@node format start context default
start context default@probe0
stop context stop context or connected context stop context default
stop context default@probe0
create context Create a new context with name context create context context1
create context context1@probe0
delete context Delete the context delete context context1
delete context context1@probe0
reset context Just cleanout the data (keep the configuration) for specified context reset context default
reset context default @probe0
show config show context configuration, socket information show config default
set config set context config parameter set config default runmode=online_rxring
set config default@probe0 profile=profile_west
connect context connect to a particular context connect context default
disconnect context disconnects the connected context Disconnect context
connect node connect to a particular domain node (eg probe1) connnect node probe0
disconnect node disconnects the connected node disconnect node

App commands

importpcap import a pcap file or dir into specified context (or default) importpcap /tmp/sample.pcap context=offline
importpcap_ids same as importpcap but runs a 2nd pass over pcaps using snort/suricata importpcap_ids /tmp/sample.pcap context=offline
list lua list all the LUA scripts discovered in context and probe list lua context@probe
testbench run start the testbench in a debug mode, use this to test your LUA scripts testbench run /tmp/sample.pcap
testbench guid generate a GUID for use with your new LUA scripts testbench guid
createramfs create a ramfs filesystem for use with File Extraction createramfs probe0 default