Command line options for the Sisipsconfig Tool
Article ID: 151857
Updated On:
Products
Issue/Introduction
This document covers the command line options available to the sisipsconfig tool.
Environment
Critical System Protection (CSP)
Cloud Workload Protection - Compute (CWP)
Data Center Security Server (DCS)
Data Center Security Server Advanced (DCS:SA)
Symantec Endpoint Protection - Symantec Linux Agent (SEP Linux)
The agent config tool is located in the following directories on an agent computer:
Windows agents named sisipsconfig.exe
- Located (for SCSP) in: C:\Program Files\Symantec\Critical System Protection\agent\ips\bin
- Located (for SDCS) in: C:\Program Files (x86)\Symantec\Data Center Security Server\Agent\IPS\bin
UNIX agents named sisipsconfig.sh (You will need to su to sisips to run this tool on *nix su - sisips -c "./opt/Symantec/sdcss/IPS/sisipsconfig.sh)
- Located (for SCSP) in: opt/Symantec/scspagent/IPS
- Located (for SDCS) in: opt/Symantec/sdcssagent/IPS
Resolution
SEP Linux, CWP Linux and DCS:SA Linux agent cmdline tool options
|
sisipsconfig tool options |
Descriptions |
SEP Linux |
CWP Linux |
DCS:SA |
|
-view (-v) |
Prints the values configurable by this tool |
ü |
ü |
ü |
|
-utilport (-u) |
Sets the Utilities service port (1-65535) |
N/A |
ü |
ü |
|
-setpolicy (-s) |
Replaces the current policy with the applied policy |
N/A |
ü |
ü |
|
-resetpolicy (-r) |
Replaces the current policy with the default policy |
N/A |
ü |
ü |
|
-toggleipsstate (-i) |
This option is deprecated now. Please use -ipsstate on/off instead |
N/A |
ü |
ü |
|
-ipsstate on/off |
Enables or Disables state of the IPS Driver |
N/A |
ü |
ü |
|
-overridetimeout (-o) |
Timeout value (in seconds) for policy translation during policy override |
N/A |
N/A |
ü |
|
-trace |
Turns Trace to the desired value |
ü |
ü |
ü |
|
-rollagent (-a) |
Forces the Agent log file to rollover |
ü |
ü |
ü |
|
-rollcsv (-csv) |
Forces the CSV log file to rollover |
ü |
ü |
ü |
|
-retranslate (-n) |
Forces a policy retranslation |
N/A |
ü |
ü |
|
-export (-export) |
Prints out the config file |
ü |
ü |
ü |
|
-rtfim on/off |
Turn RealTime FIM on or off |
N/A |
ü |
ü |
|
-rtnfsc on/off |
Turn RealTime FIM NFS Client watch on or off |
N/A |
ü |
ü |
|
-kstat |
Driver Stats |
N/A |
ü |
ü |
|
-apstate on/off |
Enables or Disables state of AP Driver |
ü |
ü |
ü 2 |
|
-amd on/off |
Enables or Disables AP feature |
ü |
ü |
ü 2 |
|
-approfile 10/20 |
Enable AP profiling for 10 or 20 minutes |
ü |
ü |
ü |
|
-host (-h) |
Sets the target Management Server hostname. This could be a comma separated list of multiple servers |
N/A |
N/A |
ü |
|
-port (-p) |
Sets the target Management Server port (1-65535) |
N/A |
N/A |
ü |
|
-certfile (-c) |
Sets the path to the SSL client certificate file |
N/A |
N/A |
ü |
|
-failbackinterval |
Sets the failback interval for the agent to try to communicate with the Primary Management Server |
N/A |
N/A |
ü |
|
-test (-t) |
Tests the connection information with the Nth server in the Server List |
N/A |
N/A |
ü |
|
-forcereg |
Forces the Agent to re-register with the server |
N/A |
N/A |
ü |
|
-upgradeagentnow |
Upgrades agent and sdcss-kmod package(s) |
N/A |
N/A |
ü |
|
-agentautoupgrade |
Enables or Disables Agent Automatic Upgrade feature |
N/A |
N/A |
ü |
-2Note: - apstate and -amd are for DCS Linux Agents (Not DCS Windows Agents)
How to use the sisipsconfig tool on Linux/Unix systems
Type "sisipsconfig.sh -help <option>" for a detailed help page for each option.
(i.e. sisipsconfig -help -export)
Examples:
This example prints out the config file
sisipsconfig -export
This example rolls over the Agent and CSV log files:
sisipsconfig -a –csv
This DCS Windows example returns the Security Group
sisipsconfig -v | findstr "Security Group"
Feedback
