CLI: Basic Command Line Parameters and Editing

Document created by RSA Information Design and Development Employee on Sep 18, 2017Last modified by RSA Information Design and Development Employee on Sep 8, 2020
Version 8Show Document
  • View in full screen mode

NwConsole is like a Swiss army knife; it contains many tools buried underneath its command line interface. NwConsole is multi-platform. Executables are available for CentOS (which ships on appliances), Windows, and Mac. NwConsole is included on all hosts.

Basic Command Line Parameters

Here are some basic command line parameters:

  • -f To run a set of commands from a file, use the -f attribute as shown here:
    NwConsole -f /tmp/<somefile.script>
  • -e You can use the -e attribute (which is similar to the -f attribute) to run a set of commands from a file and allow environment variable substitution within the file using $ENV_VAR syntax, as shown here:
    NwConsole -e /tmp/<somefile.script>
    Use \$ to escape a dollar sign and \\ to escape a backslash.
  • -c To pass in a list of commands from the command line, use the -c attribute as shown here:

    NwConsole -c <command1> -c <command2> -c <command3>

    This is not recommended except for very simple scripts. The Bash interpreter can jumble quoted strings if you do not escape properly. If you have non-obvious errors passing through the command line, switch to reading from a file to see if that fixes the issues.

  • -i Normally, the NwConsole exits after running commands passed by a file or command line. If you want to keep the interactive prompt open after the commands are executed, include -i in the command line.

  • -q To suppress command information messages and only see command output, use -q for Quiet mode. This makes it easy to pipe command output (stdout) to other commands.

  • You can also run NwConsole and type the commands in the console window.

When you use the -c option, you can use additional quotes and escape quotes to include embedded spaces for the where clause. For example:
where="\"tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'\""

The following example shows how to use the -c option for pcap extraction.

[root@nwadmin1 ~]# NwConsole -c login <user> <passowrd> -c cd sdk -c packets
where="\"tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'\""
RSA NetWitness NextGen Console
Copyright 2001-2020, RSA Security Inc. All Rights Reserved.

>login ...
Successfully logged in to as session 168886
>cd sdk
[] /sdk
>packets where="tcp.dstport=443 && time='2020-09-07 17:25:00'-'2020-09-08 05:24:59'"
Writing packets to /var/netwitness/ny_sdwan_tcp_443_20200930.pcap (100%)

Line Editing

You can use the keys in the following table when editing a command.

Ctrl-U Clears the current line
Ctrl-WDeletes the word that the cursor is on
Ctrl-AMoves the cursor to the beginning of the line
Ctrl-EMoves the cursor to the end of the line


Moves the cursor forward to the next word
Ctrl-BMoves the cursor backwards to the previous word
Up arrowDisplays the previously executed command
Down arrowDisplays the command executed after the current command (only valid if the up arrow has been pressed)
Left arrowMoves the cursor to the previous character
Right arrowMoves the cursor to the next character
TabProvides context sensitive completion of most commands and their parameters. The Tab key is very helpful for editing.
For example, to view the Connecting to a Service help topic, at the command line, you can type man con and then press the Tab key. NwConsole completes the command for you: man Connecting to a Service
Press Enter to run the command and view the topic.
history Displays a numbered list of previous commands
history execute=# Executes a previous command, which is also equivalent to typing !#
For example, !1 executes the previous command.
history clear Clears all command history
history erase=# Erases a specific command from the history buffer. History is automatically stored from one session to the next.

You are here
Table of Contents > Basic Command Line Parameters and Editing