Overview

An administrator can use FortiSOAR™ Admin CLI (csadm) to perform various functions such as backing up and restoring data and run various FortiSOAR™ commands such as starting and stopping services and collecting logs.

Prerequisites

To run csadm you must login as root or have sudo permissions.

FortiSOAR™ Admin CLI - Usage

Once you type # csadm on the command prompt, the usage and subcommands of the FortiSOAR™ Admin CLI are displayed as shown in the following image:

FortiSOAR™ Admin CLI command prompt

To perform a particular task in FortiSOAR™ using csadm, you must type # csadm and then its subcommand and the subcommand’s arguments (if any). For example, to change a hostname use the following command: # csadm hostname --set [<hostname to be set>]

You can get help for a particular subcommand by running following command:
# csadm <subcommand>
OR
# csadm <subcommand> --help

csadm supports the following subcommands:

Subcommand Description
certs Generates and deploys your certificates. You can use the following options with this subcommand:
--deploy: Deploys SSL certificates. For more information, see the Replacing FortiSOAR self-signed certificates with your own signed certificates section in the Additional configuration settings for FortiSOAR™ chapter in the "Deployment Guide."
--generate <host name>: Generates and deploys self-signed certificates. You can use the --no-replace-nginx-cert option with this command, if you do not want to replace your nginx self-signed certificates.
db Performs operations related to database.
You can use the following options with this subcommand:
--change-passwd: Changes the password of your PostgreSQL database.
Once you run this command, you will be prompted to enter the password of your choice and confirm the password, which will then update your PostgreSQL database password to the new password.
--backup: Performs an encrypted backup of your FortiSOAR™ system. For more information, see the Backing up and Restoring FortiSOAR™ chapter.
--restore: Performs data restore from a locally stored file (/home/csadmin/db_backup/DR_BACKUP_<yyyymmdd_hhmmss>.tar). For more information, see the Backing up and Restoring FortiSOAR™ chapter.
--encrypt: Generates an encrypted version of the text that you have specified on the prompt. Use this command to generate an encrypted version of the password that you have set for your PostgreSQL database.
--externalize: Performs externalization of your FortiSOAR™ PostgreSQL data. You must provide the path in which you want to save your database backup file. For more information, see the Externalization of your FortiSOAR™ PostgreSQL database chapter.
--check-connection: Checks the connection between FortiSOAR™ and the external PostgreSQL database.
ha Manages your FortiSOAR™ High Availability cluster. For more information about HA and its commands, see the High Availability support in FortiSOAR™ chapter.
hostname Changes the name of the host and Fully Qualified Domain Name (FQDN) based on the parameters you have specified. You can use the following options with this subcommand:
--set [<hostname>]: If you specify a new hostname, then this changes your current hostname to the new hostname that you have specified, sets up the message broker, regenerates certificates but does not replace nginx certificate, and restarts FortiSOAR™ services.
If you do not specify a hostname, then this sets up the message broker, regenerates certificates using the existing hostname but does not replace nginx certificate, and restarts FortiSOAR™ services.
Note: Before you run this command, you must ensure that the specified hostname is resolvable.
--dns-name [<FQDN>]: Changes the FQDN.
Note: Before you run this command, you must ensure that the specified hostname is resolvable.
license Manages your FortiSOAR™ license. You can use the following options with this subcommand:
--get-hkey : Retrieves the hardware key for your FortiSOAR™ instance.
--deploy-enterprise-license <License File Path>: Deploys your FortiSOAR™ enterprise license. For example, csadm license --deploy-enterprise-license temp/12344.lic.
--deploy-multi-tenant-license <License File Path>: Deploys your FortiSOAR™ multitenancy license.
log Performs log collection. You can use the following options with this subcommand:
--collect: Collects logs and bundles them up into a cyops-logs.tar.gz.gpg file. You must specify the path where the logs should be collected. By default, the logs are collected in the /tmp/ folder.
mq FortiSOAR™ message queue controller (RabbitMQ) functions.
--flush-db: Deletes and recreates the rabbitmq database.
services FortiSOAR services controller (RabbitMQ) functions. You can use the following options with this subcommand:
--start: Starts all FortiSOAR™ services in their respective order.
--stop: Stops all FortiSOAR™ services in their respective order.
--restart: Restarts all FortiSOAR™ services in their respective order.
--status: Displays the status, i.e., Running or Not Running of all FortiSOAR™ services.
network Manages network operations. You can use the following options with this subcommand:
ipv6 --enable : Enables the IPv6 protocol on your FortiSOAR™ system. The system will reboot as part of the execution.
set-https-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an https proxy server to serve all https requests from FortiSOAR™. To configure an https proxy, you must specify the hostname and the port number of the HTTPS proxy server. You must also specify the protocol to be used to communicate with the HTTPS proxy server. You can also optionally specify the username and password used to access the HTTPS proxy server.
set-http-proxy --host<proxy_hostname> --port<proxy_port> --protocol<proxy_protocol> --user<proxy_username> --password<proxy_password>: Configures an http proxy server to serve all http requests from FortiSOAR™. To configure an http proxy, you must specify the hostname and the port number of the HTTP proxy server. You must also specify the protocol to be used to communicate with the HTTP proxy server. You can also optionally specify the username and password used to access the HTTP proxy server.
list-proxy: Lists the proxies that are configured.
set-no-proxy --host<hostname>: Configures a comma-separated list of hostnames that do not require to be routed through a proxy server.
Note: Review the existing no-proxy list using the list-proxy option. You can add or remove proxies from the existing list by specifying a complete comma-separated list of proxies that you want to configure using the set-no-proxy option.
For example, if you have added hostname1 to the no-proxy list and you want to add hostname2 to the no-proxy list, then you must run the command as:
csadm network set-no-proxy --host "hostname1, hostname2"

Notes with respect to FortiSOAR™ Admin CLI:

  • In case of FortiSOAR™ Secure Message Exchange instance all subcommands work as per the enterprise edition. However, the mq subcommand only supports the --generate-certs option:
    csadm mq --generate-certs: Generates the SSL certificate. This generates the cyopsca certificate, then creates the updated .pem file, and then restarts the rabbitmq-server.
    Note: A .key file has the path to a PEM encoded file containing the private key. A .pem file has the path to a PEM encoded file containing the certificate (or certificate chain) that will be presented when requested.
  • After you run the csadm certs --generate <hostname> or csadm mq --flush-db commands for troubleshooting purposes, you must ensure that you restart all FortiSOAR™ services using the csadm services --restart command.
  • Once your system is upgraded to version 6.0.0, you must close and logout of your existing SSH session and relogin to your version 6.0.0 instance to run the csadm commands and perform any operations.