Integrate > SA-HPELN integration > Command line options, importing content, and log files

Command and command line options, importing content, and log files

This section describes the LNc commands and command line options, importing content, and the LNc log file.

Command options

To see the complete list of available commands, options, and online help, perform the following steps:

  1. Open a command prompt.
  2. Run the following command:

    live-network-connector --help

The following list shows some of the available modes that can be called at the command line when launching the LNc:

  • download: Downloads content for the services and streams configured on the locally-installed LNc.

    Note The core updates for the specified products (if any) are also downloaded and imported.

  • download-import: Default command mode. Running the LNc without specifying a command executes in this mode of operation. Downloads content for the services and streams configured on the locally-installed LNc, and imports the content.the locally-installed LNc, and imports the content.

    Note The core updates for the specified products (if any) are also downloaded and imported.

  • import: Imports the content that has been previously downloaded using the download command.

    Note The core updates for the specified products (if any) are also imported.

  • encrypt-passwords: Encrypts the passwords entered in plain text in the configuration file.

  • list-streams: Shows the available services and streams. XML output is also available by using the --format=xml option.

    Note The core updates for the specified products (if any) are also downloaded and imported.

  • list-products: Displays the available products. The default output is in text format, and can be switched to XML output by appending the --format=xml option.

  • list-locales: Displays the available content locales, for a given product and stream. If the product version cannot be detected, all available content locales are displayed.

    Options:

    --product-version=<value> filters the locale based on the given product version

    --all-versions no version filter will be applied.

    The default output is text format; it can be switched to XML output by appending the --format=xml option.

    For example:

    live-network-connector list-locales --product=hpca --stream=security.hpca_nvd
    Product Stream Locales
    ======= ========================== =============
    hpca security.hpca_nvd en_US
  • list-status: Displays the latest content status. For displaying the import history add the --history parameter. For example:

    live-network-connector list-status --product=sas --stream=content.software_
    discovery

    which will display information similar to:

    Name Product Stream Version Date Status
    ====== ======= ========================== ============= =================== =======
    dssm sas content.software_discovery 37.0.0.0.29.0 2011-09-06 16:36:37 success
  • export: Exports content that has been downloaded from HPE Live Network.

    Note The core updates for the specified products (if any) are also imported.

  • download-export: Downloads and exports content from the HPE Live Network.

    Note The core updates for the specified products (if any) are also downloaded and imported.

  • read-config: Shows the value of a configuration attribute in the LNc configuration file. For example, to display the value of username in the LNc configuration file, run the following command:

    live-network-connector read-config --username

  • write-config: Sets the value of a configuration attribute in the LNc configuration file. For example, to set the value of username in the LNc configuration file to user plus an encrypted password, run the following command:

    live-network-connector write-config --username=<user>
    --password=<password>

    When you set a username and password in this manner, you will not need to use the encryptpasswords command.

    Note Manual editing of any LNc configuration file is not supported and could lead to corruption or lost settings. Use the write-config command described here instead.

  • describe: Shows the available streams, their state (enabled/disabled), their associated description and/or url, and the available tags, if any are available.

Other options:

When --content-object=<content object name> is provided, the command also describes <content object name> for the configured product and/or stream.

When --content-object=all is provided, the command also describes all the content objects for the configured product and/or stream.

When --stream=all is provided, the command considers all available streams for the configured product, regardless of which streams were configured with write-config.

When --extended is provided, the command also displays stream extended data. When --content-object=<content object name> or --content-object=all is added, it also displays extended data for the configured content object.

Announcements and release notes are displayed as well, if you use the --announcement and --release-notes options, respectively . These options work only in conjunction with the --contentobject option.

Note The core updates for the specified products (if any) are also downloaded and imported.

  • search: Searches the given text in the tags, name, description, and URL of the stream, as well as in the service name and the product name, and displays the result. To search only the stream tags, use the --tag option.

Command line options

The available command-line options for a specific command are listed when running the following command:

live-network-connector command --help

Option Function Command Compatibility
--http-proxy, --http-proxy-user, and --http-proxy-pass Configures http proxy settings. download, download-import, download-export
--export-to-directory Exports content to a specific directory. download-export, export
--import-from-directory Imports content from a specific directory. import
--product Restricts the content to operate on a specific product. For example, --product=sas limits the content to content that is relevant to SA. download, download-export, export, downloadimport, import, liststreams, list-status, list-locales, describe, search
--stream

Restricts the content to operate on one or more specific streams. When the value of this option is “all”, the command will operate on all streams from any service within the configured product.

Note When used with write-config, this option enables all the streams from the configured product that are known since the last execution of a connected command (like download, downloadimport).

download, download-export, export, downloadimport, import, listproducts, liststatus, list-locales, describe, search, write-config
--platform Specifies the platform of the isolated system in an air-gapped environment where the content will be used. For example: linux2, sunos5, win32. download-export, export
--status-file Indicates the status file of the isolated system in an air-gapped environment, typically found in lnc/etc/ imports.js. Transfer this file to the connected node and use it to only download-export (or export) the necessary files. download-export, export
--product-version Specifies the version of the product core. For example, in an air-gapped environment, the LNc will not be able to detect the product version of the core. It is listed in the same order as the products with the --product flag. download-export, export
--locale

Specifies the preferred content locale. If no value is specified, the default is considered to be en_US. If it is set to "all", the content is not filtered by locale.

If the locale is changed, use --reload if the content was previously imported.

Refer to your Product and Content documentation to see if localized content is available.

download download-import, import downloadexport, export

--secondary-product

--secondary-version

  • Specifies a product or a list of products, comma separated.
  • Specifies a version or a list of versions, comma separated.

The two options need to be set together and have the same number of items. When set for content, the secondary product and version specify that the use (download, import, export) of this content will be allowed if the primary product version validation passes and also the secondary product version validation passes. The content itself will be consumed by the primary product only.

write-config, download, download-import, import, downloadexport, export
--release-notes Displays the release notes for the configured content object(s) within the configured product and stream. describe
--announcement Displays the announcement for the configured content object(s) within the configured product and stream. describe

Content preview (--preview)

The --preview option allows you to generate a preview of all new content for a requested stream before you initiate content download, download-import, import, download-export or export. Used with the download, download-import, import, download-export, and export commands, the --preview option outputs a report of all new content available before you initiate a download, download-import, import, download-export, or export.

For example, if you are subscribed to one or more content streams and want to preview new updates before you download and import the new content, enter the following argument:

live-network-connector download-import --preview

This command will output a report containing all new content updates in all currently subscribed streams which are either available in the LNc cache or on a distribution server that have never been previously downloaded or imported.

If there is no new content available for your subscriptions, the preview report will contain no content objects.

By default, the report is output to STDOUT in plain text format, but if you want the preview report to be output in the XML format, use the --format=xml option to request XML output.

For example:

live-network-connector download-import --preview --format=xml

Options available for --preview

  • download --preview: This report lists all content objects in all currently subscribed streams which have not been previously downloaded. The universe of considered content objects is limited to the set currently published on the distribution server.
  • download --preview --allow-update: This report is similar to the download --preview report, but also updates the LNc and the configured product profile, without grabbing the actual content. Profile data that will be grabbed is based on the product configured in the LNc.
  • import --preview: This report lists all content objects in all currently subscribed streams which are available in the LNc cache and have never been previously imported. The universe of considered content objects is limited to the set currently in the LNc cache. Specifically, the distribution server is not considered.
  • import --preview --allow-update: This report is similar to the import --preview report, but also updates the LNc and the configured product profile, without grabbing the actual content. Profile data that will be grabbed is based on the product configured in the LNc.
  • download-import --preview: This report lists the latest versions of all content objects in all currently subscribed streams which are either available on the distribution server and have not been previously downloaded, or are in the LNc cache and have never been previously imported. The universe of considered content objects includes both the set currently published on the distribution server and the set of content objects currently in the LNc cache.
  • download-import --preview --allow-update: This report is similar to the download-import --preview report, but also updates the LNc and the configured product profile, without grabbing the actual content. Profile data that will be grabbed is based on the product configured in the LNc .
  • download-export --preview: This report lists the latest available content appropriate to the current configuration in all currently subscribed streams which are available either on the distribution server or in the LNc cache, and which are available for export. The universe of considered content objects includes both the set currently published on the distribution server and the set of content objects currently in the LNc cache.
  • download-export --preview --allow-update: This report is similar to the download-export --preview report, but also updates the LNc and the configured product profile, without exporting the actual content. Profile data that will be grabbed is based on the product configured in the LNc.
  • export --preview: This report lists all content objects in all currently subscribed streams which are available in the LNc cache and are available for export. The universe of considered content objects is limited to the set currently in LNc cache. Specifically, the distribution server is not considered. Typically this option is used for exporting content to an air-gapped environment.
  • export --preview --allow-update: This report is similar to the export --preview report, but also uses the already downloaded data to update the LNc and the configured product profile, without exporting the actual content. Profile data that will be grabbed is based on the product configured in the LNc.
  • --tags: This report lists the search tags defined at content object level.
  • --release-notes: This report lists the release notes available for each content object within the configured product and stream.
  • --announcement: This report lists the announcement available for each content object within the configured product and stream.

Importing content

To help verify that the content was downloaded, the LNc calculates the SHA256 sum of downloaded files and checks the result against the SHA256 sum listed for the file in the stream. The LNc retains the files in the cache.

The LNc checks the return status of the import commands to see if the import succeeded. If the import succeeded, the LNc marks the file as imported and caches the information. Check the log file to make sure that the content was imported successfully.

Live network connector log file

The LNc checks the return status of the import commands to see if the import succeeded. If the import succeeded, the LNc marks the file as imported and caches the information. Check the log file to make sure that the content was imported successfully.

<install_directory>/lnc/log/live-network-connector.log

To change this default path, by using the write-config command, set the value of logfile_path to the preferred path and file name.

Standard content streams

The following table presents the names and descriptions of the streams currently available through the HPE Live Network.

Note The tables in this section are only a subset of the current list of available streams.

Activate a stream in this table by modifying the configuration file for the LNc on the specified server.

Name Description
ms_patch_supp Microsoft patch supplement.
platform_linux Managed platform content - platform installers Linux.
platform_unix Managed platform content - platform installers Unix.
platform_vmware Managed platform content - platform installers VMware.
platform_windows Managed platform content - platform installers Windows.
software_ discovery Software discovery server module content.
solaris_patching Solaris patching content.
security_scanner Operational security assessment server module to scan system for known vulnerabilities.
sa_dma Program APXs content to invoke the DMA client on managed servers when running DMA workflows.
sa_se_connector Storage essentials connector.
os_provisioning OS provisioning content.

SA vulnerability content streams

An SA vulnerability stream contains an audit and remediation (A&R) policy with checks for detecting platform vulnerability exposure based on CVE (Common Vulnerabilities and Exposures) and OVAL (Open Vulnerability and Assessment Language) data.

Name Description
vc_aix43 Vulnerability content for SA on AIX 4.3
vc_aix51 Vulnerability content for SA on AIX 5.1
vc_aix52 Vulnerability content for SA on AIX5.2
vc_aix53 Vulnerability content for SA on AIX 5.3
vc_aix61 Vulnerability content for SA on AIX6.1
vc_aix71 Vulnerability content for SA on aix 7.1
vc_centos5 Vulnerability content for SA on Centos 5
vc_centos6 Vulnerability content for SA on Centos 6
vc_centos7 Vulnerability content for SA on Centos 7
vc_oel5 Vulnerability content for SA on OEL 5
vc_oel6 Vulnerability content for SA on OEL 6
vc_oel7 Vulnerability content for SA on OEL 7
vc_esx3 Vulnerability content for SA on VMware ESX 3.0
vc_esx35 Vulnerability content for SA on VMware ESX 3.5
vc_esx4 Vulnerability content for SA on VMware ESX 4.0
vc_esx41 Vulnerability content for SA on VMware ESX 4.1
vc_winxp Vulnerability content for SA on Windows XP
vc_win2k Vulnerability content for SA on Windows 2000
vc_win2k3 Vulnerability content for SA on Windows 2003
vc_win2k8 Vulnerability content for SA on Windows 2008
vc_win2k8r2 Vulnerability content for SA on Windows 2008 R2
vc_win2k12 Vulnerability content for SA on Windows 2012
vc_win2k12r2 Vulnerability content for SA on Windows 2012 R2
vc_sol7 Vulnerability content for SA on Solaris 7
vc_sol8 Vulnerability content for SA on Solaris 8
vc_sol9 Vulnerability content for SA on Solaris 9
vc_sol10 Vulnerability content for SA on Solaris 10
vc_hpux10 Vulnerability content for SA on HP-UX 10
vc_hpux11 Vulnerability content for SA on HP-UX 11
vc_rhel3 Vulnerability content for SA on RHEL3
vc_rhel4 Vulnerability content for SA on RHEL4
vc_rhel5 Vulnerability content for SA on RHEL5
vc_rhel6 Vulnerability content for SA on RHEL6
vc_rhel7 Vulnerability content for SA on RHEL7
vc_suse10 Vulnerability content for SA on SuSE Linux 10
vc_suse11 Vulnerability content for SA on SuSE Linux 11
vc_suse12 Vulnerability content for SA on SuSE Linux 12
vc_ubuntu Vulnerability content for SA on Ubuntu

Compliance content streams

The following table lists all available compliance content streams.

Name Description
Prerequisite Prerequisite content for installing additional policies
cc_library Configurable audit and remediation (A&R) compliance policy for both Windows and Unix
Audit and Remediation Dynamic Policies Customizable, actively supported dynamic policies
cc_pci_windows Dynamic A&R PCI policies for SA on Windows
cc_pci_unix Dynamic A&R PCI policies for SA on UNIX
ec_cis_aix Dynamic A&R CIS policies for SA on AIX
ec_cis_esx Dynamic A&R CIS policies for SA on ESX
ec_cis_hpux Dynamic A&R CIS policies for SA on HP-UX
ec_cis_rhel Dynamic A&R CIS policies for SA on RHEL
ec_cis_solaris Dynamic A&R CIS policies for SA on Solaris
ec_cis_suse Dynamic A&R CIS policies for SA on SUSE
ec_cis_windows Dynamic A&R CIS and MS policies for SA on Windows
ec_disa_stig Dynamic A&R DISA policies for SA on UNIX and Windows
Basic Audit and Remediation Policies Non-customizable policies
cc_fisma_ windows A&R FISMA policies for SA on Windows
cc_fisma_unix A&R FISMA policies for SA on UNIX
cc_hipaa_ windows A&R HIPAA policies for SA on Windows
cc_hipaa_unix A&R HIPAA policies for SA on UNIX
cc_sox_windows A&R SOX policies for SA on Windows
cc_sox_unix A&R SOX policies for SA on UNIX
cc_cis_ubuntu A&R CIS policies for SA on Ubuntu
cc_cis_centos A&R CIS policies for SA on Centos
cc_cis_oel A&R CIS policies for SA on OEL
cc_iso_windows A&R ISO policies for SA on Windows
cc_iso_unix A&R ISO policies for SA on Unix