To use the NSX virtual appliance CLI, you must have SSH access to an NSX virtual appliance. Each NSX virtual appliance contains a command-line interface (CLI).
The viewable modes in the CLI can differ based on the assigned role and rights of a user. If you are unable to access an interface mode or issue a particular command, consult your NSX administrator.
Procedure
- Open an SSH session to a compute host running the work loads that were previously deployed. Log in as root.
- Enter the nsxcli command to open the NSX CLI.
- To confirm that IDS is enabled on this host, run the command:
get ids status
.
Sample Output:
localhost> get ids status
NSX IDS Status
--------------------------------------------------
status: enabled
uptime: 793756 (9 days 04:29:16)
- To confirm both of the IDS profiles have been applied to this host, run the command
get ids profile
.
localhost> get ids profiles
NSX IDS Profiles
--------------------------------------------------
Profile count: 2
1. 31c1f26d-1f26-46db-b5ff-e6d3451efd71
2. 65776dba-9906-4207-9eb1-8e7d7fdf3de
- To review IDS profile (engine) statistics including the number of packets processed and alerts generated, run the command
get ids engine profilestats <tab_to_select_profile_ID>
.
The output is on a per profile basis, and shows the number of alerts, and the number of packets that were evaluated.
localhost> get ids engine profilestats eec3ea3f-0b06-4b9d-a3fe-7950d5726c7c
Fri Oct 23 2020 UTC 21:22:36.257
NSX IDS Engine Profile Stats
------------------------------------------------------------
Profile ID: eec3ea3f-0b06-4b9d-a3fe-7950d5726c7c
Total Alerts: 14
Total Packets: 27407
- To review the signature action of a rule, run the command
get ids engine signaction <ruleID> <profileID> <signatureID>
.
Returns the signature action for a specific RuleID, ProfileID, and SignID. If the IDPS rule is of type "DETECT ONLY," the signature action for all signatures is returned as "ALERT." To drop/reject traffic, the IDPS rule must be configured with "DETECT_PREVENT."
> get ids engine signaction 1001 84f00f24-3177-401c-8c30-d70dbee48479 4100761
NSX IDS Engine Signature Action
---------------------------------------------
alert