3.3.1. root

This is the root group of axonshell (aka running the script with no arguments).

Note

All prompts and info/warning/error messages will go to STDERR.

All –help outpout goes to STDOUT.

All exported data goes to STDOUT by default, unless -xf / –export-file in Export Options is supplied.

3.3.1.1. Command Groups

The entry point for axonshell has the following command groups:

  • adapters Commands to work with adapters and connections.
  • devices: Commands to work with device assets.
  • tools: Commands that provide extra functionality for the CLI.
  • users: Commands to work with user assets.

3.3.1.2. Options

The entry point for the command line interface provides a number of options, all of which must be supplied before any other arguments.

Example of proper ordering:

$ axonshell --proxy "https://proxy:443" devices get

Example of improper ordering:

$ axonshell devices get --proxy "https://proxy:443"

3.3.1.2.1. SSL Certificate Validation Options

Note

If –certpath is supplied, –certverify is automatically set to True.

If –certverify is supplied and –certpath is not and the certificate of the Axonius instance is self-signed, axonshell will exit with an error when attempting to connect.

If you want to turn off the warnings that are shown for self-signed certificates, use –no-certwarn.

3.3.1.2.2. Proxy Options

Note

A proxy can be supplied numerous ways as per the requests documentation

Examples:

$ # proxy that does not require authentication
$ axonshell --proxy https://host:port

$ # proxy that requires authentication
$ axonshell --proxy https://username:password@host:port

$ # socks proxy
$ axonshell --proxy socks5://username:password@host:port

3.3.1.2.3. Logging Options

3.3.1.2.3.1. Logging to the Console

Note

–log-level-console controls the overall level of logs displayed on the console.

For instance:

$ # This will only display INFO log entries and above
$ # DEBUG log entries will not show up in the console log
$ axonshell --log-console --log-level-console info --log-level-package debug

3.3.1.2.3.2. Logging to a File

Note

–log-level-file controls the overall level of logs sent to –log-file-name.

For instance:

$ # This will only display INFO log entries and above
$ # DEBUG log entries will not show up in the log file
$ axonshell --log-file \
            --log-level-file info \
            --log-level-package debug

$ # only send WARNING and above to console and DEBUG and above to file
$ axonshell --log-console \
            --log-console-level warning \
            --log-file \
            --log-level-file debug

3.3.1.2.4. Logging Levels

Control the logging levels for each component of the API client.

Note

–log-level-package will override the levels for all other settings. It’s best to leave this at the lowest level (DEBUG) and set other logging levels higher.

–log-level-api controls the level of logs displayed from Users, Devices, Adapters, and Enforcement API objects.

3.3.1.2.5. Controlling HTTP Client Debug Messages

Enable more verbose logging of the HTTP client requests and responses. These options are useful for debugging purposes.

Note

None of these will show if the overall logging level of –log-level-console, –log-level-file, –log-level-http, or –log-level-package is set to higher than DEBUG.

By default, attributes or bodies for requests or responses are logged.

3.3.1.2.6. Controlling Error Wrapping

Note

This is useful for debugging as it allows you to see the full traceback of the exception, instead of just the string representation of the exception.

3.3.1.3. Help Page

3.3.1.3.1. axonshell

Command line interface for the Axonius API Client.

axonshell [OPTIONS] COMMAND [ARGS]...

Options

-lvlpkg, --log-level-package <log_level_package>

Logging level to use for entire package. [default: debug]

Options:debug|info|warning|error|fatal
-lvlhttp, --log-level-http <log_level_http>

Logging level to use for http client. [default: debug]

Options:debug|info|warning|error|fatal
-lvlauth, --log-level-auth <log_level_auth>

Logging level to use for auth client. [default: debug]

Options:debug|info|warning|error|fatal
-lvlapi, --log-level-api <log_level_api>

Logging level to use for api clients. [default: debug]

Options:debug|info|warning|error|fatal
-lvlcon, --log-level-console <log_level_console>

Logging level to use for console output. [default: debug]

Options:debug|info|warning|error|fatal
-lvlfile, --log-level-file <log_level_file>

Logging level to use for file output. [default: debug]

Options:debug|info|warning|error|fatal
-reqv, --log-request-attrs-verbose, -reqb, --log-request-attrs-brief

Log http client verbose or brief request attributes.

-respv, --log-response-attrs-verbose, -respb, --log-response-attrs-brief

Log http client verbose or brief response attributes.

-reqbody, --log-request-body

Log http client request body.

-respbody, --log-response-body

Log http client response body.

-c, --log-console

Enable logging to STDERR.

-f, --log-file

Enable logging to -fn/–log-file-name in -fp/–log-file-path.

-fn, --log-file-name <log_file_name>

Log file to save logs to if -f/–log-file supplied. [default: axonius_api_client.log]

-fp, --log-file-path <log_file_path>

Directory to use for -fn/–log-file-name (Defaults to CWD).

-fmb, --log-file-max-mb <log_file_max_mb>

Rollover -fn/–log-file-name at this many megabytes. [default: 5]

-fmf, --log-file-max-files <log_file_max_files>

Keep this many rollover logs. [default: 5]

-p, --proxy <proxy>

Proxy to use to connect to Axonius. [default: ]

-ccb, --cert-client-both <cert_client_both>

Path to client SSL certificate and private key in one file for mutual TLS.

-ccc, --cert-client-cert <cert_client_cert>

Path to client SSL certificate for mutual TLS.

-cck, --cert-client-key <cert_client_key>

Path to client SSL private key for mutual TLS

-cp, --certpath <certpath>

Path to SSL certificate for verifying the certificate offered by Axonius.

-cv, --certverify

Perform SSL Certificate Verification (will fail if cert is self-signed or not signed by a system CA).

-ncw, --no-certwarn

Disable warnings for self-signed SSL certificates.

-nw, --no-wraperror

Show the full traceback of exceptions instead of a wrapped error.

--version

Show the version and exit.

Commands

adapters

Group: Work with adapters and adapter…

devices

Group: Work with device assets.

tools

Group: CLI tools.

users

Group: Work with user assets.