7/25/2019 1.8 Asa Cli Analyzer User Guide
1/36
Cisco ASA CLI Analyzer User Guide
Version 1.8September 15, 2015
Americas Headquarters
Cisco Systems, Inc. 170
West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/http://www.cisco.com/7/25/2019 1.8 Asa Cli Analyzer User Guide
2/36
CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase,
Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, C isco WebEx, DCE, Flip Channels, Flip for Good, Flip
Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work,
Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and
Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, C CIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the
Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, C isco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity,
Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the
IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY,
PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are
registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.
All othe r trade marks ment ioned in t his document or website are the property of their respect ive owners . Third party trademarks mentioned are the property of their respective
owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display
output, network topology diagrams, and other figures included in t he document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers i n
illustrative content is unintentional and coincidental.
Cisco ASA CLI Analyzer User Guide
2015 Cisco Systems, Inc and/or its affiliates. All rights reserved. Cisco, the Cisco logo, [and other CISCO marks if applicable] are trademarks or registered trademarks of Ciscoand/or its affiliates in the U.S. and other countries.
7/25/2019 1.8 Asa Cli Analyzer User Guide
3/36
C O N T E N T S
New Features in Version 1.8 5
Getting Started with the ASA CLI Analyzer 6
About the ASA CLI Analyzer 6
System Requirements 6
Downloading and Installing the ASA CLI Analyzer 7
Accessing the ASA CLI Analyzer 10
Submitting Comments and Questions 11
Configuring Global Console Settings 12
Scrollback Buffer 13
Preferred Protocol 13
Contextual Help and Highlighting 13
Reconnect with Credentials 13
Automatically Enable Session Capture 13
Theme 13
Proxy Setup 14
Managing Your Devices 15
Adding a Device to the Device List 15
Importing Devices 17
Importing from PuTTY 18
Creating a CSV File of Devices 19
Exporting Devices 20
Connecting to a Device 21
Features 15
Logging Your Current Session 23
Tagging 25
Running CLI Commands 26
Running ASA CLI Analyzer Scripts 27
Searching Highlighting 30
Contextual Help and Highlighting 32
Context Menu Options 33
Frequently Asked Questions 34
Why do I need to log in using my Cisco.com account for some features? 34
Why am I still unable to access the ASA CLI Analyzer after I have entered my CCO account
information? 34
How do I request features or provide product feedback? 34
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
4/36
Why does ASA Traceback Decoder state that the crash.txt file cannot be found? 34
Which operating systems are supported in the ASA CLI Analyzer? 34
What terminal emulation is supported in the ASA CLI Analyzer? 35
What protocols are supported in the ASA CLI Analyzer? 35
Which expressions and characters are supported in the RegEx search feature? 35
Contents
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
5/36
New Features in Version 1.8
The following features are new in this version of ASA CLI Analyzer:
Import PuTTY SessionsYou can now import your sessions from PuTTY. For more
information, seeImporting from PuTTY.
ASA Firewall Top TalkersIdentify connections passing through your ASA that have the highest
bit rates. This option on the Settings page lets you begin logging automatically when you connect to
a device. For more information, seeRunning ASA CLI Analyzer Scripts.
Improved UsabilityEnable password location is now logically grouped with username/password.
Enabled smooth scrolling, close tab behavior modified, improved the minimum session window
size.
Application Speed/PerformanceWe have redesigned the application to keep pace with the needs
of current and future TAC tools.
Proxyyou can now configure a single ip address/port for web proxy support, seeProxy Setup
Device TaggingTag your devices using keywords that are meaningful to you. Tag by location,
function, protocol, etc. Create one or many. Search for tags to quickly find the device you are
looking for. Tags can be added manually by editing each device, using the Bulk Action function or
in using the CSV device upload template. Leveraging tagging allows you to be free of hierarchical
navigation trees. For more information seeTagging.
CHH Display Display Preferencesfilter out Danger, Warning or Info within the Settings tab.,seeCHH Preferences.
Smooth ScrollingHold down the enter keyand easily navigate to the line in the config you are
looking for.
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
6/36
Getting Started with the ASA CLI Analyzer
Topics About the ASA CLI Analyzer
System Requirements
Downloading and Installing the ASA CLI Analyzer
Accessing the ASA CLI Analyzer
Submitting Comments and Questions
About the ASA CLI Analyzer
The ASA CLI Analyzer is a smart SSH/Telnet client designed to help troubleshoot and check the overall
health of your ASA. Features include:
ASA System DiagnosticsUtilizes Cisco TAC knowledge to analyze the ASA and detect known
problems such as system problems, configuration mistakes, and best practice violations.
ASA Traceback AnalyzerAttempts to match the root cause of a crash to a known bug if the ASA
has experienced a system traceback. If a matching bug is found, the ASA version or versions in which
the bug is fixed are provided.
ASA Packet TracerAllows administrators to test sending simulated packets through the ASA. If
the packet is dropped, the ASA configuration portion or feature that could have contributed to the
packet drop is identified.
Contextual Help and HighlightingContextual Help provides information based on command
outputs in an interactive way. Highlighting enables real-time search capabilities in the console
window.
Note You must have a valid Cisco.com account to use the ASA CLI Analyzer. If you do not have a valid
Cisco.com account, you must register on the Cisco.comRegistrationpage andassociate a Service
Contract to your Cisco.com profile.
System Requirements
The minimum software and hardware requirements for running the ASA CLI Analyzer are as follows:
Software:
Windows 7 (32-bit or 64-bit)
Mac OS X versions 10.8 (Mountain Lion) or later
Hardware
256 megabytes (MB) of RAM
256 megabytes (MB) of available space on the hard disk
Cisco ASA CLI Analyzer User Guide
6
https://tools.cisco.com/RPF/register/register.dohttps://tools.cisco.com/RPF/register/register.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPF/register/register.do7/25/2019 1.8 Asa Cli Analyzer User Guide
7/36
Downloading and Installing the ASA CLI Analyzer
Downloading and Installing the ASA CLI Analyzer
Complete these steps to download and install the ASA CLI Analyzer:
1.
Access theCisco Tools & Resourcespage, and click the ASA CLI Analyzer link.
2. On the ASA CLI Analyzer web page, read the Beta Terms, and click Try the ASA CLI Analyzer.
The End-User License Agreement page appears.
3.
Click Accept. The Cisco File Exchange page appears.
4. On the Cisco File Exchange page, click the link that corresponds to your operating system.
5. Once the file is downloaded, double-click the executable to begin installation.
The ASA CLI Analyzer Setup Wizard appears.
Cisco ASA CLI Analyzer User Guide
http://www.cisco.com/c/en/us/support/web/tools-catalog.htmlhttp://www.cisco.com/c/en/us/support/web/tools-catalog.htmlhttp://www.cisco.com/c/en/us/support/web/tools-catalog.html7/25/2019 1.8 Asa Cli Analyzer User Guide
8/36
Downloading and Installing the ASA CLI Analyzer
6.
Click Next.
The Destination Folder dialog window appears.
7. If you prefer to install to a location other than the default folder, click Change to enter a new
destination folder.
8.
If you would like to add a desktop shortcut, click the Create a shortcut for this application on
your desktop check box.
9.
Click Next.
The Ready to install ASA CLI Analyzer dialog window appears.
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
9/36
Downloading and Installing the ASA CLI Analyzer
10. On the Ready to install ASA CLI Analyzer dialog window, click Install.
Once installation is complete, the Completed the ASA CLI Analyzer Setup Wizard dialog window
appears.
11.
If you want to launch the application on exit, click the Launch application when complete check
box.
12.
Click Finish to exit the ASA CLI Analyzer Setup Wizard.
Note Once installation is complete, you can run the ASA CLI Analyzer executable again to repair or remove
the application.
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
10/36
Accessing the ASA CLI Analyzer
Once the ASA CLI Analyzer is installed, click the ASA CLI Analyzer icon to open the ASA CLI Analyzerinterface.
The ASA CLI Analyzer interface appears with the Device tab selected.
Once the ASA CLI Analyzer appears, you can configure global console settings, add devices to your device
list, or connect to a device. Refer to the corresponding topic for more information:
Configuring Global Console Settings
Adding a Device to the Device List
Connecting to a Device
Topics
Accessing the ASA CLIAnalyzer
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
11/36
Submitting Comments and Questions
To submit comments and questions regarding the ASA CLI Analyzer tool, click the Feedback button ( )
in the top left corner of the window to open the Feedback form. Enter your name, email address, andcomments in the fields provided. Optionally, select a star rating. When you are finished, click Submit to send
your feedback.
Topics
Submitting Comments andQuestions
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
12/36
Configuring Global Console SettingsOn the Settings tab of the ASA CLI Analyzer interface, you can configure the global console settings for the
following items: Scrollback Buffer
Preferred Protocol
Contextual Help and Highlighting
Reconnect with Credentials
Automatically Enable Session Capture
Proxy Setup
Theme
Click the Settings tab to access the global console settings.
Configuring Global Console Settings
sco na yzer ser
7/25/2019 1.8 Asa Cli Analyzer User Guide
13/36
Scrollback Buffer
In the Scrollback Buffer area of the Settings tab, you can configure the number of command lines retained in
memory. To configure the scrollback buffer, enter a number between 100 and 50000 in the Scrollback Buffer
field, and select the appropriate protocol from the Preferred Protocol drop-down list.
Preferred Protocol Select the protocol (SSH or Telnet) you use most frequently. This protocol will be selected by default when
you create a new connection.
Contextual Help and Highlighting Click the toggle button to enable or disable the Contextual Help and Highlighting feature. This feature is
enabled by default. For more information, seeContextual Help and Highlighting.
Reconnect with Credentials Click the toggle button to enable or disable the ability to reconnect using the login credentials you previously
entered. When enabled, login credentials are remembered for each session tab and will persist until the
session tab is closed.
Automatically Enable Session Capture
Click the toggle button to enable or disable automatic session logging. When enabled, logging is turned onby default when you connect to a device, and a log file is saved automatically when you disconnect. You can
still begin and end logging sessions manually from within the console. For more information, seeLogging
Your Current Session.
By default, log files are saved in these locations:
Windows: C:\Users\\ASA-CLI-Analyzer_Session_Logs
Mac OS X: /Users//ASA-CLI-Analyzer_Session_Logs
CHH Preferences
You can now filter out the notifications for Danger, Warning and Info within the Global Console Settings.By default all notifications are enabled.
Theme In the Appearance area of the Settings tab, you can configure the text and background colors of the console
window. To configure the console window, click the Theme field and select a predefined color theme, or
select Custom to choose your own colors.
Configuring Global Console Settings
sco na zer ser
7/25/2019 1.8 Asa Cli Analyzer User Guide
14/36
If you select Custom, a set of Text and Background color buttons appears. Click a color button to display the
color palette, from which you can select a color. A preview of your current theme or color selection is
displayed in the Preview window.
Note Search terms use their own text and background colors. For information on how to search, seeSearch
Highlighting.
Proxy Setup Customers that require a proxy for outbound web connections will need to enable this in order to utilize
the TAC tools (ASA System Diagnostics, ASA Traceback Decoder, etc) and auto updates. You will need to input a
singleip address and port. HTTP, HTTPS, Socks and Socks5 are supported.
Note You MUSTrestart the application in order for Proxy settings to take effect.
Configuring Global Console Settings
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
15/36
Managing Your Devices
Adding a Device to the Device List
Complete these steps to add a device to the Devices list:
1. In the ASA CLI Analyzer, click the Devices tab, and click the Add Devicebutton ( ) on the Device
List toolbar, located below the Quick Connect box.
The Add Device dialog window appears.
2. Enter a name for the device in the Name field.
3.
Enter the IP address in the IP Address field.
4. Enter the host name in the Host Name(DNS)field.
5. Enter the physical location of the device in the Location field.
6.
Select the connection protocol (SSH or Telnet) you want to use.
7. Enter the port number in the Port field if you use a non-standard port.
8. You may add the Serial Numberof the device.
9.
Assign one or more Tagsto describe your device.
10. Click Add.
Managing Your Devices
Adding a Device to theDevice List
sco na yzer ser
7/25/2019 1.8 Asa Cli Analyzer User Guide
16/36
The device is added to the Devices list.
Once the device is added to the Devices list, you can complete the following actions:
Click the Connectbutton ( ) below a device to connect to that device.
Click the Editbutton ( ) below a device to open the Edit Device window, where you can update
device information.
Click the Favoritesbutton ( ) below a device to mark the device as a Favorite. The button icon
changes to an orange star ( ). Click the button again to remove the device from Favorites.
Once additional devices are added to the Devices list, you can use the following actions to navigate the list.
Hover the pointer over a device and click the Selectbutton ( ) to select the device. The device is
highlighted and the Bulk Actionsbutton becomes available. To deselect the device, click anywhere
on the device.
Click the Select Allbutton ( ) to select all devices in the list. The button icon changes ( ) to showthat all devices are selected. The Bulk Actionsbutton becomes available.
With one or more devices selected, click the Bulk Actionsbutton ( ) and then click anoption in the drop-down list to perform that action (Connect or Delete).
Click the Sort Bybutton ( ) and select Device Name, Location, or Activity Date from
the drop-down list to sort the list of devices by the selected property.
Click the Sortbutton ( ) to change the sort order of the list from descending to ascending. The
button icon changes to show an ascending sort order ( ).
Select a check box in the list of filters to show only devices that match your selected filter. (For
example, select the No Favorites check box to show only devices that are not marked as Favorites.)
Enter a search term in the Search Devices field and press Enter to search the device list.
Managing Your Devices
Adding a Device to theDevice List
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
17/36
Importing Devices
You can add devices to the Device List by importing information from a CSV file.
Complete these steps to import device information from a CSV file:1.
On the Devices tab of the ASA CLI Analyzer, click the Uploadbutton ( ) on the Device List
toolbar (located below the Quick Connect area).
The Device File Upload dialog appears.
2.
Do one of the following:
Click the text Click or drop file to upload.In the Open dialog, navigate to the CSV file you
want to import, select it, and click Open.
Drag the CSV file from a separate window onto the text Clickor drop file to upload.Be sure
that the icon below the pointer indicates that the file will be moved ( ) before you release
the mouse button to drop the file.
3.
Click the Upload Filebutton.
The devices imported from the CSV file appear in the Device List.
Importing Devices
Cisco ASA CLI Anal zer User
7/25/2019 1.8 Asa Cli Analyzer User Guide
18/36
Importing from PuTTY
You can add devices to the Device List by importing information from a PuTTY.
Complete these steps to import device information from PuTTY:
1. On the Devices tab of the ASA CLI Analyzer, click the Uploadbutton ( ) on the Device List
toolbar (located below the Quick Connect area). Select Import from PuTTY.
The Import Device dialog appears.
2. Open a command prompt ( ) and select/copy REG EXPORTHKCU\Software\SimonTatham\PuTTY\Sessions putty-config.txt. Hit Enter.
3. Choose to import your SSH, Telnet sessions or Both (Default).
4. Select Click hereto browse and upload the PuTTY export for from your home directory
C:\Users\your_pc_userid. Select putty-config.txtfile. You may also locate the file and drag &drop the file.
5. The Upload Filebutton should now be active. Select it to begin the upload process. Any errors
during the upload will be displayed in the bottom right corner of the application.
Managing Your Devices
Importing from PuTTY
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
19/36
Creating a CSV File of Devices
You can create a CSV file with device information that can be imported to the ASA CLI Analyzer on any
workstation.
Complete these steps to create a CSV file:
1. On the Devices tab of the ASA CLI Analyzer, click the Uploadbutton ( ) on the Device List
toolbar (located below the Quick Connect area).
The Device File Upload dialog appears.
2.
Click the Download Templatebutton.
The Save As dialog appears.
3. Navigate to the location where you want to save the CSV template and click Save.
4. Open the CSV file in your preferred application.
5. Enter the information for each device on a separate row. The following information is required:
IP Address OR Hostname (DNS)
ProtocolOther device information is optional and can be added from within the ASA CLI Analyzer.
6.
When you are finished, click Save.
Managing Your Devices
Creating a CSV FileOf Devices
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
20/36
Exporting Devices
You can export information about the devices in your Device List to a CSV file, allowing you to import the
information on another workstation.Complete these steps to export device information to a CSV file:
1. On the Devices tab of the ASA CLI Analyzer, click the Exportbutton ( ) on the Device List
toolbar (located below the Quick Connect area).
The Save As dialog appears.
2. Navigate to a location on your computer, optionally change the file name of the CSV file, and clicksave.
Managing Your Devices
Exporting Devices
Cisco ASA CLI Anal zer User
7/25/2019 1.8 Asa Cli Analyzer User Guide
21/36
Connecting to a Device
Complete these steps to connect to a device:
1. In the ASA CLI Analyzer, click the Devices tab, and complete one of the following actions to start a
new session:
In the Quick Connect area, enter the hostname or IP address of the device in the field provided,
and press Enter or click the Connectbutton.
Click a device in the Recent Sessions list.
Click the New Sessionbutton.
Click the Connect button ( ) below the device in the Devices list.
A new session tab appears, and the Session Login screen opens.
2. In the field provided, enter the IP address or hostname of the device. You can also click the arrow
beside the field and select a device to which you have connected in a recent session.
3. In the fields provided, enter the user name and password required to access the device.
4.
Optionally, enter the password for Enable access in the Enable Password field. If you leave the
field empty, you will be required to enter the enable command and the password manually at the
command prompt before running scripts that require Enable access. Entering the password here
saves those extra steps later.
5. Select the option button for the connection type (SSH or Telnet) you want to use, and enter the
appropriate port number in the Port field.
6. Check the Update preferences check box if you want to save the connection type and port number.
Subsequent connections to this device will default to the protocol and port settings you select in this
session.
Managing Your Devices
Connecting to a Device
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
22/36
7. Click Connect.
A session window opens and the session tab icon displays green to indicate an active session.
Note The status bar at the bottom of the window displays row and column count, as well as connection
protocol, start time, and elapsed time.
8. Once you are connected, you can complete the following actions:
Log your current session; seeLogging Your Current Session.
Run CLI commands; seeRunning CLI Commands.
Run ASA CLI Analyzer scripts; seeRunning ASA CLI Analyzer Scripts.
Search the command output; seeSearch Highlighting.
Note You can disconnect from the device by clicking the Disconnectbutton. If your session times out
and you are automatically disconnected, click the Reconnectbutton.
Connecting to a Device
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
23/36
Features
Logging Your Current Session
The ASA CLI Analyzer allows you to capture your current console session and save the output to your local
computer.
Note An option on the Settings tab lets you begin session logging automatically when you connect to
a device, and save the log file automatically when you disconnect. For more information, see
Automatically Enable Session Capture.
Complete these steps to log your current session:
1.
Connect to a device as described inConnecting to a Device.
2. If the Loggingbutton label shows that Logging is off, click the button to turn logging on.
The logging session starts and the Logging button displays Logging: On.
3. When you complete the session, click the Logging: Onbutton.
Logging Your Current Session
Features
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
24/36
The Save As dialog appears.
By default, log files are saved in these locations:
Windows: C:\Users\\ASA-CLI-Analyzer_Session_Logs
Mac OS X: /Users//ASA-CLI-Analyzer_Session_Logs
4.
Navigate to a location on your computer, and click Save.
Logging Your Current Session
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
25/36
Tagging
Tagging allows you to assign text references to your Devices. Leveraging tagging allows you to be free of
hierarchical navigation trees. Tagging also allows real-time re-organization of devices on the Devices Tab
by what's needed at that moment in time.
Use the Bulk Action button to ADDor DELETEtags to multiple devices at once. The delete
function will only display tags that are common to ALL selected devices. If there are not any in
common. No tags will be displayed in this scenario.
Tags can be used for the purposes of searches and organization of devices
Allowed characters in tags are as follows: a-z, A-Z, 0-9, Underscore, Hyphen, and Space. So sample
tags might include "asa_5505", "asa 5515", "texas", "tcp-ip", and "building 11".
Note Onlylowercase letters are permitted. Tags using uppercase letters are automatically converted
to lowercase.
Tagging
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
26/36
Running CLI Commands
To run CLI commands, connect to a device as described inConnecting to a Device,enter a command at the
command prompt, and press Enter.
Features
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
27/36
Running ASA CLI Analyzer Scripts
The ASA CLI Analyzer allows you to run the following scripts to help identify, troubleshoot, and
resolveproblems you might experience in support of your ASA:
ASA Firewall Top Talkershelps to determine which connections passing traffic through an
ASA might have the highest bit rate during a certain period of time. The tool takes two separate
outputs of show connor show conn all, taken a few seconds apart, and compares them. It finds
the individual connections and does a diff to see how much traffic each connection passed
between when the two outputs were taken based on the 'bytes' value. It also lists any new
connections found in the second list, but not the first (indicating that the connection was newly
created before the second show conn was taken)or connections that passed some traffic. It then
displays a list of the connections of interest, sorted by amount of traffic passed by each
connection. You may export the results in JSON or CSV format.
ASA System DiagnosticsUtilizes Cisco TAC knowledge to analyze the ASA and detect
known problems such as system problems, configuration mistakes, and best practice
violations.Note: This analysis requires the output of the show tech-support command and is sent
to Cisco for processing. All ASA software versions are supported.
ASA Traceback AnalyzerAttempts to match the root cause of a crash to a known bug if the
ASA has experienced a system traceback. If a matching bug is found, the ASA version or
versions in which the bug is fixed are provided.
Note: This analysis requires the output of the show crashinfo command and is sent to
Cisco for processing. All ASA software versions are supported.
ASA Packet TracerAllows administrators to test sending simulated packets through the ASA.
If thepacket is dropped, the ASA configuration portion or feature that could have contr ibuted
to the packet drop is identified.
Note: ASA version 7.2 (the first version to include the command) and later aresupported.
Note To submit ideas for new tools or suggestions to enhance these tools, send us
feedback as described inSubmitting Comments and Questions.
Running ASA CLI Analyzer Scripts
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
28/36
Complete these steps to run an ASA CLI Analyzer script:
1.
Connect to a device as described inConnecting to a Device,and click the Toolsbutton.
The Tools panel appears.
Features
Cisco ASA CLI Analyzer User Guide
8
Running ASA CLI Analyzer Scripts
7/25/2019 1.8 Asa Cli Analyzer User Guide
29/36
2.
Click the Runbutton ( ) for the script you want to run.
Note To run the ASA Packet Tracer, you must configure additional settings. To configure the
additional settings, click the Configurebutton located in the ASA Packet Tracer panel, and
enter the configuration settings.
The script begins to run and the Halt Scriptbutton appears.
Note If Enable access is required, you will be prompted to input credentials before the script runs.
3.
Wait for the script to complete, or click the Halt Scriptbutton to stop the script.
4. Once the script completes, the session is listed in the Results area at the bottom of the page.
5. Click the item in the Results list to expand and view additional details.
6.
Click the Exportbutton ( ) to export the results to a . json file.
Running ASA CLI Analyzer Scripts
Features
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
30/36
s - li - l r -s r- i .
Search Highlighting
The ASA CLI Analyzer includes a highlighting feature that enables real-time search capabilities in the
console window to search command output.
Complete these steps to search the command output:
1.
Point to the Highlightbutton ( ) and check the tooltip to ensure that search result highlighting is
enabled. If highlighting is disabled, click the button to enable highlighting.
2. Enter a search term in the field provided, and press Enter or Tab. You can repeat this step to enter
up to five (5) search terms.
The specified search term or terms appear next to the search field along with the number of results
for each term. Search results appear highlighted in the command window.
Note Results appear highlighted according to the colors assigned to each search term in the
Highlighting area on the Settings tab. The search term that is currently selected is
highlighted in red. For information on how to assign custom colors to your search terms, see
Theme.
3. To navigate the search results, use the following buttons:
Previous ( )Go to the previous match for the term.
Next ( )Go to the next occurrence for the matching term.
First ( )Go to the first occurrence of the matching term within the output.
Last ( )Go to the last occurrence of the matching term within the output.
4. To restrict search results to case sensitive matches, click the Case Sensitivebutton ( ).
Search Highlighting
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
31/36
s - li - l r -s r- i .
5. To enable or disable regular expressions, click the RegExbutton ( ).
Note RegEx is used to create wildcards or substitutions in your searches. For information on
which expressions are supported, refer toWhich expressions and characters are supported
in the RegEx search feature?
6. To remove a search term, click the X for the search term in the search field.
Search Highlighting
Features
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
32/36
s - li - l r -s r- i .
Contextual Help and Highlighting
The ASA CLI Analyzer provides a Contextual Help and Highlighting (CHH) feature for certain commands.
This feature highlights certain text in the CLI output and provides additional information about that text. To
view contextual help, click the link that corresponds to the text for which you want to view additional
information.
Contextual Help and Highlighting is supported for the following commands:
boot system ?
dir
packet-tracer
show access-list
show asp drop
show blocks
show capture
show conn
show console-output
show counters
show cpu detailed
show cpu usage
show crashinfo
show crypto ikev1 stats
show crypto ikev2 stats
show crypto ipsec sa
show crypto isakmp sa
show crypto isakmp stats
show failover
show failover history
show interface
show inventory
show logging
show memory
show memory detail
show nat
show process
show process cpu-hog
show process cpu-usage
show running-config
show scansafe statistics
show tech-support
show version
show vpn-sessiondb
write memory
write standby
Contextual Help and Highlighting
7/25/2019 1.8 Asa Cli Analyzer User Guide
33/36
Context Menu Options
The ASA CLI Analyzer provides right-click menu options appropriate to the console text you
highlight.The following options are available when you highlight and right-click any text in the
console:
CopyCopies the selected text to the clipboard.
PastePastes text copied to the clipboard at the command prompt.
Copy & PasteCopies the selected text and pastes it at the command prompt as a single action.
Add Search TermAdds the selected text as a search term and highlights it.
The following additional options are available when you highlight and right-click an IP address:
PingRuns the ping command on the selected IP address.
TracerouteRuns the traceroute command on the selected IP address.
Open SSH SessionCreates a new connection to the selected IP address using the SSH protocol.
Open Telnet SessionCreates a new connection to the selected IP address using the Telnet protocol.
Note You can double-click a term or IP address in the console to select it quickly, without having
to drag the cursor across the text you want to highlight.
Context Menu Options
Features
sco na yzer ser u e
7/25/2019 1.8 Asa Cli Analyzer User Guide
34/36
Frequently Asked Questions
Why do I need to log in using my Cisco.com account for some
features?You must have a valid Cisco.com account to use the ASA CLI Analyzer. If you do not have a valid Cisco.com
account, you must register on the Cisco.comRegistrationpage andassociate a Service Contract to your
Cisco.com profile.
Why am I still unable to access the ASA CLI Analyzer after
I have entered my CCO account information?Ensure your user name and password are correct and that you have an active support contract associated with
your Cisco.com account. If you have verified these items and you are still unable to access the ASA CLI
Analyzer, use the Feedback form as described inSubmitting Comments and Questions.
How do I request features or provide product feedback?
To request additional features or provide product feedback, use the Feedback form as described inSubmitting
Comments and Questions.
Why does ASA Traceback Decoder state that the
crash.txt file cannot be found?If your ASA appears to have crashed and rebooted, ASA Traceback Decoder might state that the crash.txt file
cannot be found.
By default, an ASA saves crash information to the flash memory unless crashinfo save disable is added
to the ASA config file. Adding this command to the config file prevents the file from being saved. To resolve
this issue, ensure the command is not enabled.
Note You can set the default behavior by adding no crashinfo save disable. If a crash file is present, it
willbe stored in the local flash as crash.txt.
Which operating systems are supported in the ASA CLIAnalyzer?
For information on which operating systems are supported in the ASA CLI Analyzer, seeSystem
Requirements.
Frequently Asked Questions
sco na yzer ser u e
https://tools.cisco.com/RPF/register/register.dohttps://tools.cisco.com/RPF/register/register.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPFA/profile/edit_entitlement.dohttps://tools.cisco.com/RPF/register/register.do7/25/2019 1.8 Asa Cli Analyzer User Guide
35/36
What terminal emulation is supported in the ASA CLIAnalyzer?
The ASA CLI Analyzer supports terminal emulator VT100.
What protocols are supported in the ASA CLI Analyzer?The ASA CLI Analyzer supports Telnet and SSH version 2.
Which expressions and characters are supported in theRegEx search feature?
The ASA CLI Analyzer RegEx search feature supports Javascript RegExp brackets, metacharacters, and
quantifiers.
Brackets Description[abc] Find any character that is specified between the brackets
[^abc] Find any character that is NOT specified between the brackets
[0-9] Find any digit within the range specified between the brackets
[^0-9] Find any digit NOT within the range specified between the brackets
(x|y) Find the specified characters
Metacharacter Description
. Find a single character (except newline or line terminator)
\w Find a word character
\W Find a non-word character
\d Find a digit
\D Find a non-digit character
\s Find a whitespace character
\S Find a non-whitespace character
\b Find a match at the beginning/end of a word
\B Find a match not at the beginning/end of a word
\0 Find a NUL character
\n Find a new line character
\f Find a form feed character
\r Find a carriage return character
\t Find a tab character
\v Find a vertical tab character
Frequently Asked Questions
Cisco ASA CLI Analyzer User Guide
7/25/2019 1.8 Asa Cli Analyzer User Guide
36/36
Metacharacter Description
\xxx Find the character specified by an octal number xxx
\xdd Find the character specified by a hexadecimal number dd
\uxxxx Find the Unicode character specified by a hexadecimal number xxxx
Quantifier Description
n+ Matches any string that contains at least one n
n* Matches any string that contains zero or more occurrences of n
n? Matches any string that contains zero or one occurrences of n
n{X} Matches any string that contains a sequence of X n's
n{X,Y} Matches any string that contains a sequence of X to Y n's
n{X,} Matches any string that contains a sequence of at least X n's
n$ Matches any string with n at the end of it
^n Matches any string with n at the beginning of it
?=n Matches any string that is followed by a specific string n
?!n Matches any string that is not followed by a specific string n
Frequently Asked Questions