Americas HeadquartersCisco Systems, Inc.170 West Tasman DriveSan Jose, CA 95134-1706USAhttp://www.cisco.comTel: 408 526-4000800 553-NETS (6387)Fax: 408 527-0883

Cisco ASA CLI Analyzer (Beta) User Guide

Version 1.0April 29, 2015

CCDE, CCENT, CCSI, Cisco Eos, Cisco Explorer, Cisco HealthPresence, Cisco IronPort, the Cisco logo, Cisco Nurse Connect, Cisco Pulse, Cisco SensorBase, Cisco StackPower, Cisco StadiumVision, Cisco TelePresence, Cisco TrustSec, Cisco Unified Computing System, Cisco WebEx, DCE, Flip Channels, Flip for Good, Flip Mino, Flipshare (Design), Flip Ultra, Flip Video, Flip Video (Design), Instant Broadband, and Welcome to the Human Network are trademarks; Changing the Way We Work, Live, Play, and Learn, Cisco Capital, Cisco Capital (Design), Cisco:Financed (Stylized), Cisco Store, Flip Gift Card, and One Million Acts of Green are service marks; and Access Registrar, Aironet, AllTouch, AsyncOS, Bringing the Meeting To You, Catalyst, CCDA, CCDP, CCIE, CCIP, CCNA, CCNP, CCSP, CCVP, Cisco, the Cisco Certified Internetwork Expert logo, Cisco IOS, Cisco Lumin, Cisco Nexus, Cisco Press, Cisco Systems, Cisco Systems Capital, the Cisco Systems logo, Cisco Unity, Collaboration Without Limitation, Continuum, EtherFast, EtherSwitch, Event Center, Explorer, Follow Me Browsing, GainMaker, iLYNX, IOS, iPhone, IronPort, the IronPort logo, Laser Link, LightStream, Linksys, MeetingPlace, MeetingPlace Chime Sound, MGX, Networkers, Networking Academy, PCNow, PIX, PowerKEY, PowerPanels, PowerTV, PowerTV (Design), PowerVu, Prisma, ProConnect, ROSA, SenderBase, SMARTnet, Spectrum Expert, StackWise, WebEx, and the WebEx logo are registered trademarks of Cisco and/or its affiliates in the United States and certain other countries.

All other trademarks mentioned in this document or website are the property of their respective owners. The use of the word partner does not imply a partnership relationship between Cisco and any other company. (1002R)

Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional and coincidental.

Cisco ASA CLI Analyzer (Beta) User Guide 2015 Cisco Systems, Inc. All rights reserved.

What terminal emulatiWhat protocols are suWhich expressions anms are supported in the ASA CLI Analyzer? 27on is supported in the ASA CLI Analyzer? 28C O N T E N T S

Getting Started with the ASA CLI Analyzer 5

About the ASA CLI Analyzer 5System Requirements 6Downloading and Installing the ASA CLI Analyzer 6Accessing the ASA CLI Analyzer 11Submitting Comments and Questions 12

Configuring Global Console Settings 13

Scrollback Buffer 14Contextual Help and Highlighting 14Console Window 14Highlighting 14Credentials 14

Adding a Device to the Device List 15

Connecting to a Device 17

Logging Your Current Session 19

Running CLI Commands 21

Running ASA CLI Analyzer Scripts 22

Searching the Command Output 24

Contextual Help and Highlighting 26

Frequently Asked Questions 27

Why do I need to log in using my Cisco.com account for some features? 27Why am I still unable to access the ASA CLI Analyzer after I have entered my CCO account information? 27How do I request features or provide product feedback? 27Why does ASA Traceback Decoder state that the crash.txt file cannot be found? 27Which operating syste3Cisco ASA CLI Analyzer (Beta) User Guide

pported in the ASA CLI Analyzer? 28d characters are supported in the RegEx search feature? 28

Contents4Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI Analyzer

Topics About the ASA CLI Analyzer System Requirements Downloading and Installing the ASA CLI Analyzer Accessing the ASA CLI Analyzer Submitting Comments and Questions

About the ASA CLI AnalyzerThe ASA CLI Analyzer is a smart SSH/Telnet client designed to help troubleshoot and check the overall health of your ASA. Here are the features you can try out now:

ASA System DiagnosticsUtilizes Cisco TAC knowledge to analyze the ASA and detect some known problems such as system problems, configuration mistakes, and best practice violations.

ASA Traceback AnalyzerAttempts to match the root cause of a crash to a known bug if the ASA has experienced a system traceback. If a matching bug is found, the ASA version or versions in which the bug is fixed are provided.

ASA Packet TracerAllows administrators to test sending simulated packets through the ASA. If the packet is dropped, the ASA configuration portion or feature that could have contributed to the packet drop is identified.

Contextual Help and HighlightingContextual Help provides information based on command outputs in an interactive way. Highlighting enables real-time search capabilities in the console window.

Note You must have a valid Cisco.com account to use the ASA CLI Analyzer. If you do not have a valid Cisco.com account, you must register on the Cisco.com Registration page and associate a Service Contract to your Cisco.com profile.5Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI Analyzer System RequirementsSystem RequirementsThe minimum software and hardware requirements for running the ASA CLI Analyzer are as follows:

Software: Windows 7 (32-bit or 64-bit) Mac OS X verions 10.7 (Lion) or later

Hardware 256 megabytes (MB) of RAM 256 megabytes (MB) of available space on the hard disk

Downloading and Installing the ASA CLI AnalyzerComplete these steps to download and install the ASA CLI Analyzer:

1. Access the Cisco Tools & Resources page, and click the ASA CLI Analyzer link.

2. On the ASA CLI Analyzer web page, read the Beta Terms, and click Try the ASA CLI Analyzer.

The End-User License Agreement page appears.

3. Click Accept. The Cisco File Exchange page appears.

4. On the Cisco File Exchange page, click the link that corresponds to your operating system.

5. Once the file is downloaded, double-click the executable to begin installation. 6Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI AnalyzerDownloading and Installing the ASA CLI AnalyzerThe ASA CLI Analyzer Setup Wizard appears.

6. Click Next.7Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI Analyzer Downloading and Installing the ASA CLI AnalyzerThe Destination Folder dialog window appears.

7. If you prefer to install to a location other than the default folder, click Change to enter a new destination folder.

8. If you would like to add a desktop shortcut, click the Create a shortcut for this application on your desktop check box.

9. Click Next.8Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI AnalyzerDownloading and Installing the ASA CLI AnalyzerThe Ready to install ASA CLI Analyzer dialog window appears.

10. On the Ready to install ASA CLI Analyzer dialog window, click Install.9Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI Analyzer Downloading and Installing the ASA CLI AnalyzerOnce installation is complete, the Completed the ASA CLI Analyzer Setup Wizard dialog window appears.

11. If you want to launch the application on exit, click the Launch application when complete check box.

12. Click Finish to exit the ASA CLI Analyzer Setup Wizard.

Note Once installation is complete, you can run the ASA CLI Analyzer executable again to repair or remove the application.10Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI AnalyzerAccessing the ASA CLI AnalyzerAccessing the ASA CLI AnalyzerOnce the ASA CLI Analyzer is installed, click the ASA CLI Analyzer icon to open the ASA CLI Analyzer interface.

The ASA CLI Analyzer interface appears with the Device tab selected.

Once the ASA CLI Analyzer appears, you can configure global console settings, add devices to your device list, or connect to a device. Refer to the corresponding topic for more information:

Configuring Global Console Settings Adding a Device to the Device List Connecting to a Device11Cisco ASA CLI Analyzer (Beta) User Guide

Getting Started with the ASA CLI Analyzer Submitting Comments and QuestionsSubmitting Comments and QuestionsTo submit comments and questions regarding the ASA CLI Analyzer tool, use the Feedback form located on the left side of the user interface.12Cisco ASA CLI Analyzer (Beta) User Guide

Configuring Global Console SettingsSubmitting Comments and QuestionsConfiguring Global Console Settings

On the Settings tab of the ASA CLI Analyzer interface, you can configure the global console settings for the following items:

Scrollback Buffer Contextual Help and Highlighting Console Window Highlighting Credentials

Click the Settings tab to access the global console settings.13Cisco ASA CLI Analyzer (Beta) User Guide

Configuring Global Console Settings Scrollback BufferScrollback BufferIn the Scrollback Buffer area of the Settings tab, you can configure the number of command lines retained in memory. To configure the scrollback buffer, enter a number between 100 and 50000 in the Scrollback Buffer field, and select the appropriate protocol from the Preferred Protocol drop-down list.

Contextual Help and HighlightingTo enable or disable the Contextual Help and Highlighting feature, select the appropriate option from the Contextual Help and Highlighting drop-down list. This feature is enabled by default. For more information on the Contextual Help and Highlighting feature, see Contextual Help and Highlighting.

Console WindowIn the Console Window area of the Settings tab, you can configure the text and background colors of the console window. To configure the console window, select the desired color from the Text and Background color buttons. You can preview your settings in the Preview window.

HighlightingIn the Highlighing area of the Settings tab, you can configure the text and background colors for up to five (5) search terms. To configure highlighting, select the desired color from the Text and Background color buttons for each search term.

Note For information on how to search, see Searching the Command Output.

CredentialsIn the Credentials area of the Settings tab, you can configure your sesssions to reconnect using previously entered login credentials. To enable this feature, check the Click to Reconnect with Credentials check box.14Cisco ASA CLI Analyzer (Beta) User Guide

Adding a Device to the Device ListCredentialsAdding a Device to the Device List

Complete these steps to add a device to the Devices list:

1. In the ASA CLI Analyzer, click the Devices tab, and click the Add Device button ( ) located under the Devices heading.

The Add Device dialog window appears.

2. Enter a name for the device in the Name field.

3. Enter the IP address in the IP Address field.

4. Enter the host name in the Host Name field.

5. Enter the physical location of the device in the Location field.

6. Select the appropriate protocol from the Connect Type drop-down list, and enter the port number in the Port field.

7. Click Add.15Cisco ASA CLI Analyzer (Beta) User Guide

Adding a Device to the Device List CredentialsThe device is added to the Devices list.

Once the device is added to the Devices list, you can complete the following actions:

Click the Connect button ( ) to connect to that device. Click the Favorites button ( ) to add the device to your Favorites list. Click a link to edit that field. For example, click the Hostname link to edit the host name. Click the Delete button ( ) to remove the device from the Devices list.

Once additional devices are added to the Devices list, you can use the following actions to navigate the list.

Click the Favorites button ( ) to show only devices marked as Favorite. Click the Select All button ( ) to select all devices in the list. Click the Sort Descending/Sort Ascending button ( ) to change the sort order of the list. Click the Sort By button ( ) and select Device Name, Location, or Activity Date to sort

the list. The default value is Activity Date. Click the Filter button ( ) and enter a search term to filter the results. Enter a search term in the Search Devices field and press Enter to search the device list.16Cisco ASA CLI Analyzer (Beta) User Guide

Connecting to a DeviceCredentialsConnecting to a Device

Complete these steps to connect to a device:

1. In the ASA CLI Analyzer, click the Devices tab, and complete one of the following actions to start a new session:

Enter the hostname or IP address of the device in the field provided, and press Enter. Click a device from the Recent Sessions list. Click the New Session button. Click the Connect button ( ) for the device in the Devices list.A new session tab appears.

2. In the fields provided, enter the user name and password required to access the device.

3. Select the appropriate connection type (SSH or Telnet) from the Connection Type drop-down list, and enter the appropriate port number in the Port field.

4. Check the Update preferences check box if you want to save the connection type and port number.

5. Click Connect.17Cisco ASA CLI Analyzer (Beta) User Guide

Connecting to a Device CredentialsA session window opens and the session tab icon displays green to indicate an active session.

Note The status bar at the bottom of the window displays row and column count, as well as connection protocol, start time, and elapsed time.

6. Once you are connected, you can complete the following actions:

Log your current session; see Logging Your Current Session. Run CLI commands; see Running CLI Commands. Run ASA CLI Analyzer scripts; see Running ASA CLI Analyzer Scripts. Search the command output; see Searching the Command Output.

Note You can disconnect from the device by clicking the Disconnect button. If your session times out and you are automatically disconnected, click the Reconnect button.18Cisco ASA CLI Analyzer (Beta) User Guide

Logging Your Current SessionCredentialsLogging Your Current Session

The ASA CLI Analyzer allows you to capture your current console session and save the output to your local computer.

Complete these steps to log your current session:

1. Connect to a device as described in Connecting to a Device.

2. Click the Logging: Off button.

The logging session starts and the Logging button displays Logging: On.

3. Once you complete the session, click the Logging: On button.19Cisco ASA CLI Analyzer (Beta) User Guide

Logging Your Current Session CredentialsThe Save As dialog appears.

4. Navigate to a location on your computer, and click Save.20Cisco ASA CLI Analyzer (Beta) User Guide

Running CLI CommandsCredentialsRunning CLI Commands

To run CLI commands, connect to a device as described in Connecting to a Device, enter a command at the command prompt, and press Enter.21Cisco ASA CLI Analyzer (Beta) User Guide

Running ASA CLI Analyzer Scripts CredentialsRunning ASA CLI Analyzer Scripts

The ASA CLI Analyzer allows you to run the following scripts to help identify, troubleshoot, and resolve problems you might experience in support of your ASA:

ASA System DiagnosticsUtilizes Cisco TAC knowledge to analyze the ASA and detect some known problems such as system problems, configuration mistakes, and best practice violations.

ASA Traceback AnalyzerAttempts to match the root cause of a crash to a known bug if the ASA has experienced a system traceback. If a matching bug is found, the ASA version or versions in which the bug is fixed are provided.

ASA Packet TracerAllows administrators to test sending simulated packets through the ASA. If the packet is dropped, the ASA configuration portion or feature that could have contributed to the packet drop is identified.

Note To submit ideas for new tools or suggestions to enhance these tools, send us feedback as described in Submitting Comments and Questions.

Complete these steps to run an ASA CLI Analyzer script:

1. Connect to a device as described in Connecting to a Device, and click the Tools button.

The Tools panel appears.

2. Click the Run button ( ) for the script you want to run.

Note To run the ASA Packet Tracer, you must configure additional settings. To configure the additional settings, click the Configure button located in the ASA Packet Tracer panel, and enter the configuration settings.22Cisco ASA CLI Analyzer (Beta) User Guide

Running ASA CLI Analyzer ScriptsCredentialsThe script begins to run and the Halt Script button appears.

Note If Enable access is required, you will be prompted to input credentials before the script runs.

3. Wait for the script to complete, or click the Halt Script button to stop the script.

4. Once the script completes, the session is listed in the Results area at the bottom of the page.

5. Click the item in the Results list to expand and view additional details.

6. Click the Export button ( ) to export the results to a .json file.23Cisco ASA CLI Analyzer (Beta) User Guide

Searching the Command Output CredentialsSearching the Command Output

The ASA CLI Analyzer includes a highlighting feature that enables real-time search capabilities in the console window to search command output.

Complete these steps to search the command output:

1. Click the Search button ( ) to enable search and highlighting.

2. Enter a search term in the field provided, and press Enter or Tab. You can repeat this step to enter up to five (5) search terms.

The specified search term or terms appear next to the search field along with the number of results for each term. Search results appear highlighted in the command window.

Note Results appear highlighted according to the colors assigned to each search term in the Highlighting area on the Settings tab. The search term that is currently selected is highlighted in red. For information on how to assign custom colors to your search terms, see Highlighting.

3. To navigate the search results, use the following buttons:

Previous ( )Go to the previous match for the term. Next ( )Go to the next occurrence for the matching term. First ( )Go to the first occurrence of the matching term within the output. Last ( )Go to the last occurrence of the matching term within the output.

4. To restrict search results to case sensitive matches, click the Case Sensitive button ( ). 24Cisco ASA CLI Analyzer (Beta) User Guide

Searching the Command OutputCredentials5. To enable or disable regular expressions, click the RegEx button ( ).

Note RegEx is used to create wildcards or substitutions in your searches. For information on which expressions are supported, refer to Which expressions and characters are supported in the RegEx search feature?

6. To remove a search term, click the X for the search termin the search field.25Cisco ASA CLI Analyzer (Beta) User Guide

Contextual Help and Highlighting CredentialsContextual Help and Highlighting

The ASA CLI Analyzer provides a Contextual Help and Highlighting feature for certain commands. This feature highlights certain text in the CLI output and provides additional information about that text. To view contextual help, click the link that corresponds to the text for which you want to view additional information.

Contextual Help and Highlighting is supported for the following commands:

boot system ? packet-tracer show access-list show asp drop show blocks show capture show console-output show counters show cpu detailed show cpu usage show crashinfo show crypto ikev1 stats show crypto ikev2 stats show crypto ipsec sa show crypto isakmp sa show crypto isakmp stats show failover

show failover history show interface show inventory show logging show memory show memory detail show nat show process show process cpu-hog show process cpu-usage show running-config show scansafe statistics show tech-support show version show vpn-sessiondb write memory write standby26Cisco ASA CLI Analyzer (Beta) User Guide

Frequently Asked QuestionsWhy do I need to log in using my Cisco.com account for some features?Frequently Asked Questions

Why do I need to log in using my Cisco.com account for some features?

You must have a valid Cisco.com account to use the ASA CLI Analyzer. If you do not have a valid Cisco.com account, you must register on the Cisco.com Registration page and associate a Service Contract to your Cisco.com profile.

Why am I still unable to access the ASA CLI Analyzer after I have entered my CCO account information?

Ensure your user name and password are correct and that you have an active support contract associated with your Cisco.com account. If you have verified these items and you are still unable to access the ASA CLI Analyzer, use the Feedback form as described in Submitting Comments and Questions.

How do I request features or provide product feedback?To request additional features or provide product feedback, use the Feedback form as described in Submitting Comments and Questions.

Why does ASA Traceback Decoder state that the crash.txt file cannot be found?

If your ASA appears to have crashed and rebooted, ASA Traceback Decoder might state that the crash.txt file cannot be found.

By default, an ASA saves crash information to the flash memory unless crashinfo save disable is added to the ASA config file. Adding this command to the config file prevents the file from being saved. To resolve this issue, ensure the command is not enabled.

Note You can set the default behavior by adding no crashinfo save disable. If a crash file is present, it will be stored in the local flash as crash.txt.

Which operating systems are supported in the ASA CLI Analyzer?

For information on which operating systems are supported in the ASA CLI Analyzer, see System Requirements.27Cisco ASA CLI Analyzer (Beta) User Guide

Frequently Asked Questions What terminal emulation is supported in the ASA CLI Analyzer?What terminal emulation is supported in the ASA CLI Analyzer?

The ASA CLI Analyzer supports terminal emulator VT100.

What protocols are supported in the ASA CLI Analyzer?The ASA CLI Analyzer supports Telnet and SSH version 2.

Which expressions and characters are supported in the RegEx search feature?

The ASA CLI Analyzer RegEx search feature supports Javascript RegExp brackets, metacharacters, and quantifiers.

Brackets Description[abc] Find any character that is specified between the brackets

[^abc] Find any character that is NOT specified between the brackets

[0-9] Find any digit within the range specified between the brackets

[^0-9] Find any digit NOT within the range specified between the brackets

(x|y) Find the specified characters

Metacharacter Description. Find a single character (except newline or line terminator)

\w Find a word character

\W Find a non-word character

\d Find a digit

\D Find a non-digit character

\s Find a whitespace character

\S Find a non-whitespace character

\b Find a match at the beginning/end of a word

\B Find a match not at the beginning/end of a word

\0 Find a NUL character

\n Find a new line character

\f Find a form feed character

\r Find a carriage return character

\t Find a tab character

\v Find a vertical tab character28Cisco ASA CLI Analyzer (Beta) User Guide

Frequently Asked QuestionsWhich expressions and characters are supported in the RegEx search feature?\xxx Find the character specified by an octal number xxx

\xdd Find the character specified by a hexadecimal number dd

\uxxxx Find the Unicode character specified by a hexadecimal number xxxx

Quantifier Descriptionn+ Matches any string that contains at least one n

n* Matches any string that contains zero or more occurrences of n

n? Matches any string that contains zero or one occurrences of n

n{X} Matches any string that contains a sequence of X n's

n{X,Y} Matches any string that contains a sequence of X to Y n's

n{X,} Matches any string that contains a sequence of at least X n's

n$ Matches any string with n at the end of it

^n Matches any string with n at the beginning of it

?=n Matches any string that is followed by a specific string n

?!n Matches any string that is not followed by a specific string n

Metacharacter Description29Cisco ASA CLI Analyzer (Beta) User Guide

CONTENTSGetting Started with the ASA CLI AnalyzerAbout the ASA CLI AnalyzerSystem RequirementsDownloading and Installing the ASA CLI AnalyzerAccessing the ASA CLI AnalyzerSubmitting Comments and Questions

Configuring Global Console SettingsScrollback BufferContextual Help and HighlightingConsole WindowHighlightingCredentials

Adding a Device to the Device ListConnecting to a DeviceLogging Your Current SessionRunning CLI CommandsRunning ASA CLI Analyzer ScriptsSearching the Command OutputContextual Help and HighlightingFrequently Asked QuestionsWhy do I need to log in using my Cisco.com account for some features?Why am I still unable to access the ASA CLI Analyzer after I have entered my CCO account information?How do I request features or provide product feedback?Why does ASA Traceback Decoder state that the crash.txt file cannot be found?Which operating systems are supported in the ASA CLI Analyzer?What terminal emulation is supported in the ASA CLI Analyzer?What protocols are supported in the ASA CLI Analyzer?Which expressions and characters are supported in the RegEx search feature?