Finding Detailed Networking Information for Cortex XSIAM Broker VM
Displaying DHCP Lease Information on Your XSIAM Broker VM via Live Terminal⌗
When working with your XSIAM Broker VM, there are times you might need to quickly verify its network configuration, especially details pertaining to its DHCP lease. Some of this info is available from the UI however not all of it. Whether you’re troubleshooting connectivity issues, ensuring the correct IP assignment, or simply confirming network parameters, accessing this information directly from a live terminal can be incredibly useful.
While various tools can provide network details, networkctl offers a concise and effective way to get what you need, particularly for systems utilizing systemd-networkd.
The Goal: Quick DHCP Lease Info Verification⌗
We want to retrieve specific DHCP lease information (like IP address, gateway, DNS servers, and lease expiry) for a network interface on the XSIAM Broker VM without digging through complex log files or configuration directories.
The Command: networkctl status iface_name⌗
To expose this data, you can leverage the networkctl command, focusing on your primary network interface. The interface name can vary depending on hypervisor so you need to put the interface name in, in my case it was ens160
Open a live terminal session to your XSIAM Broker VM and execute the following command:
networkctl status iface_name
Let’s break down what this command does and the information it provides:
networkctl: This is a command-line utility used to control and examine the networking configuration as managed by systemd-networkd. It provides a high-level overview of network devices.
status: This subcommand displays the current state of the specified network device.
iface_name: Replace this with your linux interface name. This is the name of the network interface you are querying. While ens4 is common, always confirm your specific interface name if networkctl status ens4 doesn’t yield results (you can use ip a to list all interfaces).
The output will present a detailed summary for the ens4 interface. Crucially, if your VM is obtaining its IP address via DHCP, you will find a dedicated section detailing the DHCP lease information.
Example Output:
networkctl status ens160
● 2: ens160
Link File: /usr/lib/systemd/network/99-default.link
Network File: /run/systemd/network/10-netplan-ens160.network
Type: ether
State: routable (configured)
Path: pci-0000:03:00.0
Driver: vmxnet3
Vendor: VMware
Model: VMXNET3 Ethernet Controller
HW Address: 00:0c:29:de:9f:b1 (VMware, Inc.)
MTU: 1500 (min: 60, max: 9000)
Queue Length (Tx/Rx): 2/2
Auto negotiation: no
Speed: 10Gbps
Duplex: full
Port: tp
Address: 10.11.10.53
fe80::20c:29ff:fedd:9fb3
Gateway: 10.11.10.254
DNS: 10.11.10.10
Activation Policy: up
Required For Online: yes
Connected To: USW-Flex-2.5G-8 on port Port 2 (Port 2)
n/a on port 00:24:27:88:9d:48
...
Within this output, you can quickly identify:
Addresses: Your assigned IP address and subnet mask.
Gateway: The IP address of your default gateway.
DNS: The DNS servers provided by your DHCP server.
DHCP4 Lease: The expiry time of your current DHCP lease.
Client ID: The DHCP client identifier used.
Domain: The domain name provided by DHCP.
Conclusion⌗
The networkctl status ens4 command provides a powerful yet simple way to gain immediate insight into the DHCP lease information of your XSIAM Broker VM. This is an essential tool for network troubleshooting and verification directly from your live terminal, saving you time and effort. Keep it in your quick-reference toolkit for efficient network diagnostics.