Astaro useful shell commands.

Hi to All.
I'm opening this thread so any of you which happens to run into useful Shell commands, can add it in here.
My goal is to create a document with many Astaro useful shell commands.
You are welcome to add, remark or reject any of the commands in here.

  • Hello

    Anyone know the shell command for creating a new user in a specified group via shell?
    I would like to create VPN-users with scripts.

    Thank you
    Ok, i found another solution, ignore my posting Smile
  • In reply to SIKN:



    This is my first post, sorry if it is obvious or common sense. But I searched for an answer to my question and I am yet to find a decent answer. 


    I am trying to find a shell command to list all active IPs on the network. I tried the "/usr/local/bin/count_active_ip.plx --showcount" and it continues to list the IP of my phone even after turning off my phone's WiFi. 

    I also tried "arp -a" but it also returned the same IP regardless of the face that the phone is no longer on the network. 

    My question is, Is there a way to list only currently connected devices using a shell command ? 

    Thank you, 

  • In reply to Nlaym:

    Hi Nlaym and welcome to the UTM Community!

    You can get the list of active connections for a subnet with:

    conntrack -L conntrack|grep 'src=10\.1\.1\.'|grep -oP 'src=.*? dst'|sort -n|uniq -c|sort -n

    Cheers -Bob

  • In reply to BAlfson:

    Hey Bob, 

    Thank you for the quick and informative reply. Totally appreciated! 


    I tried the command and I still saw my phone's IP even after leaving the network for almost an hour. I admit that by that time I didn't continue to look for it. 


    My guess is that --please correct me if I am wrong-- that new connections and traffic has to happen for my phone's IP to disappear from that active connections list, right ? 

    I must apologize for all the trouble, I am looking for a way to tell when an IP disconnects from the network using shell commands. 



  • In reply to Nlaym:

    If you do cc get packetfilter timeouts you will see that the problem is ip_conntrack_tcp_timeout_established which is probably set to 86400 or one day.  The minimum value for this is 7440, 2 hours and 4 minutes.  To make that setting, do:

    cc set packetfilter timeouts ip_conntrack_tcp_timeout_established 7440

    Short of pinging a specific IP, I don't think there's an easy way to get an answer for something that disconnected less than 2 hours before.

    Cheers - Bob

  • This content is gold! thanks for sharing

  • i would like to add "cc set http enable_out_interface 1" as it isn't posted yet in this thread and i needed it the first time yesterday.

    How to change the outgoing interface for Web Filtering

    Much thanks to you saved my day! <3

  • In reply to BAlfson:


    Can some one tell me the shell command to view SMTP Quarantine.

  • In reply to Irun Gamage:

    Hi Irun,

    ls -R /var/chroot-smtp/spool/quarantine/0

    What do you want to do with that information?  Mail Manager is very quick and easy after you spend a little time with it.

    Cheers - Bob

  • In reply to BAlfson:


    It was not opening. and figured out the database was not runing at all. Since data disk was full anyway i have opend a case with support team let see if they will resolve. Thanks.

  • In reply to Irun Gamage:

    What do you see when you do: ll /var/storage/cores

    Cheers - Bob

  • In reply to BAlfson:


    I am looking for a solution not to only live monitor the traffic of a special client with iftop like

    iftop -i eth3 -f "src host"

    but to write this output into a file for later analysis.

    Unfortunately the iftop version on UTM 9.6 is 0.17 and therefore rather outdated and does not support "-t"-option. 
    Since iftop-1.0pre3 (2014-01-01), a text output mode was added. This will be very useful to anyone trying to parse the output of iftop.

    Is there any way to implement a newer version of "iftop" on UTM 9.6?