Time to upgrade! NAM is scheduled for end of support. It's time to move to Dynatrace our all-in-one software intelligence platform.

RTM console (rcon)

You can use the NAM Probe's RTM console ("rcon") to check on the operation of the decryption mechanism.

Starting and stopping rcon

  • To run the RTM console (rcon), sign in to the NAM Probe as the root user and execute the rcon command.
    [root@server-name ~]# rcon
    Dynatrace NAM Probe Console, ver. Linux
    Log file: /var/log/adlex/rcon.log
    At this point, you can issue the rcon commands described below.
  • To exit rcon and return to the system prompt, type exit.
    >$ exit
    Console terminates
    Bye, bye
    [root@server-name ~]#
Alternate access

To issue rcon commands directly from the system prompt (without entering the RTM console), type rcmd followed by the rcon command you want to use. This invokes rcon to run a single rcon command.

In this example, we use rcmd to issue the rcon command show version directly from the system prompt. The output of the rcon command is displayed but you remain at the system prompt (not the rcon prompt):

[root@server-name ~]# rcmd show version
RTMHS v. Linux_x86_64 Copyright (C) 1999-2019 Dynatrace LLC.  
[root@server-name ~]#

Syntax tips

Enclose the command in double or single quotation marks to prevent the shell from interpreting special characters that are to be passed to rcon. If double quotation marks are a part of the rcon command, enclose the command in single quotes.

  • In this example, no quotation marks are necessary. The output is redirected to a file:

    [root@servername ~]# rcmd show status > sout  
  • In this example, we use quotes (single or double) because the greater-than sign ">" would otherwise be interpreted by the shell and a file named 5 would be created:

    [root@servername ~]# rcmd 'nfdump start "ip[0] & 0xf > 5" '
  • In this example, we use normal shell redirection to save the previous example to a file:

    [root@servername ~]# rcmd 'nfdump start "ip[0] & 0xf > 5" ' > sout
  • In this example, we use single quotes so we can pass the double quotes to the rcmd command:

    [root@servername ~]# rcmd 'ssldecr certs "/usr/tmp"'  

Commonly used rcon commands

The following are commonly used rcon commands.


Lists all commands (names and descriptions) or a specific commands.


Displays version information


Displays when the system was last started and how long it has been up.


Displays various types of status information. Note that some of the individual sections of the output can be generated separately by executing status commands related to the particular functionality only.


Displays memory usage per object type.


Displays session information.


Displays all valid licenses currently present on the NAM Probe. Each row lists a license and the expiration date of that license (in human-readable format and Linux epoch time).


Forces the NAM Probe to read and load all license files present in the /usr/adlex/config folder.

The command does not generate any output unless problems are encountered during command execution.


Displays the status of all analyzers on the NAM Probe.

  • The output of show analyzer can be extensive. Enter help show analyzer to get a list of optional parameters you can use to focus the output on what you need to know.



Displays SNC decryptor diagnostic information. Examples:

  • sncdecr status — SNC decryptor diagnostics
  • sncdecr status all — SNC decryptor diagnostics - all details on all servers
  • sncdecr status — SNC decryptor diagnostics for server
  • sncdecr status 443 — SNC decryptor diagnostics for server, port 443


Displays cipher suites detected during decryption (with an option to list all available ciphers).

  • ssldecr ciphers — show cipher suites detected during decryption
  • ssldecr ciphers all — show cipher suites detected during decryption (with option to list all available ciphers).


Displays keys read by decryptor (with an option to force a reload of all private keys).

  • ssldecr keys — show SSL keys
  • ssldecr keys reload — show SSL keys with option to reload all private keys


Displays the status for the decryption engine and lists the statistics of the observed sessions. Internal decryptor diagnostics are also provided. You can use the command with the following options:

  • ssldecr status — show the summary status for all servers.
  • ssldecr status all — show the detailed status for each server individually.
  • ssldecr status — show the detailed status for server
  • ssldecr status 443 — show the detailed status for server, port 443.

All information and statistics returned by this command relate to the period of time since the last restart of the device.

  • The CONFIGURATION section of the output gives status information for the decryption engine. Note the SSL engine mode (native, auto, or thread) included in parentheses and statistics of how many private keys have been matched or failed to match.
  • The SESSIONS section of the output gives session statistics.
    • There are no statistics for “partially decrypted session in progress” (sessions with some errors but for which decryption is still continuing). This is because as soon as there is an error, the decryption process is terminated and the session is counted as “finished” even though the actual transfer of data may still continue and byte and packet statistics still counted.
    • The term “reused sessions” indicates sessions for which the server agrees to continue using an already established session key from earlier on. This is referred to as a short handshake, as compared to a long handshake when the entire process of establishing an SSL connection is started again.


Displays discovered SSL certificates.

  • ssldecr certs — show all discovered SSL certificates.
  • ssldecr certs — show all discovered SSL certificates for IP address
  • ssldecr certs 443 — show all discovered SSL certificates for IP address, port 443.