ossec-control¶

ossec-control is a script to start, stop, configure, or check on the status of OSSEC processes. ossc-control can enable or disable client-syslog, database logging, agentless configurations, and debug mode.

ossec-control argument options¶

start
Start the OSSEC processes.

stop
Stop the OSSEC processes.

restart
Restart the OSSEC processes.

reload
Restart all OSSEC processes except ossec-execd. This allows an agent to reload without losing active response status.

Note

This is only available on an OSSEC agent.

status
Determine which OSSEC processes are running.

enable
Enable OSSEC functionality.

database
Enable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog
Enable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless
Enable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug
Run all OSSEC daemons in debug mode.

disable
Disable OSSEC functionality.

database
Disable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog

Disable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless
Disable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug
Turn off debug mode.

ossec-control example usage¶

Example: Running ossec-control¶

# /var/ossec/bin/ossec-control

Usage: /var/ossec/bin/ossec-control {start|stop|restart|status|enable|disable}