ossec-control

ossec-control is a script to start, stop, configure, or check on the status of OSSEC processes. ossc-control can enable or disable client-syslog, database logging, agentless configurations, and debug mode.

ossec-control argument options

start

Start the OSSEC processes.

stop

Stop the OSSEC processes.

restart

Restart the OSSEC processes.

reload

Restart all OSSEC processes except ossec-execd. This allows an agent to reload without losing active response status.

Note

This is only available on an OSSEC agent.

status

Determine which OSSEC processes are running.

enable

Enable OSSEC functionality.

database

Enable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog

Enable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless

Enable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug

Run all OSSEC daemons in debug mode.

disable

Disable OSSEC functionality.

database

Disable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog

Disable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless

Disable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug

Turn off debug mode.

ossec-control example usage

Example: Running ossec-control

# /var/ossec/bin/ossec-control

Usage: /var/ossec/bin/ossec-control {start|stop|restart|status|enable|disable}