ossec-control

ossec-control is a script to start, stop, configure, or check on the status of OSSEC processes. ossc-control can enable or disable client-syslog, database logging, agentless configurations, and debug mode.

ossec-control argument options

start
Start the OSSEC processes.
stop
Stop the OSSEC processes.
restart
Restart the OSSEC processes.
reload

Restart all OSSEC processes except ossec-execd. This allows an agent to reload without losing active response status.

Note

This is only available on an OSSEC agent.

status
Determine which OSSEC processes are running.
enable

Enable OSSEC functionality.

database

Enable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog

Enable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless

Enable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug
Run all OSSEC daemons in debug mode.
disable

Disable OSSEC functionality.

database

Disable the ossec-dbd daemon for logging to a database.

Available: Server and local installs only.

Note

Database support must be compiled in at install time.

client-syslog
Disable ossec-csyslogd for logging to remote syslog.

Available: Server and local installs only.

agentless

Disable ossec-agentlessd for running commands on systems without OSSEC agents.

Available: Server and local installs only.

debug
Turn off debug mode.

ossec-control example usage

Example: Running ossec-control

# /var/ossec/bin/ossec-control

Usage: /var/ossec/bin/ossec-control {start|stop|restart|status|enable|disable}