Available LRCTL Commands
Syntax Example
./lrctl <commandname>
|
Command Name |
Description |
|---|---|
|
help |
Help about any command. |
|
status |
Show the status for all the services managed by the LRCTL. |
|
update |
Update the LRCTL to the latest version. |
|
version |
Show information about the available services and clear cached versions file. |
|
version clear |
Remove the cached versions file. |
|
version info |
Show information about the available services. |
Auto-Update Commands
Use these commands to toggle auto-update behavior for LRCTL, Open Collector, and Beats.
Syntax Example
./lrctl autoupdate <commandname>
|
Command Name |
Description |
|---|---|
|
enable |
Enable auto-update. |
|
disable |
Disable auto-update. |
|
status |
Check the auto-update status. |
Cipher Key Commands
Use these commands to provide cipher keys for encryption.
Syntax Example
./lrctl cipherkey <commandname>
|
Command Name |
Description |
|---|---|
|
add |
Add cipher keys. |
|
edit |
Edit cipher keys. |
|
remove |
Remove cipher keys. |
|
view |
View cipher keys. |
Beat Commands
Use these commands in all supported LogRhythm Beats.
Syntax Example
./lrctl <beatname> <commandname>
Various commands can use the "-f" or "--fqbn" flag which allows the user to specify a fully qualified beat name and bypass the menu.
Syntax Example
./lrctl eventhubbeat start -f eventhubbeat_ehb1
|
Command Name |
Description |
|---|---|
|
config |
Manage the configuration. |
|
config create |
Create the configuration for the service. |
|
config edit |
Edit the configuration for the service. |
|
config export |
View or export the configuration for the service. Syntax Example ./lrctl eventhubbeat config export --outfile eventhubbeatexport.yml
|
|
config import |
Import a YAML configuration file for the service. Syntax Example cat eventhubbeat.yml | ./lrctl eventhubbeat config import
|
|
config remove |
Delete the configuration from the service. |
|
config view |
View the configuration for the service. |
|
logs |
View the logs. |
|
logs export |
View or export the logs for the service Syntax Example ./lrctl eventhubbeat logs export --outfile eventhubbeatlogs
|
|
restart |
Restart the service. |
|
start |
Start the service. |
|
status |
View status information about the service. |
|
stop |
Stop the service. |
|
troubleshoot |
Troubleshoot the service. |
|
troubleshoot export |
Export troubleshooting information about the service. Syntax Example ./lrctl eventhubbeat troubleshoot export --outfile ehbtroubleshootfile
|
LRJQ Commands
To install the LogRhythm LR JQ packaging and testing tool utility, run the following command:
./lrctl lrjq install
Use these commands to manage the LogRhythm JQ utility (lrjq).
Syntax Example
./lrjq <commandname>
|
Command Name |
Description |
|---|---|
|
cover |
Provides code coverage information. |
|
help |
Help about any command. |
|
parse |
Only parse JQ, do not execute it. |
|
profile |
Profile LRJQ to identify performance risks. |
|
run |
Execute LRJQ. Syntax Example cat winlogbeat_sample.json | ./lrjq run -f winlogbeat/winlogbeat.jq
|
|
test |
Run LRJQ tests. |
Metrics Commands
Use these commands to configure and manage the metrics service.
Syntax Example
./lrctl metrics <commandname>
|
Command Name |
Description |
|---|---|
|
config |
Manage the configuration for the metrics service. |
|
config create |
Create the configuration for the metrics service. |
|
config edit |
Edit the configuration for the metrics service. |
|
config export |
Export the configuration for the metrics service. Syntax Example ./lrctl metrics config export > metricsconfig.yml
|
|
config import |
Import a telegraf_nix configuration file for the metrics service. Syntax Example cat metricsconfig.yml | ./lrctl metrics config import
|
|
config remove |
Delete the configuration from the metrics service. |
|
config view |
View the configuration for the metrics service. |
|
logs |
View the logs for the metrics service. |
|
logs export |
Export the logs for the metrics service. Syntax Example ./lrctl metrics logs export --outfile metricslogs
|
|
restart |
Restart the metrics service. |
|
start |
Start the metrics service. |
|
status |
View the status information about the metrics service. |
|
stop |
Stop the metrics service. |
|
troubleshoot |
Troubleshoot the metrics service. |
|
troubleshoot export |
Export troubleshooting information for the Metrics service. Syntax Example ./lrctl metrics troubleshoot export --outfile logs.tar.gz
|
OC Pipeline Commands
To install the LogRhythm OC Pipeline packaging and testing tool utility (ocpipeline), run the following command:
./lrctl ocpipeline install
Use these commands to manage the LogRhythm OC Pipeline packaging and testing tool utility (ocpipeline).
Syntax Example
./ocpipeline <commandname>
|
Command Name |
Description |
|---|---|
|
create |
Create new OC Pipelines. Syntax Example ./ocpipeline create --name winlogbeat --destination .
|
|
help |
Help about any command. |
|
package |
Package OC Pipelines. |
|
test |
Test an OC Pipeline. |
|
unpack |
Unpack an OC pipe file. |
Open Collector Commands
Use these commands to configure and manage the Open Collector service.
Syntax Example
./lrctl oc <commandname>
|
Command Name |
Description |
|---|---|
|
config |
Manage the configuration for the Open Collector service. |
|
config create |
Create the configuration for the Open Collector service. |
|
config edit |
Edit the configuration for the Open Collector service. |
|
export |
View or export the configuration for the Open Collector service. Syntax Example ./lrctl oc config export --outfile occonfigexport.yml
|
|
config import |
Import a YAML configuration file for the Open Collector service. Syntax Example cat occonfigexport.yml | ./lrctl oc config import
|
|
config remove |
Delete the configuration from the Open Collector service. |
|
config view |
View the configuration for the Open Collector service. |
|
logs |
View the logs for the Open Collector service. |
|
logs export |
Export the logs for the Open Collector service. Syntax Example ./lrctl oc logs export --outfile oclogs
|
|
pipe |
JQ pipeline management. |
|
pipe augment |
Augment JQ pipeline. |
|
pipe export |
Export JQ pipeline. |
|
pipe import |
Import JQ pipeline. |
|
pipe test |
Test JQ pipeline. |
|
-- pipe |
*Deprecated* Has various sub commands to manage available pipelines |
|
-- pipe augment |
*Deprecated* Augment pipelines by name |
|
-- pipe disable |
*Deprecated* Disable pipelines by name |
|
-- pipe enable |
*Deprecated* Enable pipelines by name |
|
-- pipe export |
*Deprecated* Export pipelines by name |
|
-- pipe import |
*Deprecated* Import a pipe file into the available open collector pipelines |
|
-- pipe status |
*Deprecated* Inspect status of current pipeline configuration |
|
-- pipe test |
*Deprecated* Test JQ transformations |
|
restart |
Restart the Open Collector service. |
|
-- run |
*Deprecated* Runs the Open Collector |
|
start |
Start the Open Collector service. |
|
status |
View status information about the Open Collector service. |
|
stop |
Stop the Open Collector service. |
|
troubleshoot |
Troubleshoot the Open Collector service. |
|
troubleshoot export |
Export troubleshooting information for the Open Collector service. Syntax Example ./lrctl oc troubleshoot export --outfile logs.tar.gz
|
|
-- troubleshoot |
*Deprecated* Gather information to help in diagnosing issues |
|
-- troubleshoot export |
*Deprecated* Gather files to help in diagnosing issues |
Useful Docker Commands
|
Command |
Description |
|---|---|
|
docker volume ls |
List of existing Docker volumes. |
|
docker container ls |
List of existing Docker containers. |
|
docker volume rm <volumename> |
Delete a specific Docker volume. |
|
docker container rm <containername> |
Delete a specific Docker container. |
|
sudo yum remove -y docker-ce docker-ce-cli |
Completely removes Docker. |
|
docker run --rm -ti -v <volumename>:/data busybox /bin/sh |
Mounts the specified <volumename> and "busyboxes" you into it. Data contained in the volume is mounted in /data. Works like a Linux filesystem. |
|
docker stats --all |
Displays a top 10 list for Docker resource consumption. |
|
docker logs <containername> -f |
Tails the log for specified container. |