Commands Guide
Available LRCTL Commands
Syntax Example
./lrctl <commandname>
Command Name | Description |
|---|---|
help | Help about any command. |
status | Show the status for all the services managed by the LRCTL. |
update | Update the LRCTL to the latest version. |
version | Show information about the available services and clear cached versions file. |
version clear | Remove the cached versions file. |
version info | Show information about the available services. |
Auto-Update Commands
Use these commands to toggle auto-update behavior for LRCTL, Open Collector, and Beats.
Syntax Example
./lrctl autoupdate <commandname>
| Command Name | Description |
|---|---|
enable | Enable auto-update. |
disable | Disable auto-update. |
status | Check the auto-update status. |
Cipher Key Commands
Use these commands to provide cipher keys for encryption.
Syntax Example
./lrctl cipherkey <commandname>
| Command Name | Description |
|---|---|
add | Add cipher keys. |
edit | Edit cipher keys. |
remove | Remove cipher keys. |
view | View cipher keys. |
Beat Commands
Use these commands in all supported LogRhythm Beats.
Syntax Example
./lrctl <beatname> <commandname>
Important!
Various commands can use the "-f" or "--fqbn" flag which allows the user to specify a fully qualified beat name and bypass the menu.
Syntax Example
./lrctl eventhubbeat start -f eventhubbeat_ehb1
Command Name | Description |
|---|---|
config | Manage the configuration. |
config create | Create the configuration for the service. |
config edit | Edit the configuration for the service. |
config export | View or export the configuration for the service. Syntax Example ./lrctl eventhubbeat config export --outfile eventhubbeatexport.yml |
config import | Import a YAML configuration file for the service. Syntax Example cat eventhubbeat.yml | ./lrctl eventhubbeat config import |
config remove | Delete the configuration from the service. |
config view | View the configuration for the service. |
logs | View the logs. |
logs export | View or export the logs for the service Syntax Example ./lrctl eventhubbeat logs export --outfile eventhubbeatlogs |
restart | Restart the service. |
start | Start the service. |
status | View status information about the service. |
stop | Stop the service. |
troubleshoot | Troubleshoot the service. |
troubleshoot export | Export troubleshooting information about the service. Syntax Example ./lrctl eventhubbeat troubleshoot export --outfile ehbtroubleshootfile |
LRJQ Commands
To install the LogRhythm LR JQ packaging and testing tool utility, run the following command:
./lrctl lrjq install
Use these commands to manage the LogRhythm JQ utility (lrjq).
Syntax Example
./lrjq <commandname>
| Command Name | Description |
|---|---|
cover | Provides code coverage information. |
help | Help about any command. |
parse | Only parse JQ, do not execute it. |
profile | Profile LRJQ to identify performance risks. |
run | Execute LRJQ. Syntax Example cat winlogbeat_sample.json | ./lrjq run -f winlogbeat/winlogbeat.jq |
test | Run LRJQ tests. |
Metrics Commands
Use these commands to configure and manage the metrics service.
Syntax Example
./lrctl metrics <commandname>
Command Name | Description |
|---|---|
config | Manage the configuration for the metrics service. |
config create | Create the configuration for the metrics service. |
config edit | Edit the configuration for the metrics service. |
config export | Export the configuration for the metrics service. Syntax Example ./lrctl metrics config export > metricsconfig.yml |
config import | Import a telegraf_nix configuration file for the metrics service. Syntax Example cat metricsconfig.yml | ./lrctl metrics config import |
config remove | Delete the configuration from the metrics service. |
config view | View the configuration for the metrics service. |
logs | View the logs for the metrics service. |
logs export | Export the logs for the metrics service. Syntax Example ./lrctl metrics logs export --outfile metricslogs |
restart | Restart the metrics service. |
start | Start the metrics service. |
status | View the status information about the metrics service. |
stop | Stop the metrics service. |
troubleshoot | Troubleshoot the metrics service. |
| troubleshoot export | Export troubleshooting information for the Metrics service. Syntax Example ./lrctl metrics troubleshoot export --outfile logs.tar.gz |
OC Pipeline Commands
To install the LogRhythm OC Pipeline packaging and testing tool utility (ocpipeline), run the following command:
./lrctl ocpipeline install
Use these commands to manage the LogRhythm OC Pipeline packaging and testing tool utility (ocpipeline).
Syntax Example
./ocpipeline <commandname>
| Command Name | Description |
|---|---|
create | Create new OC Pipelines. Syntax Example ./ocpipeline create --name winlogbeat --destination . |
help | Help about any command. |
package | Package OC Pipelines. |
test | Test an OC Pipeline. |
unpack | Unpack an OC pipe file. |
Open Collector Commands
Use these commands to configure and manage the Open Collector service.
Syntax Example
./lrctl oc <commandname>
Command Name | Description |
|---|---|
config | Manage the configuration for the Open Collector service. |
config create | Create the configuration for the Open Collector service. |
config edit | Edit the configuration for the Open Collector service. |
export | View or export the configuration for the Open Collector service. Syntax Example ./lrctl oc config export --outfile occonfigexport.yml |
config import | Import a YAML configuration file for the Open Collector service. Syntax Example cat occonfigexport.yml | ./lrctl oc config import |
config remove | Delete the configuration from the Open Collector service. |
config view | View the configuration for the Open Collector service. |
logs | View the logs for the Open Collector service. |
logs export | Export the logs for the Open Collector service. Syntax Example ./lrctl oc logs export --outfile oclogs |
pipe | JQ pipeline management. |
| pipe augment | Augment JQ pipeline. |
| pipe export | Export JQ pipeline. |
| pipe import | Import JQ pipeline. |
| pipe test | Test JQ pipeline. |
| -- pipe | *Deprecated* Has various sub commands to manage available pipelines |
| -- pipe augment | *Deprecated* Augment pipelines by name |
| -- pipe disable | *Deprecated* Disable pipelines by name |
| -- pipe enable | *Deprecated* Enable pipelines by name |
| -- pipe export | *Deprecated* Export pipelines by name |
| -- pipe import | *Deprecated* Import a pipe file into the available open collector pipelines |
| -- pipe status | *Deprecated* Inspect status of current pipeline configuration |
| -- pipe test | *Deprecated* Test JQ transformations |
restart | Restart the Open Collector service. |
| -- run | *Deprecated* Runs the Open Collector |
start | Start the Open Collector service. |
status | View status information about the Open Collector service. |
stop | Stop the Open Collector service. |
troubleshoot | Troubleshoot the Open Collector service. |
| troubleshoot export | Export troubleshooting information for the Open Collector service. Syntax Example ./lrctl oc troubleshoot export --outfile logs.tar.gz |
| -- troubleshoot | *Deprecated* Gather information to help in diagnosing issues |
| -- troubleshoot export | *Deprecated* Gather files to help in diagnosing issues |
Useful Docker Commands
| Command | Description |
|---|---|
docker volume ls | List of existing Docker volumes. |
docker container ls | List of existing Docker containers. |
docker volume rm <volumename> | Delete a specific Docker volume. |
docker container rm <containername> | Delete a specific Docker container. |
sudo yum remove -y docker-ce docker-ce-cli | Completely removes Docker. |
docker run --rm -ti -v <volumename>:/data busybox /bin/sh | Mounts the specified <volumename> and "busyboxes" you into it. Data contained in the volume is mounted in /data. Works like a Linux filesystem. |
docker stats --all | Displays a top 10 list for Docker resource consumption. |
docker logs <containername> -f | Tails the log for specified container. |