Services
Please note! This wiki is no longer maintained. Our documentation has moved to https://securityonion.net/docs/. Please update your bookmarks. You can find the latest version of this page at: https://securityonion.net/docs/Services.
Services are controlled by the use of Security Onion scripts (so-<noun>-<verb>) which act as wrappers to other lower-level scripts. These scripts are detailed below:
Check status of all services:
sudo so-status
Start all services:
sudo so-start
Stop all services:
sudo so-stop
Restart all services:
sudo so-restart
Check status of sguild (Sguil server):
sudo so-sguild-status
Start sguild:
sudo so-sguild-start
Stop sguild:
sudo so-sguild-stop
Restart sguild:
sudo so-sguild-restart
Sensor services are controlled with so-sensor-*.
List of controlled services:
ls /usr/sbin/so-sensor-*
The following examples are for Bro, but you could substitute whatever sensor service you're trying to control.
Check status of Bro:
sudo so-bro-status
Start Bro:
sudo so-bro-start
Stop Bro:
sudo so-bro-stop
Restart Bro:
sudo so-bro-restart
- Introduction
- Use Cases
- Hardware Requirements
- Release Notes
- Download/Install
- Booting Issues
- After Installation
- UTC and Time Zones
- Services
- VirtualBox Walkthrough
- VMWare Walkthrough
- Videos
- Architecture
- Cheat Sheet
- Conference
- Elastic Stack
- Elastic Architecture
- Elasticsearch
- Logstash
- Kibana
- ElastAlert
- Curator
- FreqServer
- DomainStats
- Docker
- Redis
- Data Fields
- Beats
- Pre-Releases
- ELSA to Elastic
- Network Configuration
- Proxy Configuration
- Firewall/Hardening
- Email Configuration
- Integrating with other systems
- Changing IP Addresses
- NTP
- Managing Alerts
- Managing Rules
- Adding Local Rules
- Disabling Processes
- Filtering with BPF
- Adjusting PF_RING for traffic
- MySQL Tuning
- Adding a new disk
- High Performance Tuning
- Trimming PCAPs