The rootcheck_control tool allows for the management of the policy monitoring and system auditing database that is stored on the server side.

Anomalies detected by the rootcheck functionality can be listed, and categorized into resolved and outstanding issues.

This tool can also display the last time that ossec-rootcheck was run.


Display the help message.


List the available agents.


List only the currently connected agents.

-u <id> / -u all

Update the database for the identified or all agents.

-i <agent_id>

Print the database for the agent.


Used with -i to print all the resolved issues.


Used with -i to print all the outstanding issues.


Used with -i print the last scan.


Change the output to CSV format.


Change the output to JSON format.