agent_control
The agent_control program allows you to query the manager for information about any agent and also allows you to initiate a syscheck/rootcheck scan on an agent the next time it checks in.
With this tool you can check the status of each available agent, which can be any of the following:
Active: The agent is correctly connected to the manager.
Pending: The agent is waiting for a response from the manager.
Disconnected: The agent is not connected to the manager.
Never connected: The agent has never connected to the manager.
agent_control options
-h |
Display the help message |
-l |
List available agents whether they are active or not. |
-lc |
List active agents |
-i <agent_id> |
Extract information from an agent |
-R <agent_id> |
Restart the Wazuh processes on the agent |
-r |
Run the integrity/rootcheck checking on agents. This must be used in conjunction with options -a or -u. |
-a |
Utilizes all agents |
-u <agent_id> |
Perform the requested action on the specified agent. |
agent_control options for Active Response
-b <IP> |
Blocks the specified IP address. |
-f <ar> |
Used with -b, specifies which response to run. |
-L |
List available active responses. |
-m |
Show the limit of agents that can be added. |
-s |
Change the output to CSV format (comma delimited). |
-j |
Change the output to JSON format. |