Sophos Linux Sensor command-line management
You can use the following commands to manage Sophos Linux Sensor (SLS) from the command line.
Note
These commands are for managing SLS when deployed as a host process. You can't use these commands to manage SLS deployed as a container image.
Global commands:
Global commands use the following syntax:
sophoslinuxsensor [global options] command [command options] [arguments...]
| Option | Description |
| -dump-perf-sensor | Dumps the embedded perf-sensor binary to disk. |
| -preflight-only | Runs the preflight checks only and exits. |
| -set-caps | Sets the required capabilities on the sophoslinuxsensor binary. |
| -test-alert | Prints a test message and exits. This triggers a benign policy in order to test the configured alert outputs of a running sensor. |
| -testconfigandexit <file> | Tests the validity of the specified configuration file without running the sensor. |
| -version | Prints the SLS version and exits. |
systemctl
| Command | Description |
sudo systemctl enable sophoslinuxsensor | Turn SLS on. |
sudo systemctl disable sophoslinuxsensor | Turn SLS off. |
sudo systemctl start sophoslinuxsensor | Start SLS. |
sudo systemctl stop sophoslinuxsensor | Stop SLS. |
sudo systemctl status sophoslinuxsensor | Display the status of SLS. |
sudo systemctl restart sophoslinuxsensor | Restart SLS. |
journalctl
| Command | Description |
sudo journalctl -u sophoslinuxsensor | View the SLS logs. |
sudo journalctl -fu sophoslinuxsensor | View and follow the SLS logs. |
sudo journalctl -efu sophoslinuxsensor | View, jump to the end, and follow the SLS logs. |
apt (Ubuntu)
| Command | Description |
apt list --installed | grep sophos | Show SLS and content info for Ubuntu. |
rpm (RHEL/CentOS/Amazon)
| Command | Description |
rpm list --installed | grep sophos | Show SLS and content info for RHEL/CentOS/Amazon. |