Sophos Linux Sensor command-line management
You can use the following commands to manage Sophos Linux Sensor (SLS) from the command line.
Note
These commands are for managing SLS when deployed as a host process. You can't use these commands to manage SLS deployed as a container image.
Global commands:
Global commands use the following syntax:
sophoslinuxsensor [global options] command [command options] [arguments...]
Option | Description |
-dump-perf-sensor | Dumps the embedded perf-sensor binary to disk. |
-preflight-only | Runs the preflight checks only and exits. |
-set-caps | Sets the required capabilities on the sophoslinuxsensor binary. |
-test-alert | Prints a test message and exits. This triggers a benign policy in order to test the configured alert outputs of a running sensor. |
-testconfigandexit <file> | Tests the validity of the specified configuration file without running the sensor. |
-version | Prints the SLS version and exits. |
systemctl
Command | Description |
sudo systemctl enable sophoslinuxsensor | Turn SLS on. |
sudo systemctl disable sophoslinuxsensor | Turn SLS off. |
sudo systemctl start sophoslinuxsensor | Start SLS. |
sudo systemctl stop sophoslinuxsensor | Stop SLS. |
sudo systemctl status sophoslinuxsensor | Display the status of SLS. |
sudo systemctl restart sophoslinuxsensor | Restart SLS. |
journalctl
Command | Description |
sudo journalctl -u sophoslinuxsensor | View the SLS logs. |
sudo journalctl -fu sophoslinuxsensor | View and follow the SLS logs. |
sudo journalctl -efu sophoslinuxsensor | View, jump to the end, and follow the SLS logs. |
apt (Ubuntu)
Command | Description |
apt list --installed | grep sophos | Show SLS and content info for Ubuntu. |
rpm (RHEL/CentOS/Amazon)
Command | Description |
rpm list --installed | grep sophos | Show SLS and content info for RHEL/CentOS/Amazon. |