Services are controlled by the use of Security Onion scripts (
so-<noun>-<verb>) which act as wrappers to other lower-level scripts. You can see a list of all of these scripts with the following command:
These scripts are detailed below.
You can control all services with the
so-<verb> scripts as follows.
Check status of all services:
Start all services:
Stop all services:
Restart all services:
The three main categories of services are server, sensor, and elastic.
Check status of sguild (Sguil server):
Sensor services are controlled with
The following examples are for Zeek, but you could substitute whatever sensor service you’re trying to control (nids, pcap, etc.).
Check status of Zeek:
Elastic services are controlled with
Check status of the Elastic stack:
Start the Elastic stack:
Stop the Elastic stack:
Restart the Elastic stack: