# Using the open-appsec-ctl Tool

The interactive CLI tool `open-appsec-ctl` allows you to perform various tasks related to your open-appsec for NGINX/Kong/APISIX installation.\
\
The tool will be automatically installed with the agent and can be used as follows:

#### List all available policies:

`open-appsec-ctl --list-policies`

`open-appsec-ctl -lp`

<figure><img src="/files/QJadi4EtjZ5pdrXcLItY" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Currently only a single configuration file is supported, support for multiple configuration files will be added soon.&#x20;

By default the following policy file is used when no \[policy-file] is explicitly specified in the commands listed below: \
`/etc/cp/conf/local_policy.yaml`
{% endhint %}

#### View policy:

`open-appsec-ctl --view-policy [policy-file]`

`open-appsec-ctl -vp [policy-file]`

This will show either the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

#### Edit policy

`open-appsec-ctl --edit-policy [policy-file]`

`open-appsec-ctl -ep [policy-file]`\
\
Edit the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

Here you can find all details regarding the structure of the Local Policy File:&#x20;

[Configuration Using Local Policy File (Linux)](/getting-started/start-with-linux/configuration-using-local-policy-file-linux.md)

#### Apply policy

`open-appsec-ctl --apply-policy [policy-file]`

`open-appsec-ctl -ap [policy-file]`

Apply the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

#### Show agent status

`open-appsec-ctl --status [--extended]`

`open-appsec-ctl -s [--extended]`

Shows the agent status and versions, you can get extended output by also adding the flag\
`--extended`

#### View logs

`open-appsec-ctl --view-logs`

`open-appsec-ctl -vl`

Show the open-appsec logs

#### Start/Stop the agent

`open-appsec-ctl --start-agent`

`open-appsec-ctl -r`

Starts the agent

`open-appsec-ctl --stop-agent`

`open-appsec-ctl -q`

Stops the agent

#### Uninstall the agent

`open-appsec-ctl --uninstall`

`open-appsec-ctl -u`

Uninstalls the agent

### For debugging purposes only

#### Start/stop individual agent services

Start the selected service

`open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>`

`open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>`

Stop the selected service

`open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>`

`open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>`

#### View and change debug information

`open-appsec-ctl -d`

Can be used for viewing and changing the debug configuration.\
This command will present you with all available options when run without any additional parameters.


---

# Agent Instructions: Querying This Documentation

If you need additional information that is not directly available in this page, you can query the documentation dynamically by asking a question.

Perform an HTTP GET request on the current page URL with the `ask` query parameter:

```
GET https://docs.openappsec.io/getting-started/start-with-linux/using-the-open-appsec-ctl-tool.md?ask=<question>
```

The question should be specific, self-contained, and written in natural language.
The response will contain a direct answer to the question and relevant excerpts and sources from the documentation.

Use this mechanism when the answer is not explicitly present in the current page, you need clarification or additional context, or you want to retrieve related documentation sections.