# Using the open-appsec-ctl Tool

The interactive CLI tool `open-appsec-ctl` allows you to perform various tasks related to your open-appsec for NGINX/Kong/APISIX installation.\
\
The tool will be automatically installed with the agent and can be used as follows:

#### List all available policies:

`open-appsec-ctl --list-policies`

`open-appsec-ctl -lp`

<figure><img src="https://1225393248-files.gitbook.io/~/files/v0/b/gitbook-x-prod.appspot.com/o/spaces%2FNcZmX14M2KdTBrq9EOnI%2Fuploads%2FyWAan5aw28WpIoFSBIt5%2Fopen-appsec-ctl-list-policies.png?alt=media&#x26;token=a03fa28c-8820-4e5d-b209-244db2695804" alt=""><figcaption></figcaption></figure>

{% hint style="info" %}
Currently only a single configuration file is supported, support for multiple configuration files will be added soon.&#x20;

By default the following policy file is used when no \[policy-file] is explicitly specified in the commands listed below: \
`/etc/cp/conf/local_policy.yaml`
{% endhint %}

#### View policy:

`open-appsec-ctl --view-policy [policy-file]`

`open-appsec-ctl -vp [policy-file]`

This will show either the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

#### Edit policy

`open-appsec-ctl --edit-policy [policy-file]`

`open-appsec-ctl -ep [policy-file]`\
\
Edit the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

Here you can find all details regarding the structure of the Local Policy File:&#x20;

[configuration-using-local-policy-file-linux](https://docs.openappsec.io/getting-started/start-with-linux/configuration-using-local-policy-file-linux "mention")

#### Apply policy

`open-appsec-ctl --apply-policy [policy-file]`

`open-appsec-ctl -ap [policy-file]`

Apply the policy file at the default location which is automatically created during installation or the specified policy file `[policy-file]`

#### Show agent status

`open-appsec-ctl --status [--extended]`

`open-appsec-ctl -s [--extended]`

Shows the agent status and versions, you can get extended output by also adding the flag\
`--extended`

#### View logs

`open-appsec-ctl --view-logs`

`open-appsec-ctl -vl`

Show the open-appsec logs

#### Start/Stop the agent

`open-appsec-ctl --start-agent`

`open-appsec-ctl -r`

Starts the agent

`open-appsec-ctl --stop-agent`

`open-appsec-ctl -q`

Stops the agent

#### Uninstall the agent

`open-appsec-ctl --uninstall`

`open-appsec-ctl -u`

Uninstalls the agent

### For debugging purposes only

#### Start/stop individual agent services

Start the selected service

`open-appsec-ctl --start-service <orchestration|attachment-registrator|http-transaction-handler>`

`open-appsec-ctl -rs <orchestration|attachment-registrator|http-transaction-handler>`

Stop the selected service

`open-appsec-ctl --stop-service <orchestration|attachment-registrator|http-transaction-handler>`

`open-appsec-ctl -qs <orchestration|attachment-registrator|http-transaction-handler>`

#### View and change debug information

`open-appsec-ctl -d`

Can be used for viewing and changing the debug configuration.\
This command will present you with all available options when run without any additional parameters.