These commands manipulate the Velociraptor client service on Windows and macOS. They are only available in the Windows or macOS (Darwin) binaries.
The client can be installed as a service . Usually this is done using installer packaging:
The commands in this command group allow you to perform operations on the installed service, even if it was installed using an installer package.
Because packaging and distribution is a rather complicated topic, Velociraptor
also includes the service install command in the Windows and Linux binaries.
Other methods of packaging and installing should preferably be used in
production deployments, however we do still provide this basic install
capability as an alternative for unusual deployment scenarios.
On Windows the service command group functions much like Microsoft’s Service
Control Manager (sc.exe), with the exception being that it can also install or
remove the service.
service install
Install Velociraptor as a Windows service.
service remove
Remove the Velociraptor Windows service.
service start
Start the service
service stop
Stop the service
service pause
Pause the service
service continue
Continue the service
service run
Run as a service
This command is only used by the Windows service manager. For an installed Windows client the service configuration’s command line will be:
"C:\Program Files\Velociraptor\Velociraptor.exe" --config "C:\Program Files\Velociraptor\client.config.yaml" service run
service install
Install Velociraptor as a service.
service remove
Remove the Velociraptor service.