table of contents
- buster 1.0.5-2
- buster-backports 1.0.15-1~bpo10+1
- testing 1.0.16-1+b3
- unstable 1.0.16-1+b4
- experimental 1.2.0-1
FEVER-RUN(1) | FEVER-RUN(1) |
NAME¶
fever-run - start FEVER serviceSYNOPSIS¶
fever run [flags]DESCRIPTION¶
The 'run' command starts the FEVER service, consuming events from the input and executing all processing components.OPTIONS¶
--bloom-alert-prefix="BLF" String prefix for Bloom filter alerts-b, --bloom-file="" Bloom filter for external indicator screening
-z, --bloom-zipped[=false] use gzipped Bloom filter file
-c, --chunksize=50000 chunk size for batched event handling (e.g. inserts)
-d, --db-database="events" database DB
--db-enable[=false] write events to database
-s, --db-host="localhost:5432" database host
--db-maxtablesize=500 Maximum allowed cumulative table size in GB
-m, --db-mongo[=false] use MongoDB
-p, --db-password="sensor" database password
--db-rotate=1h0m0s time interval for database table rotations
-u, --db-user="sensor" database user
--dummy[=false] log locally instead of sending home
--flowextract-bloom-selector="" IP address Bloom filter to select flows to extract
--flowextract-enable[=false] extract and forward flow metadata
--flowextract-submission-exchange="flows" Exchange to which raw flow events will be submitted
--flowextract-submission-url="amqp://guest:guest@localhost:5672/" URL to which raw flow events will be submitted
-n, --flowreport-interval=0s time interval for report submissions
--flowreport-nocompress[=false] send uncompressed flow reports (default is gzip)
--flowreport-submission-exchange="aggregations" Exchange to which flow reports will be submitted
--flowreport-submission-url="amqp://guest:guest@localhost:5672/" URL to which flow reports will be submitted
--flushcount=100000 maximum number of events in one batch (e.g. for flow extraction)
-f, --flushtime=1m0s time interval for event aggregation
-T, --fwd-all-types[=false] forward all event types
-t, --fwd-event-types=[alert,stats] event types to forward to socket
-h, --help[=false] help for run
-r, --in-redis="" Redis input server (assumes "suricata" list key, no pwd)
--in-redis-nopipe[=false] do not use Redis pipelining
-i, --in-socket="/tmp/suri.sock" filename of input socket (accepts EVE JSON)
--ip-alert-prefix="IP-BLACKLIST" String prefix for IP blacklist alerts
--ip-blacklist="" List with IP ranges to alert on
--logfile="" Path to log file
--logjson[=false] Output logs in JSON format
--metrics-enable[=false] submit performance metrics to central sink
--metrics-submission-exchange="metrics" Exchange to which metrics will be submitted
--metrics-submission-url="amqp://guest:guest@localhost:5672/" URL to which metrics will be submitted
-o, --out-socket="/tmp/suri-forward.sock" path to output socket (to forwarder), empty string disables forwarding
--pdns-enable[=false] collect and forward aggregated passive DNS data
--pdns-submission-exchange="pdns" Exchange to which passive DNS events will be submitted
--pdns-submission-url="amqp://guest:guest@localhost:5672/" URL to which passive DNS events will be submitted
--profile="" enable runtime profiling to given file
--reconnect-retries=0 number of retries connecting to socket or sink, 0 = no retry limit
--toolname="fever" set toolname
-v, --verbose[=false] enable verbose logging (debug log level)
OPTIONS INHERITED FROM PARENT COMMANDS¶
--config="" config file (default is $HOME/.fever.yaml)SEE ALSO¶
fever(1)HISTORY¶
15-Feb-2019 Auto generated by spf13/cobraFeb 2019 | FEVER |